Appearance
Manage Rulesets
The Rulesets page is your central hub for viewing, editing, and managing all rulesets in AttackLens. Rulesets can be created, cloned, activated, deactivated, and deleted from this page.
Ruleset List
Navigate to Rulesets in the left menu to view all rulesets.
The list displays the following columns:
| Column | Description |
|---|---|
| Title | The ruleset title. Click to open the detail page. |
| Rule Types | Tags showing the evaluation engine types used by this ruleset |
| Tags | Categorization tags (up to 3 shown, with overflow count) |
| Status | Active or Inactive |
| Created | When the ruleset was created |
Search and Sort
- Use the search bar to filter rulesets by title, description, or tags
- Click any sortable column header to sort ascending or descending
- Use pagination controls at the bottom for large lists
View Ruleset Details
Click a ruleset title to open the detail page.
The detail page displays:
General Information
- Status: Active or Inactive badge
- Title and Description
- Impact: Security impact of a failing check
- Solution: Remediation guidance
- Created date
- Tags: All assigned tags
- Variables: Table showing variable name, type, and value
- References: External links and documentation references
Prerequisites
If the ruleset has prerequisites, they are displayed in a tree view showing the check nodes and their conditions.
Checks
All check nodes are displayed in a tree view, including:
- Simple checks with their dataset type, property path, operator, and expected value
- Condition nodes (AND/OR) with their child checks
- Nested conditions for complex evaluation logic
Edit a Ruleset
INFO
Requires Admin role or the Edit Ruleset permission.
- Navigate to the ruleset detail page
- Click the Edit button in the top-right corner
- Modify any fields, variables, prerequisites, or checks
- Click Update to save changes
WARNING
Editing a ruleset that is assigned to active policies will affect the next evaluation cycle. All policies using this ruleset will reflect the updated checks on the next run.
Clone a Ruleset
Cloning creates an editable copy of a ruleset with the same configuration.
- From the ruleset list, open the action menu for the target ruleset
- Select Clone
- The cloned ruleset is created and added to the list
Cloning is useful for:
- Creating variations of a ruleset with different expected values
- Adapting a built-in ruleset for organization-specific requirements
- Creating a template from an existing ruleset
Activate or Deactivate a Ruleset
Toggle a ruleset's active status from the action menu:
- From the ruleset list, open the action menu for the target ruleset
- Select Activate or Deactivate
| Action | Effect |
|---|---|
| Activate | The ruleset will be evaluated in all policies that reference it |
| Deactivate | The ruleset is skipped during evaluation. Existing findings remain but are not updated. |
TIP
Deactivating a ruleset is a quick way to temporarily exclude a check without removing it from policies. This is useful during planned maintenance windows or when investigating false positives.
Delete a Ruleset
WARNING
Deleting a ruleset permanently removes it. Findings generated by this ruleset remain in the system but the ruleset reference will no longer resolve. This action cannot be undone.
- From the ruleset list, open the action menu for the target ruleset
- Select Delete
- Confirm the deletion in the confirmation dialog
Which Policies Use This Ruleset?
Before deleting or deactivating a ruleset, check which policies reference it. Navigate to the ruleset detail page and review the assigned policies to understand the impact of your change.
Permissions
| Action | Required Permission |
|---|---|
| View rulesets | Any authenticated user |
| Create ruleset | Create Ruleset |
| Edit ruleset | Edit Ruleset |
| Delete ruleset | Delete Ruleset |
| Clone ruleset | Clone Ruleset |
| Activate/Deactivate | Toggle Ruleset |
Related Pages
- Create a Ruleset: Step-by-step creation guide
- Understanding Rulesets: Ruleset concepts and structure
- Understanding Policies: How policies use rulesets