Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Rule Representation in the Documentation

When rules are explained in the Web Gateway documentation, different ways of representing them within the documentation text are used.

A rule can be represented in a long or short format, providing more or less explicit information about the structure of a rule. The individual elements of a rule can be marked using different fonts to distinguish them from each other or all appear in the same font.

The long and the short formats can both be combined with different element markup to represent rules as follows:

  • Short rule representation — A rule is represented in a short format with different fonts used for the individual rule elements.
  • Short unified rule representation — A rule is represented in a short format with the same fonts used for all rule elements.
  • Long rule representation — A rule is represented in a long format with different fonts used for the individual rule elements.
  • Long unified rule representation — A rule is represented in a long format with the same fonts used for all rule elements.

All rule representations are followed by explanations of the respective rules in plain text.

Rule representation on the user interface

On the user interface of Web Gateway, a rule looks like this. The three main rule elements (criteria, action, and events) are each shown in a separate column. The rule name appears in bold above the rule criteria.

clipboard_e19154cafa155c2e08e9456a36b842152.png

In this sample representation, the rule name and elements are as follows:

  • Name — Block if virus was found
  • Criteria — Antimalware.Infected<Gateway Anti-Malware> equals true
  • Action — Block<Virus Found>
  • Event — Statistics.Counter.Increment("BlockedByAntiMalware",1)<Default>

The different representation methods used in the documentation text all rely in one way or other on how a rule is represented here.

Short rule representation

The short rule representation shows the main elements of a rule next to each other with the rule name in bold above the criteria. This representation method comes closest to the way that a rule is shown on the user interface.

To distinguish the main rule elements even further than it is done on the user interface, the criteria is shown in italics and the action is preceded by an arrow. The arrow symbolizes the relation between the criteria and the action (if the criteria matches, then the action is performed).

The rule event is always optional. It is also executed if the criteria matches, so it is just added after the action, separated by a dash.

Block if virus was found

Antimalware.Infected<Gateway Anti-Malware> equals true –> Block<Virus Found> – Statistics.Counter.Increment (“BlockedByAntiMalware”,1)<Default>

Short unified rule representation

The short unified rule representation differs from the short rule representation in that it does not use different fonts to distinguish the name from the rule elements and the rule elements from each other. It rather shows them all in narrow bold font.

Block if virus was found

Antimalware.Infected<Gateway Anti-Malware> equals true – Block<Virus Found> – Statistics.Counter.Increment (“BlockedByAntiMalware”,1)<Default>

Long rule representation

The long rule representation shows each rule element in a separate row within a table, preceded by the element name. The rule name appears in red above the table like a section title.

Block if virus was found

Rule element Definition
Criteria Antimalware.Infected<Gateway Anti-Malware> equals true
Action Block<Virus Found>
Event Statistics.Counter.Increment (“BlockedByAntiMalware”,1)<Default>

Long unified rule representation

The long unified rule representation differs from the long rule representation in that all individual rule elements are marked in narrow bold font. 

Rule element Definition
Criteria Antimalware.Infected<Gateway Anti-Malware> equals true
Action Block<Virus Found>
Events Statistics.Counter.Increment (“BlockedByAntiMalware”,1)<Default>
  • Was this article helpful?