Understanding Filters

Filters help you generate the most relevant alerts. They allow you to limit alerts to only specific sets of objects, like entities (users or businesses), transactions, account numbers, addresses, countries, etc.

Filters are available in the Scenario Model Builder. A funnel icon will appear that allows agents granular control of the model logic:

5121 5121 5121

Filters offer granular control over fields

The following list outlines some of the configurable filters:

Filter nameDescription
businessBusiness entity information such as tax ID, name or registered location
entityHigh level entity information such as status, tags, or type
userUser entity information such as ssn, gender, name, or DOB
ip addressIP address first or last seen by entity
client fingerprintFingerprint first or last seen by entity
addressFull address of an entity/event
geolocationLast known IP address of an entity/event

Filters match for text and compare numbers

Put simply, filter expressions just check whether a value matches or doesn't match a different value.

In formal terms, these are called [boolean expressions (https://en.wikipedia.org/wiki/Boolean_expression).

ExpressionFilter in practice
business/name == AcmeOnly business named Acme
business/name != AcmeOnly business NOT named Acme
txn_amount > 10000Only transactions greater than ten thousand
txn_amount < 10000Only transactions less than ten thousand
entity/registered_at BETWEEN 01.01.2020 and 01.02.2020Only entities that registered between these days
entity/address is emptyOnly entities without addresses
entity/address is not emptyOnly entities with addresses
last_name like %Smith%Only entities with names similar to Smith


Use % when using the "Like" filter

When using Like or Not Like, be sure enclose % around the value. E.g, search for similarity with "ABC" using this %ABC% (see the following section for an example of a search)

Filters can be combined

You can also combine filters by using logical operators, like AND and NOT.


In this example we filters for entities:

  1. who have a region:florida tag;
  2. have a last name like Johnson AND have risk scores greater than 50 3) who DO NOT have empty SSNs.