Custom Rulesets allow organizations to create tailored data collections for purposes such as blocking, whitelisting, restricting access, or receiving notifications based on user-defined keywords or phrases. To activate Custom Rulesets, a Logging Policy must be applied to a Site/Group. This enables organizations to incorporate their own keystroke patterns and/or URL detection rules.
1. Go to the Admin Area for Custom Rulesets - Click here
2. Here, you can edit existing rulesets or create new ones. In this example, we will create a new ruleset, so click '+Create'.
3. Enter a title for your ruleset and choose either keystroke or web rules, depending on the type of rule you want to create. This knowledge base article will cover both options.
4. Keystroke Rules -
We can create a new Keystroke rule or, import from a CSV template. In this example we are going to add a simple keystroke rule, so we would select + Add Keystroke Rule. 
This will open a new window
Display Text - How the entry will appear in the Ruleset
Pattern Match Condition -
Alone: The detected keystroke will trigger independent of any other rules.
Another Keystroke Rule in the Same Ruleset: The detected keystroke will only trigger if another keystroke rule within the same ruleset is also detected.
Another Keystroke Rule with the same Tag in any Ruleset: The detected keystroke will only trigger if another keystroke rule with the same tag, in any ruleset is also detected.
Another Keystroke Rule in any Ruleset: The detected keystroke will only trigger if another keystroke rule within any ruleset is also detected
Pattern Options -
Contains: The detected keystrokes contain the pattern.
Example: If we were to add the pattern ‘bomb’ This would trigger in the following sentences: “Should we bomb this place?”, “I was bombarded”, “Did you try the bathbomb?”
Exact: The detected keystrokes match the exact pattern within a boundary, meaning any characters contained within non alphanumeric (0-9, A-Z) characters.
Example: If we were to add the pattern ‘bomb’ This would trigger in the following sentence: “I am going to make a bomb” But would not trigger in the following sentence: “You have to try this bathbomb!”
Regex: The detected keystroke forms a pattern that consists of a combination of characters, special symbols, and meta-characters, which define a set of rules for pattern matching
We will configure an exact keyword detection for Senso.Cloud, so it should be populated as follows:
Next, let's configure how the word will be processed. In the below example, we will capture a single screenshot at the time of detection and classify it as low severity.
Detection Action - Capture / Ignore - Allows us to either capture the keyword, or whitelist
Capture Action - Toggles whether a screenshot is taken when the keyword is detected.
Post Capture Action - Take a further screenshot a specified number of seconds after the keyword is detected.
Severity - Configures the Severity level of the word
| Low | 0-20 |
| Medium | 21-40 |
| High | 41-50 |
| Urgent | 61-80 |
| Critical | 81-100 |
Finally, click 'Add' to include this word in your new ruleset
5. Web Rules
We can create a new Website rule or, import from a CSV template. In this example we are going to add a simple URL block rule, so we would select + Add Web Rule.
This will open a new window
Pattern Options -
Contains: The detected URL contains the pattern.
Example: If we were to add the pattern ‘YouTube’ This would trigger for the following URLs: “https://www.youtube.com”, "https://www.en.wikipedia.org/wiki/YouTube"
Exact: The detected URL matches the exact pattern within a boundary, meaning any characters contained within non alphanumeric (0-9, A-Z) characters.
Example: If we were to add the pattern "https://www.youtube.com/watch?v=uOA3lAnTuE8" This would only trigger when visiting the exact URL.
Regex: The detected URL forms a pattern that consists of a combination of characters, special symbols, and meta-characters, which define a set of rules for pattern matching.
In this example we are applying a block to www.senso.cloud so would select exact as we wish to only block this URL
Detection Action -
Configure whether the rule is set to Block or Allow. A Block rule will prevent access to the URL, while an Allow rule will grant access, even bypassing any existing web filter restrictions.
Severity - Configures the Severity level of the block
| Low | 0-20 |
| Medium | 21-40 |
| High | 41-50 |
| Urgent | 61-80 |
| Critical | 81-100 |
Finally, click 'Add' to include this URL in your new ruleset
Now that we have configured keyword detection and a URL block, the final step is to select the sites where these settings will be visible. Once selected, click 'Create.' Please note that this does not activate the rules; it only allows sites to view the ruleset.
6. Enabling the ruleset
Locate your logging policy - Click Here
Select Edit on the policy where you want to apply the ruleset, or create a new policy if one is not already configured. To configure a new policy click here
Navigate to Custom rulesets within your policy and toggle the new ruleset to be enabled
Finally , click save on the bottom on the policy window. You have now configured a custom keyword detection and URL block which will be applied to any devices within scope of the policy.