In what order does Threat Defender process rules?

To view the policy configured on cognitix Threat Defender, navigate to Policy > Rules.

Policy rules are processed from top to bottom. We therefore recommend placing more specific rules at the top of the table and rules that apply to a broader range of traffic at the bottom.

Global rules (i.e. rules that are applied to all traffic) are always processed before rules in correlation scenarios.

To reorder global rules, click the ACTIVATE GLOBAL RULES REORDER button above the table. Move the rules to the desired positions using drag and drop.

To reorder correlation scenarios, navigate to Policy > Advanced Correlation. Click the ACTIVATE REORDER button above the table and move the scenarios using drag and drop.