ExM Blog Excel Micro Videos Proofpoint Videos Mimecast Videos VIPRE Videos Billing/Invoice Sign in
Start a conversation
  1. Excel Micro
  2. VIPRE™ Email Security
  3. VIPRE Integrated Email Security (IES)

VIPRE (IES): Creating New Action Rules Step 2.1

Written By Marissa Fegan (Super Administrator)

Updated at July 9th, 2025


If the default action rule does not meet your needs, you can disable or delete it and configure a new one. 

To create your own customized action rule, navigate to Settings > Action Rules and follow the steps below:

  1. Click Add Action Rule in the top right corner of the screen
    1. Name: Give your action rule a descriptive name so you can easily identify it
      • This name is used to identify the action rule in the Message Logs screen
    2. Description:  (Optional) Add more details about the action rule's purpose
    3. Rule: Define the conditions for your action rule here, using the autocomplete feature; click Validate to confirm that your rule is set up correctly
      1. See How to Build a Rule Expression below for additional guidance
    4. Actions > Select an action: Choose the actions to be taken when the rule conditions are met (e.g., quarantine the email, send a notification, etc.)
    5. Check whether or not you want the action rule to stop checking any other configured action rules when the conditions of this one match
    6. Check whether or not you want to enable this action rule
  2. Click Save

 

Tips for Creating Effective Action Rules

Things to keep in mind when creating an action rule:

  • Action Rule Order
    • All action rules are executed in the order in which they appear
    • After you create your rules, make sure to verify that they are in the appropriate order
  • Rule Expression Editor
    • The rule expression editor uses a free-form text field that utilizes autocomplete
      • Click See Documentation to find examples and rule templates that can be inserted directly into the rule editor
    • Click the Validate button to verify that your rule is correctly formatted
  • Actions
    • There can be more than one action for a policy
    • After adding the desired actions, click the check mark to add it to the policy

How to Build a Rule Expression

Rule Expressions are like instructions that tell VIPRE Integrated Email Security what to look for when analyzing your emails. We create these instructions using the following way to write conditions:

Basic Examples

  • Checking for suspicious emails: analysis.verdict == "SUSPICIOUS"
    • This rule checks if our system has flagged the email as suspicious
  • Checking for emails with high severity: analysis.severity == "HIGH"
    • This rule checks if the email has been flagged as high severity

Building Blocks

Here are some of the "Rule Expression building blocks" you can use:

  • analysis.severity: This allows you to check for the severity of the email.
    • Values include: CRITICAL, HIGH, MEDIUM, LOW, INFO
  • analysis.verdict: This allows you to check for the verdict of the email.
    • Values include: MALICIOUS, SUSPICIOUS, WHITELISTED, CLEAN
  • analysis.detections: This allows you to check what the scan engines found.
    • analysis.detections.severity: Values include: CRITICAL, HIGH, MEDIUM, LOW, INFO
    • analysis.detections.verdict: Values include: MALICIOUS, SUSPICIOUS, WHITELISTED, CLEAN
    • analysis.detections.engine: Values include: VIPRE AV, VIPRE AntiSpam, VIPRE URL Scan, BEC, etc.
  • source_context.mode:This allows you to check for messages based on email source mode
    • Values include: MONITORING, INLINE
  • source_context.type: This allows you to check for messages based on email source type
    • Values include: O365, IMAP

The autocomplete feature within the VIPRE IES rule expression editor will help you build these rule expressions, and the Validate button will verify that the syntax of your rule expression is correct.

Checking for Multiple Conditions within an Email’s Analysis

Sometimes you need to check for more than one thing. For example, to check if an email is suspicious and was flagged by the "BEC" engine, you can use:

analysis.verdict == "SUSPICIOUS" and any(analysis.detections, {.engine == "BEC"})

  • any(): This part of the rule checks if at least one of the scan engines found something
    • In the example above, it's checking if the "BEC" engine has detected something

Back to Complete Setup: I have successfully created new action rules for my organization.

Contact Support: I need help with the VIPRE IES Action Rule Editor.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Carlos Rios

  2. Posted
  3. Updated

Comments