How to whitelist or silence an Entity
Sometimes, entities have legitimate reasons to engage in transactions that would get flagged by a rule. For example, a VIP user might be allowed to transact larger amounts than most.
In these cases, you can add the entity to a whitelist, which excludes their transactions from alerts.
There are two approaches to whitelisting.
- Granular: you can whitelist an entity from a specific rule. In this case, the entity is excluded for alerts from a specific rule.
- Global: you can whitelist a particular entity from all alerts for all rules.
How to stop models from generating alerts for particular entities:
To whitelist entities on a per rule basis, follow these steps.
- Head to the Detection Models page:
- Select a live model from the list:
- Open the Whitelist tab:
- Use the dropdown to select entities by
id,business name,user name, oremail address.
- Start typing your entity name. Once the entity is found, select it.
- Click the button Add to Rule <id>'s Whitelist.
This action can be either temporary or indefinite.
In this case, the entity is whitelisted for only the transactions that get flagged by the specified rule. If the entity engages in transactions that break a different rule, they will be flagged.
- Click Add to Rule:
You can also do this from an entity's pane:
Just click on the Rule Silencing tab and manually add rules.
How to stop all alerts for a particular entity:
- Head over to the Data Explorer.
- Click on the entity to see the overview, then choose Go to Detail Page:
- Select the Rule Silencing tab.
- Choose Silence all rules and select the amount of time to allowlist the entity.
The duration can be indefinite, or within the range from 3 days to 3 months.
Since this action can be either temporary or indefinite. When it's temporary, you can think of it like hitting an the "snooze" button for an entity's alerts. For this reason, sometimes the action is referred to as rule silencing in the UI.
Updated 4 months ago