Create a Ruleset

Go to zn HUB > Rules , and then click on Add Ruleset :

In the Create Ruleset screen:

Fill in Name and Description. For the Action field, select:

  • Alert - Generate an Alert event.
  • Ignore - Ignore the Issue.
  • Override - Override the Severity of the Issue.

Specify the Rule . A Rule is a triple consisting of:

field name | comparison operator | value string

Add one or more Rules by clicking on the Add Rule button:

Multiple Rules within a Ruleset apply the logical AND operation between them. Click Save Ruleset to create the new Ruleset:

Things to Keep in Mind

  • Rules apply only to new Issues detected since the creation of the Ruleset.
  • Unless specified by using policyId or policyName , rules will apply to all Policies in your account.
  • Multiple Rules within a Ruleset apply the logical AND operation between them.
  • Multiple Rulesets that apply to a Scan job apply the logical OR operation between them.
  • Review your IGNORE rules on a regular basis to make sure they are still needed.

Field Names

As of 2020, the available field names are:

  • issueName: Name of issue
  • issueDescription: Details of issue
  • key: Issue key
  • issueType: Type of issue. Expected value: VULNERABILITY , CODE_SMELL , BUG ``
  • target: Name of target
  • targetId: Target ID
  • port: Port number
  • scanTool: Name of scenario
  • severity: Severity score as a CVSS 3.0 number between -1.0 and 10.0
  • severityCode: Valid values are Info , Low , Medium , High , Critical
  • policyId: Policy ID
  • policyName: Name of policy
  • product: Name of product (scanning tool)
  • scenarioId: Scenario ID
  • status: Issue status. Expected value: Detection , Existing , Remediation

Comparison Operators

And the available comparison operators are:

  • =
  • !=
  • =

  • <
  • <=
  • contains
  • does not contain