Custom configuration
  • 09 Feb 2022
  • 1 Minute to read

Custom configuration

The topic explains how to customize the rules that you want to apply for blocking user requests.

Traceable analyzes application activity for anomalies using machine learning. This anomaly detection is further refined by leveraging an open-source set of continuously updated rules called Core Rule Set (CRS). Additionally, certain high-confidence rules are enabled for detection and blocking locally, without engaging Traceable's system intelligence. The high-confidence rules are applied by the Traceable agent without the need of sending your data to the Traceable platform. 

Navigate to Administration () > Policies page to view and configure these signature-based rules. 

The detected threats are listed in the following categories:

  • Path manipulation
  • Known vulnerabilities
  • Request and response metadata anomalies
  • Injections
  • Parameter Anomalies
  • Cross-Site Scripting (XSS)
  • Scanner Detection
  • Session Fixation

When you log in to Traceable, all local rules are disabled by default. If you would like to enable local signature-based blocking, it is a good practice to enable detection first and observe the detected events. If you feel confident about detection, only then you should enable the blocking rules. When signature-based blocking rules are enabled, they apply globally to all the endpoints.

Enabling threat detection rules does not by default enable threat actor blocking. You have to enable blocking separately.

Was this article helpful?

What's Next