Source: https://www.zaproxy.org/docs/desktop/addons/passive-scanner/options/rules/

• Add-ons

  • Access Control Testing

    • Access Control Context Options

    • Access Control Status Tab

  • Active Scan Rules

  • Active Scan Rules - Alpha

  • Active Scan Rules - Beta

  • Advanced SQLInjection Add-on

  • AJAX Spider

    • Ajax Spider Automation Framework Support

    • AJAX Spider Context

    • Options AJAX Spider screen

    • AJAX Spider dialog

    • AJAX Spider tab

  • Alert Filters

    • Alert Filter Dialog

    • Alert Filter Automation Framework Support

    • Context Alert Filters

    • Options Global Alert Filters

  • All In One Notes

    • All In One Notes - About

  • AMF Support

  • Authentication Helper

    • Authentication Report - JSON

    • Authentication Request Identification

    • Authentication Tester Dialog

    • Auto-Detect Authentication

    • Auto-Detect Session Management

    • Browser Based Authentication

    • Client Script Authentication

    • Report Templates

    • Header Based Session Management

    • Session Management Identification

    • Verification Request Identification

  • Authentication Statistics

  • Automation Framework

    • Automation Framework - About

    • Automation Framework - authentication

    • Automation Framework - Environment

    • Automation Framework - GUI

    • Automation Framework - addOns Job

    • Automation Framework - activeScan Job

    • Automation Framework - activeScan-config Job

    • Automation Framework - activeScan-policy Job

    • Automation Framework - delay Job

    • Automation Framework - exitStatus Job

    • Automation Framework - passiveScan-config Job

    • Automation Framework - passiveScan-wait Job

    • Automation Framework - requestor Job

    • Automation Framework - spider Job

    • Automation Framework - Options

    • Automation Framework - Alert Job Test

    • Automation Framework - Monitor Job Test

    • Automation Framework - Statistics Job Test

    • Automation Framework - URL Presence Job Tests

    • Automation Framework - Job Tests

  • Bean Shell Console

  • BIRT Reports

  • Browser View

  • Bug Tracker

  • Call Graph

  • Call Home

  • Client Side Integration

    • Client Side Integration - AJAX Spider Enhancement

    • Client Side Integration - Automation Framework Support

    • Client Side Integration - Firefox Profile

    • Client Side Integration - Internals

    • Client Side Integration - Passive Scan Rules

    • Client Side Integration

    • Client Side Integration - Client Spider API

    • Client Side Integration - Client Spider

  • Code Dx

  • Collection: Pentester Pack

  • Collection: Scan Rules Pack

  • Common Library

    • Alert Tags

    • Tabbed Output Panel

  • Community Scripts

  • Custom Payloads

    • Custom Payloads API

    • Options Custom Payloads screen

  • Custom Report

  • Database Add-on

  • Dev Add-On

  • Diff

  • Directory List v1.0

  • Directory List v2.3

  • Directory List v2.3 LC

  • DOM XSS Active Scan Rule

    • DOM XSS Active Scan Rule - About

  • Encode / Decode / Hash dialog

    • Options Encode/Decode screen

  • Eval Villain

  • Export Report

  • Forced Browse

    • Options Forced Browse screen

    • Forced Browse tab

  • Form Handler

  • Fuzz AI Files

    • Fuzz AI Files - Exploit Model Memory

    • Fuzz AI Files - Extract Model Information

    • Fuzz AI Files - Extract Training Data

    • Fuzz AI Files - Test Edge Cases

  • FuzzDB Files

  • FuzzDB Offensive

  • FuzzDB Web Backdoors

  • Fuzzing

    • Fuzzer dialog

    • HTTP Message Processors

    • Fuzz Location Processors dialog

    • Options Fuzz screen

    • Payloads dialog

    • Payload Processors dialog

    • Fuzzer tab

  • Getting Started Guide

  • GraalVM JavaScript

  • GraphQL Support

    • GraphQL Alerts

    • GraphQL Automation Framework Support

    • GraphQL Options

    • GraphQL Support Script

    • GraphQL Variant

  • Groovy Support

    • Groovy Support - About

  • gRPC Support

    • gRPC Variant

    • gRPC WebSocket

  • Highlighter

  • HTTPS Info

  • The HUD

    • Options HUD screen

  • Import/Export

    • Automation Framework Support

    • Sites Tree File Format

  • Import URLs

  • Invoke Applications

    • Options Applications screen

  • JSON View

  • Kotlin Support

  • Linux WebDrivers

  • Log File Importer

  • MacOS WebDrivers

  • Neonmarker

  • Network Add-on

    • Network API

    • Command Line

    • Options

      • Client Certificates

      • Connection

      • Global Exclusions

      • Local Servers/Proxies

      • Rate Limit

      • Server Certificates

  • Out-of-band Application Security Testing Support

    • OAST API

    • OAST Options

    • OAST Services

      • BOAST

        • BOAST Options

      • Callbacks

        • Callback Options

      • Interactsh

        • Interactsh Options

    • OAST Tab

  • Online Menu

  • OpenAPI Support

    • OpenAPI Automation Framework Support

  • Parameter Digger

    • Parameter Digger - About

    • Param Digger dialog

    • Param Digger tab

  • Passive Scan Rules

  • Passive Scan Rules - Alpha

  • Passive Scan Rules - Beta

  • Passive Scanner Add-on

    • Passive Scanner API

    • Passive Scanner Automation Framework Support

    • Passive Scanner Automation Framework - passiveScan-config Job

    • Passive Scanner Automation Framework - passiveScan-wait Job

    • Options

      • Passive Scan Rules

      • Passive Scanner

      • Passive Scan Tags

  • Plug-n-Hack

    • Plug-n-Hack Clients tab

  • Port Scan

    • Options Port Scan screen

    • Port Scan tab

  • Postman Support

    • Postman Automation Framework Support

  • Python Scripting

    • Options Jython screen

  • Quick Start

    • Command Line

    • Options Quick Start Launch screen

    • ZAPit

  • Regular Expression Tester

  • Replacer

    • Replacer Automation Framework Support

  • Report Alert Generator

  • Report Generation

    • Report Generation - About

    • Report Generation API

    • Report Generation Automation Framework Support

    • Creating Reports

    • High Level Report Sample

    • Modern HTML Report with themes and options

    • Risk and Confidence HTML

    • SARIF JSON Report

    • Traditional HTML with Requests and Responses

    • Traditional HTML

    • Traditional JSON Report with Requests and Responses

    • Traditional JSON Report

    • Traditional Markdown Report

    • Traditional PDF

    • Traditional XML Report with Requests and Responses

    • Traditional XML Report

    • Report Templates

  • Requester Add-on

    • Manual Request Editor dialog

    • Requester Options

    • Requester Tab

  • Retest

    • Retest - About

  • Retire.js

  • Reveal

  • Revisit

  • Ruby Scripting

  • SAML Support

  • Save Raw Message

  • Save XML Message

  • Scan Policies

    • API Policy

    • Default Policy

    • Developer CI/CD Policy

    • Developer Full Policy

    • Developer Standard Policy

    • Penetration Tester Policy

    • QA CI/CD Policy

    • QA Full Policy

    • QA Standard Policy

  • Script Console

    • Scripts Automation Framework Support

    • Script Console Tab

    • Script Console Options

    • Script Scan Rules

    • Scripts tree tab

  • Selenium

    • Selenium API

    • Options Selenium screen

  • Sequence Scanner

    • Automation Framework Support

    • Sequence Policy

  • Server-Sent Events

    • Server-Sent Events tab

  • SOAP Support

    • SOAP Alerts

    • SOAP Automation Framework Support

  • Software Risk Manager

  • Spider

    • Spider Automation Framework Support

    • Spider dialog

    • Options Spider screen

    • Spider tab

  • SVN Digger Files

  • Technology Detection

    • Technology Detection API

    • Options Tech Detection screen

  • Tips and Tricks

  • TLS Debug

  • Token Generation and Analysis

    • Options Token Generator Screen

  • TreeTools

  • Value Generator

  • ViewState

  • WebSockets

    • Web Sockets - About

    • WebSocket API

    • WebSocket specific options

    • WebSocket Passive Scan Rules

    • WebSocket Scripts

    • WebSocket specific session properties

    • WebSocket tab

  • Windows WebDrivers

  • Zest

• Releases

  • Release 1.0.0

  • Release 1.1.0

  • Release 1.2.0

  • Release 1.3.0

  • Release 1.3.1

  • Release 1.3.2

  • Release 1.3.3

  • Release 1.3.4

  • Release 1.4.0

  • Release 1.4.1

  • Release 2.0.0

  • Release 2.1.0

  • Release 2.10.0

  • Release 2.11.0

  • Release 2.11.1

  • Release 2.12.0

  • Release 2.13.0

  • Release 2.14.0

  • Release 2.15.0

  • Release 2.16.0

  • Release 2.16.1

  • Release 2.2.0

  • Release 2.2.1

  • Release 2.2.2

  • Release 2.3.0

  • Release 2.3.1

  • Release 2.4.0

  • Release 2.4.1

  • Release 2.4.2

  • Release 2.4.3

  • Release 2.5.0

  • Release 2.6.0

  • Release 2.7.0

  • Release 2.8.0

  • Release 2.9.0

• Getting Started

  • Scanner Rules

  • Features

    • Add-ons

    • Alerts

    • Anti CSRF Handling

    • API

    • Active Scan

    • Authentication

    • Authentication Methods

    • Authentication Verification Strategies

    • Breakpoints

    • Callbacks

    • Contexts

    • Custom Page

    • Data Driven Content

    • Globally Excluded URLs

    • HTTP Sessions

    • Manipulator-in-the-middle Proxy

    • Marketplace

    • Modes

    • Notes

    • Passive Scan

    • Software Bill of Materials

    • Scan Policy

    • Scope

    • Scripts

    • Session Management

    • Sites Tree

    • Spider

    • Statistics

    • Structural Modifiers

    • Structural Parameters

    • Tags

    • Users

  • A Basic Penetration Test

  • Configuring Proxies

• Desktop UI Overview

  • Dialogs

    • Add Alert dialog

    • Add/Edit Breakpoint dialog

    • Add Note dialog

    • Active Scan dialog

    • Encode / Decode / Hash dialog

    • Find dialog

    • History Filter dialog

    • Manual Request Editor dialog

    • Manage Add-ons

    • Manage History Tags dialog

    • Options dialog

      • Options Alerts screen

      • Options Anti CRSF screen

      • Options API screen

      • Options Active Scan screen

      • Options Active Scan Input Vectors screen

      • Options Breakpoints screen

      • Options Callback Address screen

      • Options Client Certificate screen

      • Options Check for Updates screen

      • Options Connection screen

      • Options Database screen

      • Dynamic SSL Certificates

      • Options Extensions screen

      • Options Global Exclude URL screen

      • Options HTTP Sessions screen

      • Options JVM screen

      • Options Keyboard screen

      • Options language screen

      • Options Local Proxies screen

      • Options Passive Scan Tags screen

      • Options Passive Scanner Screen

      • Options Passive Scan Rules Screen

      • Options Rule Configuration screen

      • Options Scripts screen

      • Options Search screen

      • Options Spider screen

      • Options Statistics screen

      • Options Display screen

    • Persist Session dialog

    • Scan Policy Dialog

    • Scan Policy Manager dialog

    • Scan Progress Dialog

    • Session Properties dialog

      • Session Context Authentication screen

      • Session Context Structure screen

      • Session Context screens

    • Spider dialog

  • Footer

  • The Tabs

    • Alerts tab

    • Active Scan tab

    • Break tab

    • Breakpoints tab

    • Callbacks tab

    • History tab

    • HTTP Sessions tab

    • Output tab

    • Params tab

    • Request tab

    • Response tab

    • Search tab

    • Sites tab

    • Spider tab

  • Top Level Menu

    • The Analyse menu

    • The Edit menu

    • The File menu

    • The Help menu

    • The Import menu

    • The Online menu

    • The Report menu

    • The Tools menu

    • The View menu

  • Top Level Toolbar

  • Views

Passive Scan Rules

This screen allows you to configure the passive scan rules.

Threshold

This controls how likely ZAP is to report potential vulnerabilities.

• If you select Off then the scan rule won’t run.
• If you select Low then more potential issues will be raised which may increase the number of false positives.
• If you select High then fewer potential issues will be raised which may mean that some real issues are missed (false negatives).

See also

---

| | | | | --- | --- | --- | | | Passive Scanner | the introduction to Passive Scanner add-on |