Sometimes, entities have legitimate reasons to engage in transactions that would get flagged by a rule. For example, a VIP user might be allowed to transact larger amounts than most.
In these cases, you can add the entity to a whitelist, which excludes their transactions from alerts.
There are two approaches to whitelisting.
- Granular: you can whitelist an entity from a specific rule. In this case, the entity is excluded for alerts from a specific rule.
- Global: you can whitelist a particular entity from all alerts for all rules.
To whitelist entities on a per rule basis, follow these steps.
- Head to the Detection Models page:
- Select a live model from the list:
- Open the Whitelist tab:
- Use the dropdown to select entities by
user name, or
- Start typing your entity name. Once the entity is found, select it.
- Click the button Add to Rule <id>'s Whitelist.
This action can be either temporary or indefinite.
In this case, the entity is whitelisted for only the transactions that get flagged by the specified rule. If the entity engages in transactions that break a different rule, they will be flagged.
You can also do this from an entity's pane:
Just click on the Rule Silencing tab and manually add rules.
- Head over to the Data Explorer.
- Click on the entity to see the overview, then choose Go to Detail Page:
- Select the Rule Silencing tab.
- Choose Silence all rules and select the amount of time to allowlist the entity.
The duration can be indefinite, or within the range from
3 days to
Since this action can be either temporary or indefinite. When it's temporary, you can think of it like hitting an the "snooze" button for an entity's alerts. For this reason, sometimes the action is referred to as rule silencing in the UI.
Updated 3 months ago