View Policy of all your Web Applications/APIs

A summary of all AppSec practices is available under Cloud->Threat Prevention in the form of rules view.

Rules table


The asset or zone (dynamic group of assets) the security practice protects


The AppSec practice configured to protect the asset/zone.


The mode can be show:
  • Detect - The practice is configured to log events without blocking traffic.
  • Prevent - The practice is configured to block incoming traffic upon detection of a malicious attack.
  • Disabled
  • Mixed - The practice may be set to "Detect" or "Prevent" but a mode of at least one sub-practice (e.g. AppSec IPS, API Schema Validation, etc.) is set to override the main mode.


Shows configured exclusions configured for the practice.


Shows the Log Trigger object/s configured for the practice.


Shows the Agents Profile/s that enforce this rule.

Tab view

When selecting a rule, the bottom tabs will show the data of the asset/zone the rule protects.
  • The "Attribute" tab shows a summary of the asset/zone data.
  • The other tabs are the same tabs shown when editing the asset/zone object and can be used to edit the asset and practice configuration without being required to go to either the Assets or Zones.