Firewall Rule

firewall_rule

The Firewall Rule object represents a specific rule within a firewall policy or event. It contains information about a rule's configuration, properties, and associated actions that define how network traffic is handled by the firewall.

Attributes

CaptionNameTypeDescription
CategorycategoryString

The rule category.

ConditionconditionString

The rule trigger condition for the rule. For example: SQL_INJECTION.

DescriptiondescString

The description of the rule that generated the event.

Duration MillisecondsdurationLong

The rule response time duration, usually used for challenge completion time.

Match Detailsmatch_detailsString[]

The data in a request that rule matched. For example: '["10","and","1"]'.

Match Locationmatch_locationString

The location of the matched data in the source which resulted in the triggered firewall rule. For example: HEADER.

NamenameString

The name of the rule that generated the event.

Rate Limitrate_limitInteger

The rate limit for a rate-based rule.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

SensitivitysensitivityString

The sensitivity of the firewall rule in the matched event. For example: HIGH.

TypetypeString

The rule type.

Unique IDuidString

The unique identifier of the rule that generated the event.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

VersionversionString

The rule version. For example: 1.1.

Relationships

Firewall Rule shown in context

Inbound Relationships

These objects and events reference Firewall Rule in their attributes:

Outbound Relationships

Firewall Rule references the following objects and events in its attributes:

This page describes ocsf-1.4.0