/

Workflow

Define automatic actions when threats are detected. Create IF/THEN rules that respond to each type of threat with logging, blocking, notifications, or custom workflows. Changes apply in real-time.

Configuration Priority

Workflow rules configured in the Cloud Panel override both monitor.config.json and code-based configuration. See Configuration Priority for details.

Workflow Rules

The Workflow tab lists all active automation rules for your project, with three buttons in the top right:

  • + Add Rule: Create a new automation rule
  • Export config: Download all rules as a JSON file
  • Advanced Config: Open the advanced configuration panel

Cloud / Web / API projects:

ByteHide Monitor Workflow rules for cloud projects showing IF/THEN configuration with Log, Block, Block session, and Block IP actionsClick to expand

On-Premise / Desktop / Mobile projects:

ByteHide Monitor Workflow rules for on-premise projects showing IF/THEN configuration with Log, Close, and Erase actionsClick to expand

Creating a Rule

Each rule follows an IF/THEN pattern:

  1. Click + Add Rule
  2. IF: Select the protection module (SQL Injection, Debugger Detection, Command Injection, etc.)
  3. THEN: Check the actions to execute when this threat is detected

Available actions depend on your project type:

ActionOn-PremiseCloud
Log incidentYesYes
Close appYesNo
Erase app dataYesNo
Block requestNoYes
Block sessionNoYes
Block IPNoYes

You can select multiple actions per rule. For example, a SQL Injection rule can Log the incident, Block the request, and Block the IP simultaneously.

Deleting a Rule

Click the trash icon on any rule to remove it. The change applies immediately.

Notifications

Each rule can trigger notifications to alert your team in real-time.

Slack

  1. Check the Slack checkbox on the rule
  2. Click Link Slack with ByteHide to connect your workspace
  3. Select the channel to receive alerts

Webhook

  1. Check the Webhook checkbox on the rule
  2. Select a webhook from the dropdown (or create one)
  3. Monitor sends a POST request with the full incident data to your endpoint

Use webhooks to integrate with:

  • SIEM systems (Splunk, ELK, Datadog)
  • Ticketing (Jira, ServiceNow, PagerDuty)
  • Custom alerting pipelines

Export Configuration

Click Export config to download your current workflow rules as a JSON file. This is useful for:

  • Version-controlling your security configuration
  • Copying rules between projects
  • Using as a base for JSON Configuration in offline environments

Advanced Configuration

Click Advanced Config to open the advanced settings panel. These settings control Monitor's operational behavior beyond individual threat rules.

ByteHide Monitor advanced configuration panel with logging levels, anomaly detection, rate limiting, and debug mode settingsClick to expand

See Advanced Configuration for the full reference of all settings.

Next Steps

Actions Reference

All available actions for Workflow rules

Advanced Configuration

Logging, anomaly detection, rate limiting, and debug mode

Cloud Configuration

How cloud configuration syncs and overrides other sources

Previous
Devices & Sessions
Next
Actions