Editing a Built-in Rule

Edit rules to modify the frequency at which alerts are generated, the criteria, and the alert recipients.

  • By default, built-in rules are enabled and configured to send alerts to all contacts with valid email addresses.

  • Only the criteria of Email Security rules can be modified.

  1. Go to Alerts > Built-in Rules.

    The Built-in Rules screen appears.

  2. Click the name of the rule you want to edit in the Rule column.

    The Edit Rule screen appears.

  3. Toggle the status of this rule.
  4. Configure how often alerts are generated:
    • Check frequency: Select the frequency at which the rule criteria are checked

    • Alert frequency: Select the frequency at which the alert is generated when the rule criteria are met or exceeded

    • Shorter frequencies mean that the alert will be generated more often. Select longer frequencies to reduce the noise the alert generates.

    • System rules are configured to continuously check the rule criteria. Only the Alert frequency can be modified.

    • Security and custom rules are configured to immediately generate alerts if rule criteria are met or exceeded. Only the Check frequency can be modified.

  5. For Email Security alerts, configure the following:
    • Recipient watchlist: Type an email address and press ENTER to add the specified email address to the recipient watchlist.

    • Threshold: Specify the detection threshold.

    • Risk level: Select the risk level and then click Apply.

  6. (Optional) Select or disable Send to all accounts.

    This setting can be used in combination with the additional recipients field.

  7. (Optional) Select a contact, type to search, or type an email address and press ENTER.

    The contact or account is added to the recipients.

  8. (Optional) Modify the subject line. Compatible tokens are displayed on the right side and can be inserted at the text cursor's position by clicking the token.
  9. Click Save.

    Click Restore Defaults to restore this rule to its default values.