Policies in Flare are rules that are set up to manage the events that are added to your tenant. They are designed to control what events you see in your tenant. This impacts your alerts, as we will not send alerts for events that have been filtered out of your tenant based on policies.

Once you have implemented a policy it can take a few hours to see the impact on the events in your tenant.

Ignore Terms policies allow you to customize your events using ignore terms to reduce irrelevant events across your whole tenant. These are different from Ignore terms on an identifier, which only apply to that specific identifier and not accross your entire tenant. Simply add unique ignore terms, and Flare will prevent similar events from appearing in your feed in the future, and will filter out existing events containing those terms if you check the box to "Filter out existing events containing these terms".

Each tenant can contain up to 100 ignored terms policy, and each policy can contain up to 50 terms.

Note that if you delete an Ignore Terms policy, you will start to see new events entering your tenant that contain the deleted ignored terms, but we will not repopulate your tenant with past events that contain the ignored terms.

The Flare managed policies help prevent events for identical market listings, forum posts, chat messages, or paste files. In other words, if two or more identical items are detected, Flare won't create repeated events for each one based on the active policy.

These policies help in customizing your preferences based on the content, source, and actor, among other parameters. By preventing events for identical data, they ensure a reduction in noise and redundancy, helping you stay focused on new and pertinent threats or incidents. This helps keep the event volume manageable and avoids alert fatigue.

When enabled, this policy will prevent creating events for a market listing identical to another active listing. Flare considers listings to be identical when their title and contents are precisely the same, in addition to being on the same source and by the same actor. Flare considers a listing to be active if it was available to view in the last 48 hours, as estimated by the Last seen at date. This policy is meant to decrease the number of events caused by dark web actors constantly reposting the same content to gain more visibility.

When enabled, this policy will prevent creating events for a forum post identical to another forum post. Flare considers forum posts to be identical when their title and contents are precisely the same, in addition to being on the same source and by the same actor. This policy is meant to decrease the number of events caused by dark web actors constantly reposting the same content to gain more visibility.

When enabled, this policy will prevent creating events for a chat message identical to another chat message. Flare considers chat messages to be identical when their contents are precisely the same, in addition to being on the same source and by the same actor. This policy is meant to decrease the number of events caused by dark web actors constantly reposting the same content to gain more visibility.

When enabled, this policy will prevent creating events for a paste file identical to another paste file. Flare considers paste files to be identical when their contents are precisely the same, in addition to being on the same source and by the same actor. This policy is meant to decrease the number of events caused by files being shared repeatedly on a single paste site.