Viewing the Rules

Each and every rule is handled by a policy.

To view rules, complete the following steps:

  1. Click a policy to view the rules that are handled by the policy. The following details are displayed:
    • Name—The name of the policy.
    • State—A policy is either in Enabled or Disabled state.
    • Definition—Defines how the policy handles threats that are identified.

    There are two types of rules, Enforced and Allow Listed.

    By default, the rules based on which the policy is enforced are displayed in the Rules table. To view the list of allowed rules, click Allow Listed.

    The following details are displayed in the Rules table:

    Table 1: Rules Pane

    Data Pane Content

    Description

    Signature

    Displays the threat signature.

    SID

    Displays the signature Id.

    Category

    Displays the threat category such as malware, phishing.

    Protocol

    Displays the network protocol for the rule.

    Action

    Displays the action taken to handle the threat.

    Source

    Displays the IP addresses of the source where most number of threats were generated.

    Destination

    Displays the IP addresses that were the destination of most number of threats.

    Direction

    Displays the direction in which traffic flows. The traffic that flows towards the branch from the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. and the traffic that flows from the branch towards the WAN.

  2. To move a single rule to Allow List, select the row and click at the end of the row.

    Alternatively, to move multiple rules to Allow List, select the rows and click Move to Allow List.

    In the Rules table, use the icon in the Signature column to filter the signatures that you want to move to Allow List.

  3. In the Move to Allow List confirmation window, click Move.
  4. To remove a rule from Allow List, select the row and click at the end of the row.

    Alternatively, to remove multiple rules from Allow List, select the rows and click Remove from Allow List.

  5. In the Remove from Allow List confirmation window, click Remove.