Manage custom rules

You can manage Application Security detection rules to customize and optimize your security configurations according to your specific needs and preferences: On the AppSec Rules inventory, right-click on a rule or click to open the side panelselect an option:

UI workflow

On the AppSec Rules inventory, right-click on a rule or click to open the side panelselect an option:

  • Edit: Opens the Edit Rule wizard, allowing you to manage existing rules

  • Duplication: Opens the selected rule in a New Rule dialog box, allowing you to save a copy of the rule. This allows you to customize default rules according to your requirements

API workflow

Use the Modify rule and Delete rule API operations to integrate rule lifecycle management into your automated pipelines.

  • Bulk labeling and organization: Apply labels programmatically using the Modify rule operation to organize rules by team, compliance framework, or business unit

  • OOTB vs. custom constraints: When automating rule management, note that custom rules accept modifications to all fields (name, severity, frameworks and so on). OOTB rules are maintained by Cortex XSIAM and cannot be deleted; they only accept label modifications via the API

For information on managing endpoints, refer to Manage AppSec rule API documentation.