How do I tune my rule strength?

There is no direct access to rule strength from your system, but we can update it from your account.  Send us a note at support@armresearch.com to let us know what setting you would like to try. Be sure to include your license ID in your message. We will be happy to work with you to tune your rule strength to the optimal setting for your system.

Currently the default rule strength is set to 1.0. Generally it works to go "half way there" (0.5) and see how your system responds. If the extra load is undetectable then we would probably recommend going straight from there to the most sensitive setting (0.1).

If going to 0.5 creates a significant increase in system loads then we would need to decide if this was acceptable. If it was then we would leave the setting there, and if not then we would go half way back to 0.75. If going to 0.5 creates a moderate increase but we feel there is still room then we would continue on - again have the distance and try 0.25.

This is in essence a "binary search" for the best setting. The goal is to get to 0.1 if possible since this includes all rules that have any reported activity in the sample window (45 days currently).

This mechanism is a low level part of the collaborative mechanisms in Message Sniffer. Any system detecting activity on a given rule wakes up that rule in other systems automatically. As more of the sensitive systems report, the strength of the rule grows until systems with moderate and nominal sensitivity begin to also report the activity. The mix of sensitivities in the systems helps to balance the size of the active rulebase against the available computing capacity of all of the nodes.

One final piece:

A few special nodes process spamtraps and submitted spam against the entire historical rulebase corpus (0.0) so that even completely inactive rules can be awakened for analysis on the collaborative network.

 

Related Topics