# Overview Rules are the engine behind **Smart Scan** — they define automated scanning workflows that trigger active profiles when passive conditions are detected. Rules follow an IF-THEN pattern that intelligently connects passive reconnaissance with targeted active scanning. ## ❓ What is a Rule? A rule is a conditional automation that says: > 🔍 **IF** these passive conditions are detected in the traffic, 🎯 **THEN** execute these active scanning profiles against the matching request. ## 🏗️ Rule Structure Each rule consists of: ### 1️⃣ Metadata | Field | Description | | -------------- | ------------------------------ | | 📝 Name | Unique identifier for the rule | | ✅ Enabled | Whether the rule is active | | 📄 Description | What the rule does | ### 2️⃣ Match Conditions (IF) One or more passive profile references that must be satisfied: * 📨 **Passive Request profiles** — Match against HTTP requests * 📩 **Passive Response profiles** — Match against HTTP responses * ⚙️ **Logic operators** — Combine conditions: * ✅ **AND** — All conditions must match * 🔀 **OR** — At least one condition must match ### 3️⃣ Execute Actions (THEN) What to do when conditions are met: * 📝 **Execute specific profiles** — Run named active profiles * 🏷️ **Execute profiles by tag** — Run all profiles with a specific tag * 🎯 **Match scope**: * 🔄 **All Matches** — Execute for every match of the passive condition * 1️⃣ **First Match** — Execute only for the first match (per host/URL) ## 📄 Rule File Format Rules are stored as JSON files with the `.bbre` extension: ```json [ { "RuleName": "My_Rule", "Enabled": true, "Description": "Detect technology X and test for vulnerability Y", "Conditions": [ { "type": "passive_response", "profile": "Technology_X_Detection", "operator": "" } ], "Actions": [ { "type": "profile", "value": "CVE-XXXX-YYYY_Technology_X", "scope": "All Matches" } ] } ] ``` ## ⚙️ How Rules Execute ``` 📡 HTTP Traffic │ ├─ Request passes through Burp Suite │ ├─ 📨 Passive Request profiles check the request │ └─ 📩 Passive Response profiles check the response │ ├─ 📋 Rule engine evaluates conditions │ ├─ Condition 1: Does passive profile X match? ✓/✗ │ ├─ Condition 2: Does passive profile Y match? ✓/✗ │ └─ ⚙️ Logic evaluation (AND/OR): Pass/Fail │ └─ ✅ If conditions pass → 🎯 Execute active profiles ├─ Profile A runs against the matched request ├─ Profile B runs against the matched request └─ 🐛 Results reported as issues ``` ## 🛠️ Managing Rules ### 📥📤 Import/Export * Rules use the `.bbre` file extension * Import and export from the Rules tab * Share rules with team members ### ✅❌ Enable/Disable Toggle individual rules on/off without deleting them. Disabled rules don't participate in Smart Scan. ### ✏️ Edit 🖱️ Double-click a rule to open the editor dialog (non-modal). ### 📋 Duplicate Clone a rule with an auto-generated name suffix for creating variations. ## 📦 Default Rules Burp Bounty Pro ships with 27 pre-configured rules. See [Default Rules](/reference/default-rules.md) for the complete reference. ## 📖 Next Steps * 📝 [Creating Rules](/rules/creating-rules.md) — Step-by-step guide to creating custom rules * 📚 [Examples](/rules/examples.md) — Practical rule examples from the default rule set --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bountysecurity.ai/rules/overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.