URL category conditions
To create or update a condition of URL category type, specify the following parameters:
|
Name |
Description |
|---|---|
|
scond_type |
Condition type: scond_type(url_category). |
|
category |
Site categories or site group categories: category = (lib.category(URL_CATEGORY_GROUP), URL_CATEGORY_NAME) |
|
count_interval |
Time interval during which a specified number of triggered events should occur (specified in minutes): count_interval(). |
|
max_event_count |
Number of triggered events: max_event_count(). |
Virus detected conditions
To configure a condition of Virus detected type, specify the following parameters:
|
Name |
Description |
|---|---|
|
scond_type |
Condition type: scond_type(virus_detection). |
Application conditions
To create or edit a condition of Application type, use the parameters provided in the table below:
|
Name |
Description |
|---|---|
|
scond_type |
Condition type: scond_type(app). |
|
application |
Application categories or application groups:
|
|
count_interval |
Time interval during which a specified number of triggered events should occur (specified in minutes): count_interval(). |
|
max_event_count |
Number of triggered events: max_event_count(). |
IPS conditions
Parameters of a condition of IDPS type:
|
Name |
Description |
|---|---|
|
scond_type |
Condition type: scond_type(ips). |
|
ips_tl |
Threat level:
|
Content type conditions
Parameters of a condition of Content types type:
|
Name |
Description |
|---|---|
|
scond_type |
Condition type: scond_type(mime_type). |
|
response.header.Content-Type |
Content type: response.header.Content-Type = lib.mime(MIME_CATEGORIES_LIST). |
|
count_interval |
Time interval during which a specified number of triggered events should occur (specified in minutes): count_interval(). |
|
max_event_count |
Number of triggered events: max_event_count(). |
Packet size conditions
To create or configure a condition of Packet size type, use the following parameters:
|
Name |
Description |
|---|---|
|
scond_type |
Condition type: scond_type(net_packet_size). |
|
packet_size |
The packet size exceeding which causes the condition to be met is specified as follows:
|
Sessions per IP address conditions
To configure a condition of Session per IP type, use the following parameters:
|
Name |
Description |
|---|---|
|
scond_type |
Condition type: scond_type(sessions_per_ip). |
|
sessions_limit |
Maximum number of sessions allowed from one IP address: sessions_limit(). |
Traffic limit conditions
To create or configure a condition of Traffic volume type, use the following parameters:
|
Name |
Description |
|---|---|
|
scond_type |
Condition type: scond_type(traffic). |
|
traffic_limit |
Traffic limit:
|
|
period |
Period:
|
Health check conditions
To configure a condition of Health check type, use the following parameters:
|
Name |
Description |
|---|---|
|
scond_type |
Condition type: scond_type(health_check). |
|
health_check_method |
Checking method:
|
|
url.address |
Address for ping and DNS requests: url.address = "1.1.1.1". |
|
url.domain |
FQDN for health checking using DNS request or URL for HTTP GET method: url.domain = "example.ru". |
|
gateway |
Name of the gateway used: gateway(). Important! The gateway should be created in advance. |
|
health_result |
Check result:
|
|
health_request_timeout |
Connection timeout (in seconds): health_request_timeout(). |
|
health_answer_timeout |
HTTP GET request answer timeout (in seconds): health_answer_timeout(). |
|
health_type_request |
DNS query type:
|
|
count_interval |
Time interval during which a specified number of triggered events should occur (specified in minutes): count_interval(). |
|
max_event_count |
Number of triggered events: max_event_count(). |