Skip to main content

Set ADR rule modes

Use this procedure to set the modes for an Application, Detection, and Response (ADR) rule for a selected incident.

Before you begin

  • You need a role with the Incident administration action.

Steps

  1. From the left navigation, select Incidents.

  2. Select an incident

  3. In the Containment actions section, select Configure ADR rules.

    Image shows the Configure ADR rules button in the Containment actions section.

    The ADR rules panel shows this information:

    • Rule: The name of the rule associated with the incident

    • Description: A description of the rule

    • The current modes for the Development, QA, and Production environments:

      • Off: This mode disables the rule.

      • Block at perimeter: The agent blocks a possible attack before the application can process it. This option is not available for all rules.

      • Monitor: The agent identifies and reports attacks.

      • Block: The agent identifies, reports and blocks attacks.

        Important

        If an attack matches a rule and the mode for that rule is set to Block, the Java, .NET Framework, and .NET Core agents throw an AttackBlockedException.

        To ensure the application doesn't crash, edit the application to handle the AttackBlockedException.

  4. In the ADR rules panel, select a mode from the dropdown for any or all of the environments.

    Image shows the mode dropdown options for the Production environment.

  5. Select Submit.

In this section: