Create custom rules with AI Assistant (beta)
This is a beta feature. To enable it, contact your account team.
From Web Security Analytics (WSA), you can use AI Assistant to create custom rules based on applied filters. Supported dimension types include:
- Client information (Client Fingerprint matches)
- Network information (IP Address, AS Number, and GEO matches)
- HTTP information (Request Header, Method, Query, and Host-related matches)
- IP/Geo firewall (Client List matches)
Before using this feature, review how AI Assistant handles WSA filters when generating custom rules. Note that not all filters in WSA are supported. For details, see Requirements and supported filters.
Create a custom rule with AI Assistant
To create a custom rule with AI Assistant:
- Navigate to Web Security Analytics.
- Apply the desired filters, ensuring they are supported filters and meet the requirements listed below.
- In the top navigation bar, click AI Assistant.
- Enter: “Create a custom rule based on the current filters applied.”
If the applied filters are supported, AI Assistant generates a custom rule based on them. You will be redirected to the custom rule builder with the filters pre-populated as conditions. Review the generated rule before saving and activating it.
If only some of the applied filters are supported, AI Assistant will generate custom rule conditions only from the supported filters.
Requirements and supported filters
You can use AI Assistant to create custom rules from applied filters that meet the supported dimensions, operators, and requirements below.
Filter compatibility requirements
Most supported filters have specific compatibility requirements. When using AI Assistant to create custom rules, if a filter isn't listed below as fully compatible, ensure it meets the following requirements:
- Use only one operator per dimension (for example, only Match Any or only Does Not Match Any for Client H2 Fingerprint). Combining multiple operators for a single dimension is not supported.
- Do not use filters with empty values unless the filter specifically supports them. For example, if you set the filter values for “Connecting AS Number
==ANYMatch Any” as AS12345, AS67890, and [empty value], it will not work because this dimension does not support any empty values. - Even if a filter supports empty values, do not use a filter that contains only an empty value. For example, while the User-Agent dimension can accept empty values, AI Assistant cannot create a custom rule from a filter with only “[empty_value]” for “User-Agent
==ANYMatch Any.”
Client information filters
| Filter dimension | Supported operators | Supports empty values? | Compatibility |
|---|---|---|---|
| JA4 Client TLS Fingerprint |
| No | Requirements apply |
| Client H2 Fingerprint |
| No | Requirements apply |
| Client TLS Fingerprint V3 |
| No | Requirements apply |
| Client TLS Fingerprint V2 |
| No | Requirements apply |
Network information filters
| Filter dimension | Supported operators | Supports empty values? | Compatibility |
|---|---|---|---|
| Connecting IP Address |
| Yes | Requirements apply |
| Connecting IP Address CIDR |
| Yes | Requirements apply |
| Connecting IP Subnet |
| Yes | Requirements apply |
| Connecting AS Number |
| No | Requirements apply |
| Connecting Country/Area |
| Yes | Requirements apply |
| End User IP Address |
| Yes | Requirements apply |
| End User IP Address CIDR |
| Yes | Requirements apply |
| End User IP Subnet |
| Yes | Requirements apply |
| End User AS Number |
| No | Requirements apply |
| End User Country/Area |
| Yes | Requirements apply |
HTTP information filters
| Filter dimension | Supported operators | Supports empty values? | Compatibility |
|---|---|---|---|
| User-Agent |
| Yes | Fully compatible* |
| Hostname |
| No | Fully compatible* |
| Path |
| No | Requirements apply |
| Query |
| No | Requirements apply |
| Request Header Set |
| Yes | Requirements apply |
| Accept-Language |
| Yes | Fully compatible* |
| Content-Length |
| Yes | Fully compatible* |
| Method |
| Not applicable | Requirements apply |
| Sec-CH-UA |
| Yes | Fully compatible* |
| Sec-CH-UA-Mobile |
| Yes | Fully compatible* |
| Sec-CH-UA-Arch |
| Yes | Fully compatible* |
| Sec-CH-UA-Platform |
| Yes | Fully compatible* |
| Sec-CH-UA-Platform-Version |
| Yes | Fully compatible* |
| Sec-CH-UA-Model |
| Yes | Fully compatible* |
| Sec-CH-UA-Bitness |
| Yes | Fully compatible* |
| Sec-CH-UA-Full-Version-List |
| Yes | Fully compatible* |
| Sec-CH-UA-Form-Factors |
| Yes | Fully compatible* |
| Sec-CH-UA-Full-Version |
| Yes | Fully compatible* |
| Sec-CH-UA-WoW64 |
| Yes | Fully compatible* |
| Referer |
| Yes | Fully compatible* |
*These filters are fully compatible with custom rule matches. The Filter compatibility requirements above do not apply.
IP/Geo firewall filters
Only Client Lists are supported. Custom rules do not support Network Lists.
| Filter dimension | Supported operators | Supports empty values? |
|---|---|---|
| Client/Network Lists |
| No |
Updated about 9 hours ago