Axur Platform automations help optimize the routing of threats, speeding up the work of your internal team and Axur’s SmartHunt team. With them, you can standardize actions applied to threat types that share specific characteristics.
How to use
Automations operate only in the Open list. If you want actions to be applied to tickets in other lists, move them to Open before running the automation.
To ensure good results:
Check the threat validation criteria defined by the SmartHunt team (if contracted).
To request or review these criteria, contact [email protected].
Automations can be configured whenever there are clear and reliable criteria for automatically routing a ticket to:
Quarantine
Incident
Takedown
Dismiss
Conditions can be used individually or combined. For details, see the article Automations — How to Configure.
Available conditions
Ticket type (Brand Misuse, Phishing, etc., depending on your contracted scope)
Domain
Detection title
Detection URL
Product price (only for mercadolivre.com.br and olx.com.br)
Product name (same domains above)
Seller name (same domains above)
Detection language (only for Fake Social Media Profiles and Phishing)
Other specific criteria
Best practices and examples
1. Be careful with generic domains
Do not automatically dismiss broad domains such as Facebook, Instagram, YouTube, or GitHub. Use specific rules.
Example: dismiss only Facebook detections that are in German.
2. Titles that generate false positives
Some generic terms may introduce false positives. Create rules to dismiss titles unrelated to your business. Example: “purple colored pencil” or “paint.”
Remember: threats are collected based on monitored terms linked to your brand. Review these terms regularly (see Libraries – Search Bots for more details).
3. Routing to Incidents or Takedown
Send to Incidents any titles or domains containing terms that indicate potential fraud and require internal review. If a recurring pattern is identified, consider automating the Takedown. Example: “burlar,” “crackear.”
Attention: if your contracted Takedown limit is reached, automations will continue sending requests, and extra Takedowns will be charged accordingly.
What automations do not do
Current limitations include:
They do not analyze the full content of URLs.
They do not add tags to tickets.
They do not use tags added after detection.
They do not act on tickets outside the Open tab.
They do not retroactively process accounts with more than 10,000 tickets in Open.
They do not evaluate fields not listed in the conditions.
They do not provide ticket types outside your contracted scope.
They do not act when evidence is missing or incomplete.
They do not act on Credentials detections.
Creating a new automation
The article Automations — How to Configure provides the full step-by-step guide.
Below is a summary of the key required fields:
Required fields
Automation Name: 4 to 64 characters.
Apply Rules to Assets: select at least one asset.
Ticket Types: choose at least one.
Conditions
Domain: the only mandatory condition — at least one domain must be selected.
Detection URL / Detection Title: optional.
Product Name / Product Price / Seller Name: available only for Mercado Livre or OLX.
Detection Language: available only for Fake Social Media Profile (Instagram/Facebook) or Phishing (Portuguese, Spanish, English, German, Italian, French).
Expected Action
Only one action can be selected (Quarantine, Incident, Takedown, or Dismiss).
For Takedowns, if your package is exhausted, requests will continue to be sent and will incur additional charges.
Application
Define whether the automation should act on:
Only new tickets, or
New and existing tickets.
The platform will show how many tickets will be affected and allow you to preview the details before confirming.
If you have any questions, feel free to reach out at [email protected] 😊