The Risks page lets you define custom risk patterns that the Content Filter watches for in user activity. Each risk is a named rule that matches on keywords or regular expressions, and risks can be enabled or disabled individually and scoped to an Organizational Unit. When a risk is triggered, it can generate a notification to the email recipients you configure.
What this guide covers
Before you begin: open the Content Filter console and select Policy › Risks from the top navigation. The page is split into the All Risks list on the left and a detail panel on the right.
The Risks page: the All Risks list on the left and the selected risk’s detail panel on the right.
Scoping by Organizational Unit
At the top right of the page are two Organizational Unit selectors. Use these to choose the OU whose risks you want to view and manage. Risks configured at a given OU level apply to the accounts within that unit.
The Organizational Unit selectors at the top right of the Risks page.
The All Risks list
The left panel lists every configured risk. Use the Search risks… box to filter the list by name, and the + button at the top of the panel to add a new risk. Each row shows the risk name and an enable/disable toggle—a green toggle means the risk is active, a grey toggle means it is disabled. Select any risk to open its details in the panel on the right.
The All Risks panel: search box, add (+) button, and each risk row with its enable/disable toggle.
Editing a risk
Selecting a risk opens its editable detail panel. The risk name appears at the top, with a notification icon and a delete (trash) control on the right. The fields below define how the risk matches activity.
The risk detail panel showing the Type, Match Count, Keywords, Context and Context Match Length fields.
Field | Description |
Type (required) | Find risky matches through a comma separated list of either keywords or regular expressions. Options are Keyword and Regex. |
Match Count | This is threshold count and if the number of risk matches is greater than or equal to this value then the input will be risky. Note: Default value is 1. |
Keywords (required) | Comma delimited list of risky keywords to match on. |
Context | Comma delimited list of string to be checked in proximity to a keyword or regular expressions. |
Context Match Length | The length which has to be checked for finding context around a risk pattern. Note: A value of 0 will imply, finding the context anywhere in the input. |
Delete (trash icon) | Destructive: permanently removes the risk. Use with caution—this action cannot be undone. |
Configuring notifications
Select Configure Notification at the top of the page to open the notification settings for risks. Here you add the email recipients who should be alerted, toggle whether notifications are Active and whether to Notify Immediately, and set a per-day Schedule with alert periods. Days can inherit their schedule from another day or be overridden individually.
The Configure Notification dialog: email recipients, Active and Notify Immediately toggles, and a per-day alert schedule.
Setting | Description |
Email(s) (required) | The recipients alerted when a risk is triggered. Use + Add Email to add more addresses. |
Active | Turns the notification on or off. |
Notify Immediately | When enabled, sends an alert as soon as a risk is triggered rather than batching it. |
Schedule | Per-day alert windows. Each day has its own toggle, an Inherit From selector (to copy another day’s settings) and an Override option. The Alert Period sets the start and end time for alerts on that day. |
Related guides
Overview – Policy Allow List
Overview – Policy Block List
Overview – Violations
Overview – Summary