Monitoring rules - Code-level Vulnerability Analytics

You can create your own fine-grained monitoring rules for code-level vulnerabilities based on resource attributes, and define multiple conditions for one rule. When creating a rule, you can check if conditions apply and how many process groups are affected. The rules you create override the global code-level vulnerability detection control for the selected technology.

Prerequisites

Enable Code-level Vulnerability Analytics.

Create custom monitoring rules

  1. Go to Settings and select Application security > Vulnerability Analytics > Monitoring rules: Code-level.

  2. Select Add new rule.

  3. optional Name your rule (if not, a name will be assigned to it automatically once you create the rule, based on your criteria).

  4. For Code-level vulnerability control, specify how to control a vulnerability that matches the rule criteria:

    • Do not monitor – Code-level vulnerabilities for the selected conditions are ignored.
    • Monitor – Code-level vulnerabilities for the selected selected conditions are reported.

  5. optional Select Add new condition to add one or more conditions to your rule.

    • If you don't add any condition, the rule applies to all processes.
    • If you add multiple conditions, all of them have to apply for the rule to take effect. To check if a rule applies, select Preview matching process group instances. This lists process group instances that currently match the criteria.

    Example conditions:

    example conditions for a rule

  6. Select Save changes.

You can edit, disable, enable, or remove rules at any time.

Monitoring rules are ordered; the first matching rule applies.

  1. Restart processes.

Frequently asked questions

  • What happens if I change the order of the rules?
    • The first matching rule applies.
  • What happens if a Do not monitor rule that applies gets added?
    • New vulnerabilities for the processes that match the rule won't be created.
    • Existing vulnerabilities that only relate to matching processes are resolved.
  • What happens if a Do not monitor rule is deleted or doesn't apply anymore?
    • New vulnerabilities for the processes that match the rule will be created.
    • Related resolved vulnerabilities are reopened.

Related topics