Step 1 (Required): The name of the rule is specified. The Comments field is optional.

Step 2 (Required): You specify the passive profile(s) you want to be detected before launching the attacks.

• Enabled: Here you can enable or disable the profile in the rule.

• Operator: You can choose between “And” or “Or” logical operator.

• Profile type: You can choose between “Passive Request” and “Passive Response” profiles type.

• Profile Name: You can choose the passive profile that you want to be detected before launching the attacks.

Step 5 (Required): You specify the active profile(s) that you want to be launched against the domain that has generated the passive alerts.

In “Type” column you can choose whether you want a profile to be launched or all the profiles that contain a Tag.

At the “Scope” columns you can specify if you want that the profile to be launched in all the detections, or only once per domain.