The AppSec rules inventory includes both out-of-the-box (OOTB) and custom rules. You can view and manage these rules via the UI or programmatically.
UI workflow
To access Cortex Cloud Application Security rules in the tenant, under Modules select → .
The Cortex Cloud Application Security rules inventory includes both out-of-the-box and custom rules. The following list describes rules fields/properties displayed in the inventory table. By default, rules are displayed according to severity and then alphabetically. Details are provided for properties that require explanation. You can enable or disable rules by checking the box next to the rule name in the table.
Attribute/Property | Description |
|---|---|
Rule Name | The rule name |
Rule Description | A description of the rule |
Severity | The severity level assigned to findings identified by the rule |
Scanner | The type of Application Security scanner configured to detect violations of this rule |
Policies Count | The amount of policies that included the rule in its configuration |
Last modified | The date and time when the rule was most recently updated |
Labels | Labels assigned to the rule |
Framework/Language | The framework or language that the detection rule applies to (for example, GitHub, Terraform, JavaScript) |
Issues Count | The amount of issues generated from findings detected by the rule. Select the value to navigate directly to the dedicated Issues page for the corresponding scan type, Filtered by the issues detected by the rule |
Mapped Cloud Security Rule | The corresponding Cloud Security Posture Management (CSPM) rule ID that is linked to this Application Security rule. This mapping enables unified policy enforcement and ensures consistent security governance from code to cloud |
How to search for Cortex Cloud Application Security rules
Use filters to find specific rules or categories.
To filter rules relating to Secrets, select → → .
To view custom rules only, select Mode from the Select field, not equals as the operator, and Out-of -the-box as the value
Sort rules according to their attributes, such as issue severity, to prioritize remediation efforts
API workflow
Use the List rules and Get rule by ID API operations when you need to conduct programmatic audits of your detection coverage at scale. The API allows you to automatically filter rules by scanner, severity, category, or compliance standard. This is recommended when you need to export rule inventories to generate compliance reporting and audit evidence.
Additionally, you can use the Get AppSec rule labels operation to programmatically fetch all distinct labels currently applied across your inventory, making it easier to audit your organizational tagging strategy.
For information on endpoint details, refer to API documentation for AppSec rules.