The Validation Platform uses common terminology throughout the various reporting options. Keep the following terms in mind when reviewing the reports.
Terms | Definition |
|---|---|
Blocked | An Action was processed and blocked by a technology |
Detected | An Action was processed and detected by a technology, but not actually blocked |
Alerted | An Action was processed and a correlative technology identified the behavior and created an Alert |
Prevented | An Action was processed and blocked by a technology |
Missed | An Action was processed but no activity was observed from any instrumentation source |
Pass vs Fail
The Validation Platform is configurable, allowing you to define Pass/Fail rules for running Actions. By default, if an Action is either Blocked or Detected, the Action passed. However, there are three additional configuration options that can be set to determine if an Action passed:
- An Action must be both Blocked and Detected
- An Action must be Detected
- An Action must be Blocked
In addition, the platform can be configured to have specific Pass/Fail rules for specific Validation Platform content VIDs (Actions, Sequences, Evaluations) and Dimensions. When multiple rules are configured, the platform first considers the VID rules, and then the Dimension rule, before using the Default Rule.
As you work to continually improve your security posture, you may decide to change the default rule, or you may decide to add more stringent rules for areas where you have already seen an improvement but want to further strengthen your configuration.
If you are not familiar with the Pass/Fail configuration of your system, the information is available on the Pass/Fail Settings Page. For additional details on Pass/Fail settings, see Understanding Pass/Fail Rules.
Pass vs Fail means something different when you're working with Security Validation monitors. See How Pass/Fail is Determined for Monitors.