Firewall Rule

The Firewall Rule object represents a specific rule within a firewall policy or event. It contains information about a rule's configuration, properties, and associated actions that define how network traffic is handled by the firewall.

Attributes

Caption	Name	Type	Description
Category	`category`	String	The rule category.
Condition	`condition`	String	The rule trigger condition for the rule. For example: SQL_INJECTION.
Description	`desc`	String	The description of the rule that generated the event.
Duration	`duration`	Long	The rule response time duration, usually used for challenge completion time.
Match Details	`match_details`	String[]	The data in a request that rule matched. For example: '["10","and","1"]'.
Match Location	`match_location`	String	The location of the matched data in the source which resulted in the triggered firewall rule. For example: HEADER.
Name	`name`	String	The name of the rule that generated the event.
Rate Limit	`rate_limit`	Integer	The rate limit for a rate-based rule.
Raw Data	`raw_data`	JSON	The event data as received from the event source.
Record ID	`record_id`	String	Unique identifier for the object
Sensitivity	`sensitivity`	String	The sensitivity of the firewall rule in the matched event. For example: HIGH.
Type	`type`	String	The rule type.
Unique ID	`uid`	String	The unique identifier of the rule that generated the event.
Unmapped Data	`unmapped`	Unmapped[]	The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Version	`version`	String	The rule version. For example: `1.1`.

Relationships

Inbound Relationships

These objects and events reference Firewall Rule in their attributes:

Outbound Relationships

Firewall Rule references the following objects and events in its attributes:

Unmapped

This page describes qdm-1.3.2+ocsf-1.3.0