Templated Rules enable you to gain visibility into registrations, logins, and virtual patches within your application by configuring simple rules.
Enabling and Editing Templated Rules
In the Signal Sciences console, go to Site Rules > Templated Rules in the navigation bar at the top.
Click on the View button to the far right of the rule you want to configure.
This page features a graph, Event list, and list of requests tagged with the signal associated with this rule.
Click on Configure button in the upper-right corner to enable or edit the rule.
You will be taken to a pre-built rule that’s ready to set up. You will need to configure the empty value fields with values specific to your application, such as paths, response codes, and headers. It is possible to add and remove conditions in the rule as necessary for your application.
Click Update Site Rule at the bottom to save your changes to the rule.
When configuring Failed Logins or Failed Registrations, you have the additional option to block either subsequent Login Attempts or Registration Attempts respectively:
The duration for the block is customizable. Either the site default (normally 1 day), 10 minutes, 1 hour, 6 hours, or 24 hours.
With API Protection rules, easily tag requests made to your API, allowing you to detect patterns such as repeated API requests from an unexpected user agent.
API Protection signals are informational, so only certain requests tagged with these signals will appear in the requests page of the console. See Data Storage and Sampling for additional details.
ATO Protection rules enable you to quickly create rules to identify account takeover (ATO) attacks, such as failed password reset attempts.
With the exception of the “Login” and “Registration” groups of signals, ATO Protection signals are informational, so only certain requests tagged with these signals will appear in the requests page of the console. See Data Storage and Sampling for additional details.
With Signal Sciences' virtual patching rules, you have the ability to immediately block or log requests matching specific vulnerabilities. These can be configured to send an alert after a threshold of matching requests:
Future virtual patches will be announced via an optional email notification.