Rules

Rules Overview

Overview

The Rules Engine in Snapsec WAS enables security teams to:

Build custom detection logic in YAML
Modify headers, payloads, or request flows
Match on response codes, body content, or metadata
Automatically generate vulnerabilities based on findings
Enable/disable rule execution per project

Rules are evaluated during scanning, and findings appear in the Vulnerabilities section.

Rule Editor (YAML)

The left side of the Rules page provides a YAML rule editor where you can create or modify rules.

YAML Rule Editor

A rule typically includes sections such as:

target — which endpoints the rule applies to
transform — modify or remove headers / payload content
match_on — response indicators (status, string, header, etc.)
report — vulnerability metadata generated when the rule triggers

Example:

rule_name: Detect Unauthorized Requests
target: all

transform:
  headers:
    remove:
      - Authorization

match_on:
  status: 200
  response_contains: "unauthorized"

report:
  title: "Unauthorized Without Token"
  description: "Endpoint returns 200 when token is removed"
  severity: "medium"
  cwe: "CWE-284"

Environments

Scans

⌘I

Getting started

Vulnerability Management

Attack Surface Management

Asset Inventory Management

Vulnerability Scanner

Threat Modelling

Web Application Scanner

Overview

Rule Editor (YAML)

Getting started

Vulnerability Management

Attack Surface Management

Asset Inventory Management

Vulnerability Scanner

Threat Modelling

Web Application Scanner

​Overview

​Rule Editor (YAML)

Overview

Rule Editor (YAML)