Types of Conditions Used When Creating Scenarios

URL category conditions

To create or update a condition of URL category type, specify the following parameters:

Name

Description

scond_type

Condition type: scond_type(url_category).

category

Site categories or site group categories:

category = (lib.category(URL_CATEGORY_GROUP), URL_CATEGORY_NAME)

count_interval

Time interval during which a specified number of triggered events should occur (specified in minutes): count_interval().

max_event_count

Number of triggered events: max_event_count().

Virus detected conditions

To configure a condition of Virus detected type, specify the following parameters:

Name

Description

scond_type

Condition type: scond_type(virus_detection).

Application conditions

To create or edit a condition of Application type, use the parameters provided in the table below:

Name

Description

scond_type

Condition type: scond_type(app).

application

Application categories or application groups:

  • application = lib.applicationgroup(APP_GROUP) or application = lib.applicationgroup(all)

  • application = lib.category(APPS_CATEGORY_NAME)

count_interval

Time interval during which a specified number of triggered events should occur (specified in minutes): count_interval().

max_event_count

Number of triggered events: max_event_count().

IPS conditions

Parameters of a condition of IDPS type:

Name

Description

scond_type

Condition type: scond_type(ips).

ips_tl

Threat level:

  • ips_tl(very_low)

  • ips_tl(low)

  • ips_tl(medium)

  • ips_tl(high)

  • ips_tl(very_high)

Content type conditions

Parameters of a condition of Content types type:

Name

Description

scond_type

Condition type: scond_type(mime_type).

response.header.Content-Type

Content type: response.header.Content-Type = lib.mime(MIME_CATEGORIES_LIST).

count_interval

Time interval during which a specified number of triggered events should occur (specified in minutes): count_interval().

max_event_count

Number of triggered events: max_event_count().

Packet size conditions

To create or configure a condition of Packet size type, use the following parameters:

Name

Description

scond_type

Condition type: scond_type(net_packet_size).

packet_size

The packet size exceeding which causes the condition to be met is specified as follows:

  • packet_size(1): packet size is 1 byte

  • packet_size(1KB): packet size is 1KB

  • packet_size(1MB) packet size is 1MB

  • packet_size(1GB) packet size is 1GB

Sessions per IP address conditions

To configure a condition of Session per IP type, use the following parameters:

Name

Description

scond_type

Condition type: scond_type(sessions_per_ip).

sessions_limit

Maximum number of sessions allowed from one IP address: sessions_limit().

Traffic limit conditions

To create or configure a condition of Traffic volume type, use the following parameters:

Name

Description

scond_type

Condition type: scond_type(traffic).

traffic_limit

Traffic limit:

  • traffic_limit(1): 1 byte

  • traffic_limit(1KB): 1KB

  • traffic_limit(1MB): 1MB

  • traffic_limit(1GB) 1GB

period

Period:

  • period(minute) minute

  • period(hour): hour

  • period(day) day

  • period(week): week

  • period(month) month

Health check conditions

To configure a condition of Health check type, use the following parameters:

Name

Description

scond_type

Condition type: scond_type(health_check).

health_check_method

Checking method:

  • health_check_method(ping): ping

  • health_check_method(dns): DNS request

  • health_check_method(get): GET HTTP method

url.address

Address for ping and DNS requests: url.address = "1.1.1.1".

url.domain

FQDN for health checking using DNS request or URL for HTTP GET method: url.domain = "example.ru".

gateway

Name of the gateway used: gateway().

Important! The gateway should be created in advance.

health_result

Check result:

  • health_result(positive): positive

  • health_result(negative): negative

health_request_timeout

Connection timeout (in seconds): health_request_timeout().

health_answer_timeout

HTTP GET request answer timeout (in seconds): health_answer_timeout().

health_type_request

DNS query type:

  • health_type_request(a)

  • health_type_request(aaaa)

  • health_type_request(cname)

  • health_type_request(ns)

  • health_type_request(ptr)

count_interval

Time interval during which a specified number of triggered events should occur (specified in minutes): count_interval().

max_event_count

Number of triggered events: max_event_count().