Overview
HackNotice’s Tiered Alerts feature gives you granular control over how alerts are grouped, filtered, and delivered across your First Party, End User, and Third Party services. Tiering allows you to define precise, logic-based workflows so the right alerts reach the right teams—while suppressing low-value noise.
With Tiered Alerts, you can:
Group alerts into custom tiers based on domains, identifiers, vendors, tags, password criteria, and more
Apply multiple conditions using AND logic
Create separate escalation paths for different risk types
Route high-priority alerts to the appropriate stakeholders
Suppress low-signal or non-actionable alerts without losing visibility in the platform
Each tier has its own notification behavior:
No Notifications – Alerts are visible in the UI only
Email Only – Alerts are delivered via email
Email + Push – Alerts are delivered via email and the HackNotice mobile app (iOS / Android)
How to Set Up Tiered Alerts
1. Navigate to Tiers
Go to:
Business → Account → Tiers
This page allows you to create, view, and manage all alert tiers across services.
2. Create a New Tier
Assign a Tier Name. This is an internal label used for organization and clarity (for example: Executives, High-Risk Passwords, Active Employees, Vendor PII Exposure).
3. Select the Service
Choose the service this tier applies to:
First Party
End User
Third Party
Each service exposes a different set of conditions based on the type of data being monitored.
4. Define Tier Conditions
You can add multiple conditions to a tier.
All conditions are evaluated using AND logic, meaning every condition must be met for an alert to be included in the tier.
5. Set Alerting Preferences
After creating the tier, select how alerts for that tier should be delivered:
Email + Push – Immediate escalation for high-priority alerts
Email Only – Informational alerts requiring awareness but not urgency
No Alerts – Suppressed notifications (alerts remain visible in the UI)
This enables workflows such as:
High-risk password exposure → Email + Push
Vendor-related intelligence → Email Only
Deprecated or non-employee identifiers → No Alerts
Active employee exposure → Email + Push
First Party Conditions
First Party conditions apply to alerts associated with your monitored company domains.
Available Conditions
- Watchlist Item
- Tag
- Criteria
- Structure
Watchlist Item
Filter alerts tied to one or more domains in your First Party Watchlist. Select the Watchlist Item(s) of interest from the drop down.
Tag
Filter alerts based on tags you’ve assigned to First Party domains. Tags can be assigned to Watchlist domains by sending a request to your HackNotice representative, or support@hacknotice.com
Criteria (Password-Based)
Restrict alerts to records containing passwords, and/or specific password complexity. Options include:
Plaintext passwords only
Minimum plaintext password length
Password complexity:
Numeric only
Alphanumeric
Alphanumeric + special characters
Structure
Infostealer – Passwords derived from infostealer malware
Cred Dump – Passwords not associated with infostealer activity
Email (Identifier & String Matching)
The Email condition provides a flexible way to filter alerts based on uploaded identifiers or patterns.
Purpose
This condition is commonly used to:
Identify alerts impacting active internal employees
Separate employee exposure from external or non-employee data
Isolate consumer credential exposures tied to customer-facing applications
How It Works
You can populate this condition in one of two ways:
Upload a CSV file (editable using the pencil icon), or
Integrate with Active Directory, allowing the list to sync automatically
Once populated, the values in this list are used as a filter condition within tiers.
CSV Format
The CSV must contain one column (Column A)
Each row should contain one value
No header row is required
Matching Behavior
The Email condition supports two complementary matching modes:
1. Email Address Matching
When full email addresses are provided, alerts are matched directly against those email values.
2. String-Based Matching
The uploaded CSV may also contain any string value, not just email addresses.
Each string is evaluated as a contains match
Matching is performed across all data elements in the alert record
Prefix, suffix, and partial matches are supported
If any part of the record contains the provided string, the alert qualifies for the tier.
Common Use Cases
@companydomain.com
Matches records impacting internal employees by identifying corporate email addresses./companydomain.com
Matches records containing URLs tied to a company’s domain—commonly used to identify consumer credential exposure associated with customer-facing applications.companydomain.com/login
Matches alerts referencing a specific application path or login endpoint.
Email address matching and string-based matching can be used together within the same tier to create highly targeted filtering logic.
End User Conditions
End User conditions apply to identifiers you monitor for customers, executives, or targeted individuals.
Watchlist Item
Select specific identifiers such as emails, usernames, or phone numbers.
Tag
Filter alerts using End User tags (for example: VIP, Executive, High-Value Account).
Criteria (Password-Based)
The same password-based filtering options available in First Party tiers.
Third Party Conditions
Third Party conditions apply to monitored vendors and suppliers.
Watchlist Item
Filter alerts tied to one or more vendors.
Tag
Filter based on vendor tags (for example: Critical Supplier, High Risk).
Source Type
Filter alerts by HackNotice source category, such as ransomware, news, or official disclosures.
Enabling and Disabling Tiers
Newly created tiers are enabled by default
To disable a tier, select Disable from the Tiers table
Disabled tiers can be re-enabled at any time
Summary
Tiered Alerts enable precise, operationally aligned alert workflows across:
First Party monitoring
End User monitoring
Third Party vendor monitoring
By combining watchlist filters, tags, password criteria, source types, and flexible email and string-based filtering, teams can dramatically reduce alert noise while ensuring high-risk exposures are surfaced and routed appropriately.
Comments
0 comments
Please sign in to leave a comment.