Introduction
We have a number of ways to customize and interact with the system. One of the features we offer is a rules engine which can greatly enhance the functionality of your application. It is a very powerful tool.
We have the following article, along with others on the support page, which outlines how it can be used: Rules explanation
Objectives
- learn how the different modules interact with each other
- understand why rules may not be firing as you may intend
- understand the sequential nature of the rules engine in relation to the modules
Rules engine firing order
The rules engine runs in a sequential format, meaning it will perform the rules in one module, then go onto the next.
It runs in the following order:
Main > Component > Dataflow > Threat (both)
This is important to note, as it can explain why our custom rules may not behave as expected.
Use case
For example, if we have a rule at component level, we cannot expect a main rule to be fired, based on the action of the component rule, without running the rules engine a second time.
This is because the rules engine runs the main module then the component level.
Often times this confusion is because of a lack of understanding of what scope to set a rule at. This is explained in further detail at the module section of the rules explanation linked above.
Comments
0 comments
Article is closed for comments.