Skip to content
Vulnity Vulnity Docs

Mitigation Rules

These rules tell Vulnity when to automatically block an IP address. Each rule is designed for specific attack vectors and defines:

  • The alert category that triggers the block, such as brute force, vulnerability scanning, or suspicious queries.
  • The event-frequency threshold before the block is triggered.
  • The block duration once triggered.
  • The minimum alert severity required.

These rules are managed from the SIEM, so what you see here is a copy of the configuration in your Vulnity panel. To modify the rules, open your SIEM panel and synchronize the changes afterward.

Mitigation Rules Configuration

To configure rules, see the SIEM Rules documentation.