Monitoring rules - Code-level Vulnerability Analytics
To include or exclude specific process groups from being monitored by Application Security, you can set up fine-grained monitoring rules for Code-level Vulnerability Analytics.
If you define custom monitoring rules, they override the global code-level vulnerability detection control mode, and Runtime Vulnerability Analytics continues to monitor the code-level vulnerabilities based on your rules.
Prerequisites
Enable Code-level Vulnerability Analytics.
Create custom monitoring rules
- Go to Settings and select Application security > Vulnerability Analytics > Monitoring rules: Code-level.
- Select Add new rule.
- Define the criteria for this rule:
Select or enter a process group to which you want to apply this configuration.
Leave empty if you want the rule to apply to any supported process groups.
- Specify how to control a vulnerability that matches the rule criteria:
- Do not monitor – Code-level vulnerabilities for the selected process group are ignored.
- Monitor – Code-level vulnerabilities for the selected process group are reported.
Optionally, add a comment.
- Select Save changes.
You can edit, disable, enable, or remove rules at any time.
Monitoring rules are ordered; the first matching rule applies.
Frequently asked questions
- What happens if I change the order of the rules?
The first matching rule applies.
- What happens if a Do not monitor rule that applies gets added?
New vulnerabilities for the processes that match the rule won't be created.
Existing vulnerabilities that only relate to matching processes are resolved.
- What happens if a Do not monitor rule is deleted or doesn't apply anymore?
New vulnerabilities for the processes that match the rule will be created.
Related resolved vulnerabilities are reopened.