Continuous Detection and Response Rules

Continuous Detection and Response (CDR) rules, sometimes referred to as custom rules, allow you to apply your own intelligence and your own knowledge about the messages that come into your organization in order to catch and take action against threats. CDR rules use a search mechanism more detailed and fine grained than with policies (see Policies) and a domain-specific language that you use to define specific message criteria.

CDR rules can find messages based on more criteria than are available on the Cloud Email Protection search page (see Message Search), where you can use search results to create policies. The message criteria you can use are all the items in the Fields list in Domain Specific Language Reference.

CDR rules are local to your organization. When you create a CDR rule, a CDR event based on that rule is created automatically, showing Custom Rule as its source. The CDR event is applied to the entire 60 day set of message data stored by Cloud Email Protection.

As with policies, a single message can match multiple CDR rules, and any enforcement action in CDR rules on a message occur according to a defined priority. See Policies for specifics.

You can create your own fine-grained local rules by creating custom search queries with the domain specific language (DSL). These search queries find and match messages with the characteristics you define with the DSL. See Domain Specific Language Reference for details about the DSL available in Fortra Cloud Email Protection and examples of queries using the DSL.

You enter search queries in the Rule Description field on the Local CDR Rule page in Fortra Cloud Email Protection.