The Workflow rule page is found under Policy > Workflow rules after successful login.
The rules represent different processing profiles.
The following actions are available:
new rules can be added
existing rules can be viewed
existing rules can be modified
existing rules can be deleted
Rules combine workflow templates and security zones and describe which workflows are available in a specified security zone. Multiple rules can be added for the same security zone.
Once clicking on a rule, a window pops up where beside the rule properties all the chosen rule's options are shown on the different tabs.
Modifying workflow rules
On this page it is possible to enable local file scanning by checking the ALLOW SCAN FILES ON SERVER checkbox.
By enabling this feature, a local scan node is able to scan the files at their original place if the files' location is allowed in the list below the checkbox. For example if this list has C:\data in it, then all files under that folder (e.g.: C:\data\not_scanned\JPG_213134.jpg) are allowed to be scanned locally if it is choosen. For UNC file paths you have to check the permissions because if the service does not have the correct rights it cannot access network folders or network shared files. For testing this local scan feature, please note:
Need to use "filepath" header while submitting a file via REST, see more at Process a file
Core's w eb scan (localhost:8008) is not applicable tool to test because it does not allow you to customize the scan request's header
Various accessibility options can be set on this page. You can define one of three visibility levels for the scan results for each role in the VISIBILITY OF SCAN RESULT field:
Full details: all information for a scan is displayed
Per engine result: Scan details are displayed except per engine scan time and definition date.
Overall result only: Only the overall verdict is displayed.
There are also two special roles - Every authenticated refers to any logged in user, while Everybody refers to any user. Without belonging to any role specified within the rule, the user has no access to view the scan results. The usage of the rule to given roles can also be restricted with the RESTRICT ACCESS TO FOLLOWING ROLES field.
Clicking on a tab it is possible to overwrite a property that was previously defined inside the workflow template.
An option if changed will only overwrite the specific property for the underlying rule and makes no modification on the original workflow template that was choosen by the rule.
This means that several rules can be created using the same workflow template overwriting different options while the untouched properties will remain as they were set in the workflow template.
Rules are processed in order, the first matching rule will be used for the request. You can change order of rules via drag&drop in the Web Management Console. If there is no rule that matches for the client (source IP address), then the scan request will be denied.