Match Field

Rules 27

In most cases, the rule you are creating is only meant to apply to a subset of findings. If this is the case, select Match field.

Rules 03

Source plugin:

Rules apply to one plugin or tool at a time. Select from the list of available plugins to decide which plugin this Rule should apply to.


Fill in the name of the field that should trigger the rule. For example, if you're creating a Rule to apply based on the value of the Severity field, you'd enter Severity here.

For more details, see Where do I find the Field name? below.


Choose the condition that best matches the Rule you're creating. The available conditions are:

  • equals
  • does not equal
  • is greater than
  • is greater than or equals
  • is less than
  • is less than or equals
  • contains


The Value field wraps up the trigger. This field will contain a number, word, or a phrase depending on how you've configured the rest of the fields.

Where do I find the Field name?

Rules Engine Fields + The Plugin Manager

The field name is specific to the plugin that you are using and the name is mostly likely determined by your settings in the Plugin Manager.

Because the Plugin Manager is applied to findings before the Rules Engine, use the Dradis field names you define in the Plugin Manager (e.g. Title) when setting your field name here in the Rules Engine.

Example: Match Fields with the Plugin Manager

If you wanted to find a match based on the plugin_name field coming in from Nessus, your first instinct might be to set up your condition like the example below:

Rules 04

Wait! Remember what we said about the Plugin Manager applying to incoming findings first?

Rules 05

If you have your Plugin Manager configured like the example above, you can instead use the Field value of Title in your Rule because by the time the finding reaches the Rules Engine, the Plugin Manager will have changed the original plugin_name to Title.

Rules 06
Troubleshooting tip: Field values are case-sensitive! A value of high will not be applied the same as a value of High.

Next help article: Action: Discard Finding →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.