View Policy of all your Web Applications/APIs
A summary of all AppSec practices is available under Cloud->Threat Prevention in the form of rules view.
The asset or zone (dynamic group of assets) the security practice protects
The AppSec practice configured to protect the asset/zone.
The mode can be show:
- Detect - The practice is configured to log events without blocking traffic.
- Prevent - The practice is configured to block incoming traffic upon detection of a malicious attack.
- Mixed - The practice may be set to "Detect" or "Prevent" but a mode of at least one sub-practice (e.g. AppSec IPS, API Schema Validation, etc.) is set to override the main mode.
Shows configured exclusions configured for the practice.
Shows the Log Trigger object/s configured for the practice.
Shows the Agents Profile/s that enforce this rule.
When selecting a rule, the bottom tabs will show the data of the asset/zone the rule protects.
- The "Attribute" tab shows a summary of the asset/zone data.
- The other tabs are the same tabs shown when editing the asset/zone object and can be used to edit the asset and practice configuration without being required to go to either the Assets or Zones.