# Overview

Rules are the engine behind **Smart Scan** — they define automated scanning workflows that trigger active profiles when passive conditions are detected. Rules follow an IF-THEN pattern that intelligently connects passive reconnaissance with targeted active scanning.

## ❓ What is a Rule?

A rule is a conditional automation that says:

> 🔍 **IF** these passive conditions are detected in the traffic, 🎯 **THEN** execute these active scanning profiles against the matching request.

## 🏗️ Rule Structure

Each rule consists of:

### 1️⃣ Metadata

| Field          | Description                    |
| -------------- | ------------------------------ |
| 📝 Name        | Unique identifier for the rule |
| ✅ Enabled      | Whether the rule is active     |
| 📄 Description | What the rule does             |

### 2️⃣ Match Conditions (IF)

One or more passive profile references that must be satisfied:

* 📨 **Passive Request profiles** — Match against HTTP requests
* 📩 **Passive Response profiles** — Match against HTTP responses
* ⚙️ **Logic operators** — Combine conditions:
  * ✅ **AND** — All conditions must match
  * 🔀 **OR** — At least one condition must match

### 3️⃣ Execute Actions (THEN)

What to do when conditions are met:

* 📝 **Execute specific profiles** — Run named active profiles
* 🏷️ **Execute profiles by tag** — Run all profiles with a specific tag
* 🎯 **Match scope**:
  * 🔄 **All Matches** — Execute for every match of the passive condition
  * 1️⃣ **First Match** — Execute only for the first match (per host/URL)

## 📄 Rule File Format

Rules are stored as JSON files with the `.bbre` extension:

```json
[
  {
    "RuleName": "My_Rule",
    "Enabled": true,
    "Description": "Detect technology X and test for vulnerability Y",
    "Conditions": [
      {
        "type": "passive_response",
        "profile": "Technology_X_Detection",
        "operator": ""
      }
    ],
    "Actions": [
      {
        "type": "profile",
        "value": "CVE-XXXX-YYYY_Technology_X",
        "scope": "All Matches"
      }
    ]
  }
]
```

## ⚙️ How Rules Execute

```
📡 HTTP Traffic
  │
  ├─ Request passes through Burp Suite
  │   ├─ 📨 Passive Request profiles check the request
  │   └─ 📩 Passive Response profiles check the response
  │
  ├─ 📋 Rule engine evaluates conditions
  │   ├─ Condition 1: Does passive profile X match? ✓/✗
  │   ├─ Condition 2: Does passive profile Y match? ✓/✗
  │   └─ ⚙️ Logic evaluation (AND/OR): Pass/Fail
  │
  └─ ✅ If conditions pass → 🎯 Execute active profiles
      ├─ Profile A runs against the matched request
      ├─ Profile B runs against the matched request
      └─ 🐛 Results reported as issues
```

## 🛠️ Managing Rules

### 📥📤 Import/Export

* Rules use the `.bbre` file extension
* Import and export from the Rules tab
* Share rules with team members

### ✅❌ Enable/Disable

Toggle individual rules on/off without deleting them. Disabled rules don't participate in Smart Scan.

### ✏️ Edit

🖱️ Double-click a rule to open the editor dialog (non-modal).

### 📋 Duplicate

Clone a rule with an auto-generated name suffix for creating variations.

## 📦 Default Rules

Burp Bounty Pro ships with 27 pre-configured rules. See [Default Rules](https://docs.bountysecurity.ai/reference/default-rules) for the complete reference.

## 📖 Next Steps

* 📝 [Creating Rules](https://docs.bountysecurity.ai/rules/creating-rules) — Step-by-step guide to creating custom rules
* 📚 [Examples](https://docs.bountysecurity.ai/rules/examples) — Practical rule examples from the default rule set