All Rules in Sift share the same CEL-based evaluation engine and structure. However, the way a Rule is created determines how it is managed, who can see it, and how it integrates into your workflow. These two modes are called Internal Rules and External Rules.Documentation Index
Fetch the complete documentation index at: https://docs.siftstack.com/llms.txt
Use this file to discover all available pages before exploring further.
Comparison
When to use Internal Rules
Use Internal Rules for any detection logic that:- Will be reused across multiple Runs.
- Needs to be updated, versioned, or reviewed over time.
- Should be visible and managed by your team in the Sift UI.
- Will be included in a Report Template for standardized reviews.
When to use External Rules
Use External Rules when:- You are running automated evaluations in a CI/CD pipeline and the logic is defined in code.
- The Rule is ad hoc; you need to evaluate a one-time condition without creating a persistent Rule in the UI.
- You are using the EvaluateRules endpoint to generate Annotations programmatically.
API reference
- Create an External Rule: BatchUpdateRules with
isExternal: true - Evaluate Rules and create persistent Annotations: EvaluateRules
- Preview evaluation without saving: EvaluateRulesPreview
Edge cases and limitations
- External Rules cannot be edited after creation. To change the logic, create a new External Rule.
- External Rules are not listed in the Rules tab and cannot be selected when building a Report Template.
- Reports generated from External Rules display the Rule’s logic and any Annotations it generated, but the Rule itself is not accessible for editing or reuse.