May Updates: Detection Config and Rules Improvements

Detection & Configuration

In May, we introduced better configurability and transparency across the detection pipeline, including new data sources and configuration UI.

Preview Assets in Manual Detection Runs

When you you make a change to a source, it’s helpful to get a preview of what types of results the detection source will return. Now, you can click the “Run detection” button in the configuration modal on the Detections page to preview results. This enables faster iteration and validation when tuning queries.

Dynamic Field Detection Config UI

Source configurations now support dynamic fields, improving setup flexibility and accuracy. For detection sources like Twitter Post Search, Google Search, and Reddit Subreddit Search, this change allows us to expose more options to you to configure detection sources to reduce noise.

Global Detection Configs

Detection sources can now be shared across multiple orgs through a global configuration system. This means that we can run searches across broad search queries like “crypto wallet”, “airdrop”, and more. We can leverage our brand triage system to direct the right detection results to the right organization.

Reddit Detection Source

Reddit Subreddit Search is a new detection source that automatically searches for subreddits that might impersonate your brand and contain scam URLs and malicious behavior. This new source is currently enabled in Evaluate mode for select orgs, and we’ll be rolling it out more widely across organization is the coming weeks.

Captcha Detection and Labeling

Our scanning system now detects captchas and Cloudflare interstitial pages and applies a captcha label. Our reviewers can filter these scans more easily using the new label filter in the interface to identify threats that require manual intervention to access the target content.

Proposal Review & Rule Engine

This month, we shipped a few new rules and review features to improve scoring reliability and reduce false positives.

New Web3 & Wallet Connect Rules

We shipped a new rule to detect Web3 JavaScript snippets on webpages and wallet connection prompts—two common components on most Web3 sites. By detection these, we can filter out the vast number of sites that don’t have anything to do with Web3, reducing the risk of false positives and focusing our resources on sites that are more likely to be targeting Web3 brands.

Rule Grouping for Auto Reporting & Review UI

Similar rules are now grouped together to avoid over-weighting some rules that have a low precision. By grouping rules by type, we can more safely roll out new rules and make it clearer for our reviewing system and staff to interpret the results of the rules we execute as part of our threat analysis.

Detection & Configuration

In May, we introduced better configurability and transparency across the detection pipeline, including new data sources and configuration UI.

Preview Assets in Manual Detection Runs

When you you make a change to a source, it’s helpful to get a preview of what types of results the detection source will return. Now, you can click the “Run detection” button in the configuration modal on the Detections page to preview results. This enables faster iteration and validation when tuning queries.

Dynamic Field Detection Config UI

Source configurations now support dynamic fields, improving setup flexibility and accuracy. For detection sources like Twitter Post Search, Google Search, and Reddit Subreddit Search, this change allows us to expose more options to you to configure detection sources to reduce noise.

Global Detection Configs

Detection sources can now be shared across multiple orgs through a global configuration system. This means that we can run searches across broad search queries like “crypto wallet”, “airdrop”, and more. We can leverage our brand triage system to direct the right detection results to the right organization.

Reddit Detection Source

Reddit Subreddit Search is a new detection source that automatically searches for subreddits that might impersonate your brand and contain scam URLs and malicious behavior. This new source is currently enabled in Evaluate mode for select orgs, and we’ll be rolling it out more widely across organization is the coming weeks.

Captcha Detection and Labeling

Our scanning system now detects captchas and Cloudflare interstitial pages and applies a captcha label. Our reviewers can filter these scans more easily using the new label filter in the interface to identify threats that require manual intervention to access the target content.

Proposal Review & Rule Engine

This month, we shipped a few new rules and review features to improve scoring reliability and reduce false positives.

New Web3 & Wallet Connect Rules

We shipped a new rule to detect Web3 JavaScript snippets on webpages and wallet connection prompts—two common components on most Web3 sites. By detection these, we can filter out the vast number of sites that don’t have anything to do with Web3, reducing the risk of false positives and focusing our resources on sites that are more likely to be targeting Web3 brands.

Rule Grouping for Auto Reporting & Review UI

Similar rules are now grouped together to avoid over-weighting some rules that have a low precision. By grouping rules by type, we can more safely roll out new rules and make it clearer for our reviewing system and staff to interpret the results of the rules we execute as part of our threat analysis.

Detection & Configuration

In May, we introduced better configurability and transparency across the detection pipeline, including new data sources and configuration UI.

Preview Assets in Manual Detection Runs

When you you make a change to a source, it’s helpful to get a preview of what types of results the detection source will return. Now, you can click the “Run detection” button in the configuration modal on the Detections page to preview results. This enables faster iteration and validation when tuning queries.

Dynamic Field Detection Config UI

Source configurations now support dynamic fields, improving setup flexibility and accuracy. For detection sources like Twitter Post Search, Google Search, and Reddit Subreddit Search, this change allows us to expose more options to you to configure detection sources to reduce noise.

Global Detection Configs

Detection sources can now be shared across multiple orgs through a global configuration system. This means that we can run searches across broad search queries like “crypto wallet”, “airdrop”, and more. We can leverage our brand triage system to direct the right detection results to the right organization.

Reddit Detection Source

Reddit Subreddit Search is a new detection source that automatically searches for subreddits that might impersonate your brand and contain scam URLs and malicious behavior. This new source is currently enabled in Evaluate mode for select orgs, and we’ll be rolling it out more widely across organization is the coming weeks.

Captcha Detection and Labeling

Our scanning system now detects captchas and Cloudflare interstitial pages and applies a captcha label. Our reviewers can filter these scans more easily using the new label filter in the interface to identify threats that require manual intervention to access the target content.

Proposal Review & Rule Engine

This month, we shipped a few new rules and review features to improve scoring reliability and reduce false positives.

New Web3 & Wallet Connect Rules

We shipped a new rule to detect Web3 JavaScript snippets on webpages and wallet connection prompts—two common components on most Web3 sites. By detection these, we can filter out the vast number of sites that don’t have anything to do with Web3, reducing the risk of false positives and focusing our resources on sites that are more likely to be targeting Web3 brands.

Rule Grouping for Auto Reporting & Review UI

Similar rules are now grouped together to avoid over-weighting some rules that have a low precision. By grouping rules by type, we can more safely roll out new rules and make it clearer for our reviewing system and staff to interpret the results of the rules we execute as part of our threat analysis.