INSIGHTS
      Back to home
      1. Knowledge Base
      2. DASHBOARDS: Analyze potential incidents
      3. INSIGHTS

      🆕How to control when policies trigger insights

      âť—For now, the Insights are only available in cloud-hosted Safetica. It is not yet available in Safetica hosted on-premises.

       

      Introduction

      Safetica lets you control how individual policies trigger insights when they are violated. This helps reduce noise from unimportant activities and makes it easier to focus on important issues.

      In this article, you will learn:

       

       

      Limitations

      • The Insights setting is available for data, website, application, and external device policies. It is not available for auditing policies.
      • The Insights setting only affects insights triggered for the following reasons:
        • Data policy violation
        • Blocked application
        • Blocked website
        • External device policy violation

              Insights based on other reasons (such as High or medium-risk operation, Unusual sensitive data activity, etc.) will be triggered regardless of the Insights setting.

       

       

      How to set when insights are triggered

      1. In Safetica console, go to Policies.
      2. Click Add policy to create a new policy, or click an existing policy to open its settings.
      3. In the Insights section, select when the policy should trigger insights. You can choose from the following options:
        • Default:
          • What it does: Lets Safetica decide when to trigger an insight based on Contextual Defense.
          • Typical use: Most policies; policies with dynamic action.

      ✍️Policies with dynamic action can only be set to Default.

        • Always:
          • What it does: The policy triggers a high-severity insight on every violation, regardless of policy action (it even works for logging policies; Allow policy actions don’t trigger insights).
          • Typical use: Critical policies where you want to know about every violation.

      ✍️The Always option is only available for data and external device policies.

      ✍️Application and website policies only have 2 options – Default and Never. This is because an insight is triggered on every violation by default.

        • Never:
          • What it does: The policy never triggers insights.
          • Typical use: Low-priority policies or if the policy generates too many unnecessary insights.

       

       

      How to change insight setting from insight detail

      1. In Safetica console, go to Insights.
      2. Click an (data, app, website, or external device) insight to open its detail.
      3. In Quick actions, click Manage insight trigger settings. This shortcut jumps directly to the specific policy so you can easily adjust how it will trigger future insights.

      âť—If the Manage insight trigger settings is missing, the related policy was probably deleted and can no longer be edited.

       

       

      Where to view a policy’s insight setting

      1. In Safetica console, go to Policies.
      2. Check the Insights column to see when individual policies trigger insights.