Now that the groundwork is set for your Rule, it is time to build the formula for triggering content on your connected Content Platform. Triggering the right content is important. Aware provides many different options when it comes to triggering con
At this point, you have already defined the Rule Scope and are ready to identify what triggers will match on content for your Rule. This article will review the following functionality:
- General Condition Knowledge
- Create a Custom Condition List
- Edit a Custom Condition List
- Delete a Custom Condition List
General Condition Knowledge
1. Select the content types to scan: Messages and/or Uploaded Files and/or Images
Hint: Images is only needed when using the NSFW Image Condition.
2. Next, select the AND Condition drop-down and choose the desired Condition Type
- Keywords: Exact match keywords and phrases (these keywords and phrases can be in any language, including characters)
- Patterns: A regular expression pattern used to identify a unique combination of numbers, letters or symbols
- Has Attachment: Attachments that have been included in a message (files, images, videos, platform docs, OneDrive, Google Drive, Box Files)
- Contains Language: Identify messages that contain certain language (English, German, French, Dutch, Spanish, Hindi, Bengali, Chinese and/or Russian). An additional Language option (“Other”) is available to detect when a language is being spoken that is outside of a specific set of languages their employees are “allowed” to use or within the bounds of what the customer would expect.
- Code Detection: Identifies messages with any type of text that looks like code
- Sentiment: Identify content that matches on a specific category of emotion - use this as an AND statement (very positive, positive, neutral, negative and/or very negative)
- Toxic Speech: Identify content that would be considered as inappropriate, offensive and/or hate speech
- Credit Card Number: Pattern to identify real credit cards using the Luhn Validation Method
- NSFW Image: Image only - trigger images that contain an inappropriate amount of nudity
- Screenshot Detection: Image only - identify software screenshots (This model does not identify text or objects within a screenshot, just that the uploaded image was a screenshot)
- Time of Day: Listen for messages sent during a specific time period in 15-minute increments. Times are in UTC to accommodate a geographically distributed workforce.
- File Names & Extensions: It provides users with the ability to detect when a file is shared that contains a specific string of characters.
- Link Risk: Link Risk is a new trigger condition in Signal that evaluates URLs shared in messages. It determines the legitimacy of the site being linked, and works to identify any sites that could be malicious e.g., phishing scams, scanner sites, sites hosting Windows exploits etc. It is configurable with five different risk categories to meet a customer's needs.
**Please reach out to your CSM or support @awarehq.com if you are interested in learning more. Currently, this feature is limited to Slack and Workplace by Meta.
- Password Detection: Listen for additional types of secrets, social security numbers, credit card numbers, routing numbers, and account numbers as well as incorporating a credit card image detection rule trigger that will identify scans and images of credit cards.
There are a few factors to consider when setting up a Signal Rule using the Password Detection trigger.
Confidence / Likelihood: While the Password Detection model has been designed to determine when a password is potentially being shared in messages, it can not say with certainty that a term is a password. Depending on a system’s requirements, any string or term could be a password. To mitigate this uncertainty, we have assigned a label to messages that trigger the Password Detection model that assigns one of three confidence/likelihood “levels.” These are also listed as options when setting up the rule trigger.
-
- Somewhat Likely: This confidence level will produce the most events and includes content from each confidence level. Select this level when you want to be certain that Aware detects a message that could contain a password. This level will produce more false positives and less false negatives. Users concerned about false negatives will want to use this level or “Likely,” but may find the noise to signal ratio too high for automated workflows.
- Likely: This confidence level will produce fewer events than the Somewhat Likely confidence level, but the events will have a higher likelihood of containing a password.
- Very Likely: This confidence level will produce the fewest events, but the events will have the highest likelihood of containing a password. Use this confidence level when you want to be very certain that an event contains a password. This level will produce the least amount of false positives but may miss more passwords that are less complex or out of context. This level is recommended for automated workflows using actions like tombstone/delete.
RegEx Builder (Optional):
-
-
Regardless of which level was selected as the minimum threshold for confidence, users can further filter their results using a modal that allows them to add regular expression criteria on top of the existing detection capabilities. The criteria in this optional step of the rule trigger is cumulative, meaning a term will only be flagged as a potential password if it meets every condition selected on the screen. This is best used when an end user knows the potential format of passwords they are looking for/most concerned about.
-
3. If you select Keywords or Patterns, you can create your own templates with keywords and phrases or regular expressions or leverage the ones provided out of the box with Aware
- Learn how to create you own templates below
4. Once one AND Condition has been created, you will be able to add an OR, AND or a NOT Condition, Choose Actions or Save and Close
Why would you add an OR, AND or NOT Condition? This will strengthen your Rule and narrow the scope for content triggering. Below are a few examples on how to use OR, AND, or NOT condition.
- If you are looking to identify address information, you will want to use our Zip or Postal Code Pattern AND Street Suffix Keywords.
- Hint: Using additional AND statements will help strengthen your rule and reduce false positives.
- If you are looking to identify the keyword surgical, you will want to use a NOT condition that contains "surgical center, surgical centers, surgical company, and/or surgical facility"
- If you are looking to identify inappropriate conversations, you may want to use Handicap Insults OR Swear/Insulting Keywords
5. Validate your Rule Triggers in the scope panel on the right hand side, if you don't see a Condition you would like to use you can create or edit a condition.
Create a Custom Condition
1. Select Signal and choose a Policy
2. Once you are in your Policy click Rules and choose the Rule you would like to create a Condition for OR create a new Rule and then create a Condition
3. Click Choose Triggers at the bottom of the page OR select Triggers from the Edit Rule toolbar on the left
4. Select Keywords or Patterns from the Condition dropdown
5. Select Create Keyword Template, located above the search box
6. Name the customer template then type in the desired Keywords, Phrases or enter the regular expression (Hint: be sure to press enter or select add after each keyword or phrase)
7. Once your template is finished click Create Template at the bottom
Edit a Custom Condition List
1. Choose the Condition you would like to edit and click Edit Template
2. You can edit the template by adding or removing items in the box below
3. Once finished, save the edited Condition list
Delete a Custom Condition List
1. Select the Condition you would like to delete and click Delete Template in the upper right corner
2. Type delete and then click Delete Template
Once your Rule Triggers are defined click here to learn about implementing Rule Actions.