Policies

what are policies? policies in flare are rules that are set up to manage the events that are added to your tenant they are designed to control what events you see in your tenant this impacts your alerts, as we will not send alerts for events that have been filtered out of your tenant based on policies once you have implemented a policy it can take a few hours to see the impact on the events in your tenant custom policies ignore terms policies ignore terms policies allow you to customize your events using ignore terms to reduce irrelevant events across your whole tenant these are different from ignore terms on an identifier , which only apply to that specific identifier and not accross your entire tenant simply add unique ignore terms, and flare will prevent similar events from appearing in your feed in the future, and will filter out existing events containing those terms if you check the box to "filter out existing events containing these terms" each tenant can contain up to 100 ignored terms policy, and each policy can contain up to 50 terms note that if you delete an ignore terms policy, you will start to see new events entering your tenant that contain the deleted ignored terms, but we will not repopulate your tenant with past events that contain the ignored terms flare managed policies the flare managed policies help prevent events for identical market listings, forum posts, chat messages, or paste files in other words, if two or more identical items are detected, flare won't create repeated events for each one based on the active policy these policies help in customizing your preferences based on the content, source, and actor, among other parameters by preventing events for identical data, they ensure a reduction in noise and redundancy, helping you stay focused on new and pertinent threats or incidents this helps keep the event volume manageable and avoids alert fatigue prevent events for identical active market listing when enabled, this policy will prevent creating events for a market listing identical to another active listing flare considers listings to be identical when their title and contents are precisely the same, in addition to being on the same source and by the same actor flare considers a listing to be active if it was available to view in the last 48 hours, as estimated by the last seen at date this policy is meant to decrease the number of events caused by dark web actors constantly reposting the same content to gain more visibility prevent events for identical forum posts when enabled, this policy will prevent creating events for a forum post identical to another forum post flare considers forum posts to be identical when their title and contents are precisely the same, in addition to being on the same source and by the same actor this policy is meant to decrease the number of events caused by dark web actors constantly reposting the same content to gain more visibility prevent events for identical chats when enabled, this policy will prevent creating events for a chat message identical to another chat message flare considers chat messages to be identical when their contents are precisely the same, in addition to being on the same source and by the same actor this policy is meant to decrease the number of events caused by dark web actors constantly reposting the same content to gain more visibility prevent events for identical pastes when enabled, this policy will prevent creating events for a paste file identical to another paste file flare considers paste files to be identical when their contents are precisely the same, in addition to being on the same source and by the same actor this policy is meant to decrease the number of events caused by files being shared repeatedly on a single paste site discovery policies discovery policies allow for precise control over automatic subdomain discovery (enumeration) these policies define rules that determine which identifiers should be automatically created or recommended to enable this feature, please contact your customer success manager ignoring specific patterns in discovery policies you can define ignore patterns in discovery policies to exclude specific subdomains from automatic discovery here’s how → ignores all discovered subdomains domain com → ignores all discovered subdomains under a specific domain (e g , test domain com, dev domain com) api → ignores the api subdomain across all domains (e g , api domain1 com, api domain2 com) these rules help fine tune subdomain discovery by excluding unnecessary or irrelevant identifiers note creating new policies does not impact previously discovered subdomains related articles