Understanding the difference between protection rule sets and audit rule sets

There are two types of rule sets: audit and protection.

They serve different purposes depending on the rule set to which the security rules belong. In a protection rule set, the rules allow you to block attacks on workstations, detect privilege escalation attempts, and manage access to various applications, networks, devices, etc. In an audit rule set, they allow you to generate logs only to monitor activity in your pool, and if necessary, reconstruct the context of an attack.

The Threats tab in rule sets does not always list the same protections, as this depends on whether you are looking at a protection rule set or audit rule set. For more information, see the section Managing vulnerability exploitation.

Likewise, temporary web access and Wi-Fi card activation can only be managed in a protection rule set.