Match Field

In most cases, the rule you are creating is only meant to apply to a subset of findings. If this is the case, select Match field.

Source plugin:

Rules apply to one plugin or tool at a time. Select from the list of available plugins to decide which plugin this Rule should apply to.

Field:

Pick the name of the field that should trigger the rule from the dropdown. For example, if you're creating a Rule to apply based on the value of the Severity field, you'd pick Severity here. The listed available fields are taken from the Plugin Manager configuration for that plugin.

For more details, see Where do I find the Field name? below.

Condition:

Choose the condition that best matches the Rule you're creating. The available conditions are:

• equals
• does not equal
• is greater than
• is greater than or equals
• is less than
• is less than or equals
• contains

Value:

The Value field wraps up the trigger. This field will contain a number, word, or a phrase depending on how you've configured the rest of the fields.

Where do I find the Field name?

Rules Engine Fields + The Plugin Manager

The field name is specific to the plugin that you are using and the name is determined by your settings in the Plugin Manager.

Because the Plugin Manager is applied to findings before the Rules Engine, use the Dradis field names you define in the Plugin Manager (e.g. Title) when setting your field name here in the Rules Engine.

Example: Match Fields with the Plugin Manager

If you wanted to find a match based on the plugin_name field coming in from Nessus, your first instinct might be to look for a plugin_name field to apply the Rule to:

However, remember what we said about the Plugin Manager applying to incoming findings first?

If you have your Plugin Manager configured like the example above, you will need to use the Field value of Title in your Rule because by the time the finding reaches the Rules Engine, the Plugin Manager will have changed the original plugin_name to Title.