Skip to main content

System Policies Reference

AxonFlow ships with 63 system policies (53 static + 10 dynamic) that provide comprehensive security and compliance coverage out-of-the-box.

Overview

CategoryTypeCountSeverity Range
Security - SQL InjectionStatic37Critical - Medium
Security - Admin AccessStatic4High - Medium
PII - GlobalStatic7Critical - Low
PII - United StatesStatic2Critical
PII - European UnionStatic1Critical
PII - IndiaStatic2Critical
Dynamic - RiskDynamic2-
Dynamic - ComplianceDynamic3-
Dynamic - SecurityDynamic2-
Dynamic - CostDynamic2-
Dynamic - AccessDynamic1-

Static Policies

Security - SQL Injection (security-sqli)

37 patterns covering all major SQL injection techniques.

UNION-Based Injection (2 patterns)

IDNameSeverityAction
sys_sqli_union_selectUNION SELECT DetectionCriticalBlock
sys_sqli_union_injectionUNION Injection After TerminationCriticalBlock

Boolean-Based Blind Injection (3 patterns)

IDNameSeverityAction
sys_sqli_or_trueOR True ConditionHighBlock
sys_sqli_or_stringOR String ConditionHighBlock
sys_sqli_and_falseAND False ConditionHighBlock

Time-Based Blind Injection (4 patterns)

IDNameSeverityAction
sys_sqli_sleepMySQL SLEEP FunctionCriticalBlock
sys_sqli_waitforSQL Server WAITFOR DELAYCriticalBlock
sys_sqli_pg_sleepPostgreSQL pg_sleepCriticalBlock
sys_sqli_benchmarkMySQL BENCHMARK FunctionCriticalBlock

Error-Based Injection (3 patterns)

IDNameSeverityAction
sys_sqli_extractvalueEXTRACTVALUE FunctionHighBlock
sys_sqli_updatexmlUPDATEXML FunctionHighBlock
sys_sqli_convert_intCONVERT INT InjectionHighBlock

Stacked Queries (5 patterns)

IDNameSeverityAction
sys_sqli_stacked_dropStacked DROP StatementCriticalBlock
sys_sqli_stacked_deleteStacked DELETE StatementCriticalBlock
sys_sqli_stacked_updateStacked UPDATE StatementCriticalBlock
sys_sqli_stacked_insertStacked INSERT StatementCriticalBlock
sys_sqli_stacked_execStacked EXEC StatementCriticalBlock

Comment-Based Injection (3 patterns)

IDNameSeverityAction
sys_sqli_inline_commentInline Comment InjectionHighBlock
sys_sqli_line_comment_mysqlMySQL Line Comment InjectionHighBlock
sys_sqli_line_comment_dashDouble-Dash Comment InjectionHighBlock

Generic Patterns (9 patterns)

IDNameSeverityAction
sys_sqli_select_fromSELECT FROM After TerminationCriticalBlock
sys_sqli_admin_bypassAuthentication BypassCriticalBlock
sys_sqli_hex_encodingHex-Encoded PayloadMediumBlock
sys_sqli_char_functionCHAR Function ObfuscationHighBlock
sys_sqli_concat_selectCONCAT with Embedded SELECTHighBlock
sys_sqli_information_schemaINFORMATION_SCHEMA AccessHighBlock
sys_sqli_sys_tablesSystem Tables AccessHighBlock
sys_sqli_load_fileLOAD_FILE FunctionCriticalBlock
sys_sqli_into_outfileINTO OUTFILE/DUMPFILECriticalBlock

Dangerous Query Patterns (8 patterns)

IDNameSeverityAction
sys_sqli_drop_tableDROP TABLE StatementCriticalBlock
sys_sqli_drop_databaseDROP DATABASE StatementCriticalBlock
sys_sqli_truncateTRUNCATE TABLE StatementCriticalBlock
sys_sqli_alter_tableALTER TABLE StatementHighBlock
sys_sqli_delete_no_whereDELETE Without WHERECriticalBlock
sys_sqli_create_userCREATE USER StatementCriticalBlock
sys_sqli_grantGRANT Privileges StatementCriticalBlock
sys_sqli_revokeREVOKE Privileges StatementCriticalBlock

Security - Admin Access (security-admin)

IDNameSeverityActionDescription
sys_admin_users_tableUsers Table AccessHighBlockAccess to users table
sys_admin_audit_logAudit Log AccessHighBlockAccess to audit logs
sys_admin_config_tableConfiguration Table AccessHighBlockSystem config access
sys_admin_info_schemaInformation Schema AccessMediumBlockSystem schema access

PII - Global (pii-global)

Universal patterns applicable in all regions.

IDNameSeverityActionDescription
sys_pii_credit_cardCredit Card NumberCriticalBlockVisa, MC, Amex, Discover
sys_pii_emailEmail AddressMediumLogStandard email format
sys_pii_phonePhone NumberMediumLogInternational formats
sys_pii_ip_addressIP AddressMediumLogIPv4 addresses
sys_pii_passportPassport NumberHighBlockGeneric passport format
sys_pii_dobDate of BirthHighLogCommon date formats
sys_pii_booking_refBooking ReferenceLowLog6-char alphanumeric

PII - United States (pii-us)

IDNameSeverityActionDescription
sys_pii_ssnSocial Security NumberCriticalBlockXXX-XX-XXXX format
sys_pii_bank_accountBank Account NumberCriticalBlockRouting + account number

PII - European Union (pii-eu)

IDNameSeverityActionDescription
sys_pii_ibanIBANCriticalBlockInternational Bank Account Number

PII - India (pii-india)

IDNameSeverityActionDescription
sys_pii_panPAN (Permanent Account Number)CriticalBlock10-char with entity type validation
sys_pii_aadhaarAadhaar NumberCriticalBlock12-digit UID (DPDP Act 2023)

Dynamic Policies

Dynamic policies use context-aware conditions evaluated by the Orchestrator.

Dynamic - Risk (dynamic-risk)

IDNameDescription
sys_dyn_high_risk_blockBlock High-Risk QueriesBlocks queries with risk_score > 0.8
sys_dyn_anomalous_accessAnomalous Access DetectionAlerts on unusual access patterns

Dynamic - Compliance (dynamic-compliance)

IDNameDescription
sys_dyn_hipaaHIPAA ComplianceRedacts PHI for healthcare data
sys_dyn_gdprGDPR ComplianceEnforces EU data protection
sys_dyn_financialFinancial Data ProtectionPCI-DSS compliant handling

Dynamic - Security (dynamic-security)

IDNameDescription
sys_dyn_tenant_isolationTenant IsolationPrevents cross-tenant data access
sys_dyn_debug_restrictDebug Mode RestrictionBlocks debug in production

Dynamic - Cost (dynamic-cost)

IDNameDescription
sys_dyn_expensive_queryExpensive Query LimitAlerts on high-cost queries
sys_dyn_llm_costLLM Cost OptimizationTracks LLM usage limits

Dynamic - Access (dynamic-access)

IDNameDescription
sys_dyn_sensitive_dataSensitive Data ControlRedacts salary, SSN, medical records

Querying System Policies

List All System Policies

const policies = await client.listStaticPolicies({
  tier: 'system'
});

console.log(`Total system policies: ${policies.length}`);

Filter by Category

// Get all SQL injection policies
const sqli = await client.listStaticPolicies({
  tier: 'system',
  category: 'security-sqli'
});

// Get all PII policies
const pii = await client.listStaticPolicies({
  tier: 'system',
  category: 'pii-global'
});

REST API

# All system policies
curl "http://localhost:8080/api/v1/static-policies?tier=system"

# Filtered by category
curl "http://localhost:8080/api/v1/static-policies?tier=system&category=security-sqli"

Customizing System Policies (Enterprise)

Enterprise Feature

Policy overrides require an Enterprise license.

You cannot modify system policy patterns, but you can:

  1. Disable a policy for your organization
  2. Change the action (only to more restrictive or disable)
  3. Set an expiration for temporary overrides

Example: Disable Email Detection

await client.createPolicyOverride({
  policyId: 'sys_pii_email',
  enabledOverride: false,
  overrideReason: 'Internal tool - no customer email exposure',
});

Example: Escalate to Block

await client.createPolicyOverride({
  policyId: 'sys_pii_dob',
  actionOverride: 'block',  // Was 'log'
  overrideReason: 'HIPAA requirement - block all DOB exposure',
});