Skip to content

docs: CRM status changes and detection configs #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
NikitaVr wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: CRM status changes and detection configs #88

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion concepts/detections.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,16 @@ Each detection contains:
**Auto-Reporting Requirements:** Score must meet or exceed your medium threshold, detection source must be enabled, asset must not already be blocked, and asset must not have been previously rejected multiple times.
</Warning>

## Configuration

Detection sources and their sensitivity levels are configured automatically based on your organization's settings and requirements.

<Info>
**Automatic Configuration Updates:** Currently, only changes to your organization's priority level in the CRM automatically adjust threat detection configurations. Other CRM changes (such as subscription status changes from Active to Trial) do not automatically modify detection settings or other organizational configurations.
</Info>

For custom detection requirements or to modify your detection configuration, contact your ChainPatrol representative.

## Confidence Levels

Detections are categorized into confidence levels based on your organization's thresholds:
Expand Down Expand Up @@ -94,4 +104,4 @@ The system automatically handles duplicate detections to prevent alert fatigue:
- Detection is the entry point, not the decision: A detection indicates potential threat, but review and approval are required before blocking to prevent false positives
- Group IDs reveal campaign scope: When one detection links to multiple related assets, you can identify and report entire phishing campaigns instead of blocking sites one at a time
- Threshold configuration balances coverage and noise: Lower thresholds catch more threats but require more review, while higher thresholds miss edge cases but reduce workload
- Deduplication across sources increases confidence: When multiple independent detection sources flag the same asset, it provides stronger evidence of malicious intent
- Deduplication across sources increases confidence: When multiple independent detection sources flag the same asset, it provides stronger evidence of malicious intent