Firewall Rule

firewall_rule

The Firewall Rule object represents a specific rule within a firewall policy or event. It contains information about a rule's configuration, properties, and associated actions that define how network traffic is handled by the firewall.

Attributes

CaptionNameTypeDescription
CategorycategoryStringThe rule category.
ConditionconditionStringThe rule trigger condition for the rule. For example: SQL_INJECTION.
DescriptiondescStringThe description of the rule that generated the event.
Duration MillisecondsdurationLongThe rule response time duration, usually used for challenge completion time.
Match Detailsmatch_detailsString[]The data in a request that rule matched. For example: '["10","and","1"]'.
Match Locationmatch_locationStringThe location of the matched data in the source which resulted in the triggered firewall rule. For example: HEADER.
NamenameStringThe name of the rule that generated the event.
Rate Limitrate_limitIntegerThe rate limit for a rate-based rule.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
SensitivitysensitivityStringThe sensitivity of the firewall rule in the matched event. For example: HIGH.
TypetypeStringThe rule type.
Unique IDuidStringThe unique identifier of the rule that generated the event.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.
VersionversionStringThe rule version. For example: 1.1.

Relationships

Firewall Rule shown in context

Inbound Relationships

These objects and events reference Firewall Rule in their attributes:

Outbound Relationships

Firewall Rule references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0