Appearance
Policy Processing Order
This document outlines the order in which different rule triggers and policy components are processed in Call Telemetry. Understanding this order is crucial for configuring effective call policies and troubleshooting call routing behavior.
Processing Sequence at a Glance
| Order | Component | Description | If Matched | If Not Matched | License |
|---|---|---|---|---|---|
| 1 | Whitelist | Highest priority override for trusted numbers | Permit Call (End) | Continue to next check | Advanced |
| 2 | Blacklist | Immediate blocking for tagged numbers | Block Call (End) | Continue to next check | Advanced |
| 3 | Block Rules | Pattern-based rules with blocking action | Block Call (End) | Continue to next check | All Levels |
| 4 | TDoS Protection | Short-term protection against aggressive calling patterns | Temporary Block (End) | Continue to next check | Advanced |
| 5 | Global Block List | Centralized block list shared across policies | Block Call (End) | Continue to next check | All Levels |
| 6 | Watch Lists | Long-term monitoring of suspicious behavior | Block Call if configured (End) | Continue to next check | Advanced |
| 7 | Permit Rules | Pattern-based rules with permit action | Permit Call (End) | Default: Permit Call | All Levels |
Detailed Component Descriptions
Whitelist Advanced License Feature
- Ensures the caller is not blocked during any subsequent checks
- Overrides all other blocking mechanisms (TDoS, Watch List, Global Block, or Reputation inspections)
- Still allows Call Apps to run, but an App cannot request a block.
- Useful for ensuring critical callers are never blocked by automated systems, or reducing reputation lookups for key business callers.
- Implementation: Configure through the Policy settings page or by adding numbers with specific tags
- Best Practice: Use for key business partners or and numbers that should never be blocked regardless of call patterns
Blacklist Advanced License Feature
- Blocks all calls with the associated Tag immediately without further processing
- Similar to Global Block list, but with Tags to organize numbers.
- Can be used to categorize and manage different types of unwanted callers
- Implementation: Configure through the Policy settings page or by adding numbers with specific tags
- Best Practice: Use tags to categorize blocked numbers for better reporting and management
Block Rules Available at All License Levels
- Rules with a blocking action that reject matching calls
- Processed in numberical order
- Can include additional actions like alerts, apps, or call modifiers
- Implementation: Create rules with Block action and appropriate pattern matching in the Policy editor
- Best Practice: Alternative to Global Block List for specific patterns; use to block known spam or unwanted calls.
TDoS Protection Advanced License Feature
- Mitigates Telecommunications Denial of Service attacks
- Designed to mitigate active attacks without requiring manual intervention
- Operates on short-term timeframes with configurable thresholds (e.g., 50 calls within 30 seconds)
- TDoS violations are stored but not added to watch lists or the global block list.
- Includes email notifications when triggered to alert administrators
- Implementation: Configure call thresholds, time windows, and block expiration times in Policy Settings.
- Best Practice: Configure thresholds based on your normal call volume patterns; set block expiration times appropriate to your threat model.
Global Block List Available at All License Levels
- Centralized management of blocked calls for an organization
- Shared among multiple policies for consistent blocking across the organization
- Community license is limited to 100 globally blocked numbers; Essentials and higher have unlimited
- Supports auto-expiration for temporary blocks (Essentials and higher licenses)
- Can be populated manually, via CSV import, or through user submissions (MCID, XML service, Jabber)
- Implementation: Manage through the Global Block List Management page; enable enforcement in each policy
- Best Practice: Set expiration dates for temporary blocks; use descriptions to document why numbers were blocked
Watch Lists Advanced License Feature
- Monitor suspicious call activity over time based on configurable thresholds
- Administrators can review, comment on entries, whitelist or block them based on findings
- Operates on longer timeframes (minutes/hours) compared to TDoS protection (< 1 minute )
- Can be configured to automatically block numbers that trigger a watch list
- Includes email alerts when thresholds are crossed
- Implementation: Create Watch Lists and configure Triggers with specific thresholds and time intervals
- Best Practice: Use for pattern analysis before taking permanent blocking actions; set appropriate thresholds based on normal call patterns for your organization
Permit Rules Available at All License Levels
- Rules with a permit action that allow matching calls
- Processed in numberical order
- Can include additional actions like alerts, apps, or call modifiers
- Can be used to modify caller ID information or trigger integrations
- Implementation: Create rules with Permit action and appropriate pattern matching in the Policy Settings
- Best Practice: Use to call apps to lookup reputation. Can be used for call routing, analytics, and integration with other systems
Important Considerations
- The first matching component in the sequence determines the call policy decision.
- Numerical order rules take precedence within each rule type
- Apps associated with rules can modify the default action (permit/block)