Rule and case
In the previous section we discussed how to configure a mitigation action with a policy for a malicious request. Consider a sample policy with the NevisProxyActionPlugin, which assigns the BLOCK action to the risk score range from 0.8 to 1.0.
A main decision is whether to apply the BLOCK action only to the actual request of the user or also to all subsequent requests of the user. For each policy, you can choose whether to create a so-called rule. If a rule is being created, the action will be applied also to all subsequent requests of the user - independent of the risk scores of the actual request. The system stores every created rule in the database. You can manage all rules via the nevisDetect UI.
From a security and forensic point of view, it may be important to further analyze a malicious request. For each policy, you can configure whether a case should be persisted. A case consists of the details of the request and all risk scores. It can be viewed by via the nevisDetect UI.