Skip to main content
Skyhigh Security

List of Operators

The Rule Builder allows you to create rules for your web policy on the user interface for Secure Web Gateway. A web policy rule includes an operator as one of its elements. 

Here is a web policy rule that uses the overlaps operator.

clipboard_e8612ff1373376e22463758ed8191ed05.png

The following table lists and describes the operators that are available in alphabetical order.

The value of the Value rule element is referred to in this table as comparative value. It is compared with the value of the criteria in the way that is determined by the operator.

For example, in the rule above, the comparative value is a list of items.The list is named Blocked URL Categories. The value of the URL Categories criteria is also a list of items. Both lists are compared to see if they overlap.

Operator Description
contains The value of the criteria is a list of items and the comparative value, which is a single item, is also an item of the criteria list.

Example:

URL Categories contains Online Shopping

A rule with elements configured like this applies if the URL Categories list includes Online Shopping as an item.

The opposite of the contains operator is contains not.
contains not The value of the criteria is a list of items and the comparative value, which is a single item, is not an item of the criteria list.

Example:

URL Categories contains not Online Shopping

A rule with elements configured like this applies if the URL Categories list does not include Online Shopping as an item.

The opposite of the contains not operator is contains.
does not match The value of the criteria does not match the regex term that is the comparative value.

Example:

URL does not match .*.skyhighsecurity.com

A rule with elements configured like this applies, for example, if the value of URL is https://trellix.com.

The opposite of the does not match operator is matches.
 
is The value of the criteria is the same as the comparative value.

Example:

Body Infected is true.

A rule with elements configured like this applies if the value of Body Infected is true.

The opposite of the is operator is is not.
is disjoined The value of the criteria and the comparative value are both lists of items, and no item is included in both lists.

Example:

URL Categories is disjoined Blocked URL Categories

A rule with elements configured like this applies if none of the items in the URL Categories list is included in the Blocked URL Categories list.

The opposite of the is disjoined operator is overlaps.
is in The value of the criteria is a single item, and it is included in the list of items that is the comparative value.

Example: 

User Name is in Global Blocked User Names

A rule with elements configured like this applies if the value of User Name is, for example, John Doe, and this name is an item in the Global Blocked User Names list.

The opposite of the is in operator is is not in.
is not The value of the criteria is not the same as the comparative value.

Example:

Body Infected is not true.

A rule with elements configured like this configured applies if the value of the Body Infected criteria is false.

The opposite of the is not operator is is.
is not in The value of the criteria is a single item, and it is not included in the list of items that is the comparative value.

Example: 

User Name is not in Global Blocked User Names

A rule with elements configured like this applies if the value of User Name is, for example, John Doe, and this name is not an item in the Global Blocked User Names list.

The opposite of the is not in operator is is in.
is not subset The value of the criteria and the comparative value are both lists of items, and at least one of the items in the criteria list is not included in the list of the comparative value.

Example:

URL Categories is not subset URL Categories Exempted from SAML Authentication

A rule with elements configured like this applies if at least one item in the URL Categories list, for example, Entertainment, is not included in the URL Categories Exempted from SAML Authentication list.

The opposite fo the is not subset operator is is subset.
is subset The value of the criteria and the comparative value are both lists of items, and all items of the criteria list are included in the list of the comparative value.

Example:

URL Categories is subset URL Categories Exempted from SAML Authentication

A rule with elements configured like this applies if all items in the URL Categories list are included in the URL Categories Exempted from SAML Authentication list.

The opposite of the is subset operator is is not subset.
matches The value of the criteria matches the regex term that is the comparative value.

Examples:

URL matches .*.skyhighsecurity.com

Url Path matches .*v2.*


Rules with elements configured like this apply, for example, if the value of URL is https://auth.ui.skyhighsecurity,com or if the value of Url Path is /v2/test.

The opposite of the matches operator is does not match.
overlaps The value of the criteria and the comparative value are both lists of items, and at least one item is included in both lists.

Example:

URL Categories overlaps Blocked URL Categories

A rule with elements configured like this applies if at least one of the items in the URL Categories list, for example, Travel, is also included in the Blocked URL Categories list.

The opposite of the overlaps operator is is disjoined.
 
 
  • Was this article helpful?