The Web Application Protection Policy enables you to monitor and block threats for a pre-defined set of threat types. This policy helps your security teams protect your application ecosystem from web app and API attacks such as cross-site scripting (XSS), SQL injection, and PHP attacks.
WAP Policy
Key Features
The following are the features of the WAP Policy tab:
Features | Description |
|---|---|
Threat Type/Threat Rule List | It shows pre-defined WAP rules categorized by Threat Types by default, such as Local File Inclusion. |
Aggressive Rules | The highly sensitive rules that protect your application against multiple attacks, but may cause false positives. Such rules usually require fine-tuning through exclusion rules. Traceable shows the Aggressive label corresponding to such Threat Rules. |
Rule Information | Shows the following details for each rule:
|
Severity Levels | Shows the severity assigned to a rule indicating the impact of the threat it detects. |
Actions | It shows the action that Traceable should take regarding the threat detected by the rule. You can configure the following actions for a rule:
While you can configure the above action for each threat rule, each Threat Type row shows the count of threat rules categorized by the configured action. |
Status | Shows the current status of a Threat Type, Enabled or Disabled.
|
Filtering and Grouping | You can filter and/or group rules using the Filter ( |
.png){kind=small}
) icon to view the Description, Impact, Mitigation, and References of a Threat Rule/Type.
) icon and Group By drop-down.Policy Management
Policy management follows a hierarchical structure in Traceable, meaning enabling or disabling policies at an environment level or granular levels. You can manage the components within the WAP policy tab at the following levels:
.png)
WAP Policy Management
Environment Level — You can select the environment from the page’s top right corner and enable or disable the policy from the Status drop-down at the top of the tab. This enables or disables all the threat types collectively on the selected environment.
Note
Aggressive rules are disabled by default.
Threat Type Level — You can use the Toggle next to the Threat Type to enable or disable the threat rules under it. This enables or disables all the threat rules under it.
Threat Rule Level — You can use the Action drop-down next to a Threat Rule to enable (Monitor or Block) or disable (Disable) it.
While enabling the WA policy at the environment level enables all threat types, you can also enable or disable the individual threat types/rules as required. Similarly, when you enable a threat type, you can manage the rules independently.
Overrides in Threat Type/Rule Actions
Modifying the action (enable or disable) for a threat type/rule in a specific environment overrides the default action set at the Environment Level. If you switch back to viewing the actions across All Environments, Traceable shows an Override (
) icon corresponding to the modified threat, which upon hovering, shows the environments in which the action has been customized.
For example, let’s say you set a Threat Rule to Block at the All Environments level, and you navigate to the Sandbox environment and change the action for the same rule to Monitor. Now, when you switch to All Environments from the Environment drop-down, Traceable, through the override icon shows that the global action has been overridden in the Sandbox environment.
Traceable, through the Override icon, ensures visibility into the environment-specific configurations, allowing you to track and manage threat types/rules effectively.