When AIDR policies evaluate

Access Rules they can now use separate Then and Else actions, special comparison values, prompt content comparison operators, and prompt rule execution. Existing access rule configurations continue to work without changes.

Changes​

Access rules​

• Access rules now support separate Then and Else actions. Previously, you could only define an action for when the rule matched. Now you can also define what happens when the rule doesn't match, giving you separate control over each execution path.
• Added actions for the Then and Else dropdowns:
  • Continue - Proceed to the next rule without flagging this rule as a detection.
  • Report and Continue - Flag this rule as a detection and continue to the next rule.
  • Report and Stop - Flag this rule as a detection and stop policy execution.
  • Block and Stop - Block the request, flag this rule as a detection, and stop policy execution.
  • Ignore and Stop - Allow the request and stop policy execution without logging.
• Added special comparison values for the == and != operators:
  • @null - Check for null or missing attribute values (appears as NULL in AIDR Findings).
  • @empty - Check for empty strings.
• Added prompt content comparison operators for access rule expressions:
  • has - Check whether a specified prompt rule produced a finding.
  • not has - Check whether a specified prompt rule did not produce a finding.
• Added the executes operator to trigger prompt rule execution during access rule evaluation, before the Prompt Rules phase.

Subscriptions​

• AIDR for Workforce
• AIDR for Agents