Policies
4 min
policies are rules that manage the events added to your tenants and identifiers they control which events appear in your feed, and this directly affects the alerts you receive when a policy filters out an event, that event does not appear in the events feed, and no alert is sent for it after you implement a policy, it can take a few hours for the impact to appear in the events in your tenant there are four types of policies, each addressing different aspects of event and identifier management at the identifier and the tenant level identifier matching policies matching policies for identifiers let you precisely define which events should be included or excluded for feeds, defined at the identifier level they provide advanced customization without relying on query identifiers, which should be reserved for very specific situations learn more docid\ zg1zxobulcijhudrj hkg identifier discovery policies discovery policies give you precise control over automatic subdomain discovery (enumeration) they define rules that determine which identifiers should be automatically created or recommended, and they let you set ignore patterns to exclude specific subdomains from discovery learn more docid 016efxn7tjf eer7lryd7 tenant ignored terms policies ignored terms policies let you reduce irrelevant events across your entire tenant by adding terms you want to filter out unlike identifier matching policies, which apply only to a specific identifier, these policies apply across your whole tenant learn more docid\ dwzgzxapb6rejz4mouy6e tenant duplication policies duplication policies help prevent repeated events for identical market listings, forum posts, chat messages, paste files, and stealer logs by suppressing events for identical items, they reduce noise and redundancy so you can stay focused on new and relevant threats learn more docid\ bpfemrwnyleqfmalmrst9 related articles