How-To2026-02-046 min read

How-To: Tune Sprappy Filter Thresholds for Your Traffic

Set and adjust Sprappy Filter score thresholds to balance false blocks against missed threats.

Sprappy Filterthreshold tuningfalse positiveshow-toLLM security

Why Thresholds Matter Most

Sprappy Filter returns a threat score, but the score alone does nothing — your threshold is what turns it into a decision. Set it too low and you block legitimate users; too high and threats slip through. This how-to walks through tuning it on real traffic instead of guessing.

Step 1: Understand the Two Error Types

There are two ways to be wrong. A false positive blocks a legitimate request — frustrating users. A false negative lets a threat through — risking harm. These trade off against each other: tightening the threshold reduces one and increases the other. There's no setting that eliminates both, so you're choosing a balance.

Step 2: Decide Which Error Is Costlier

For a public signup form, a missed threat might be worse than an occasional false block. For a paid product with sensitive users, a false block might be the bigger sin. Decide which error your application can least afford — that determines whether you lean strict or lenient.

Step 3: Start From a Sensible Default

Begin with a middle-of-the-range threshold and treat it as a hypothesis, not a final answer. The docs at https://doc.sprapp.com describe the score range so you can pick a reasonable starting point.

Step 4: Log Scores and Outcomes

Run in monitoring mode if you can — score everything, but log the decision you would have made rather than enforcing it at first. This lets you see the distribution of scores on your actual traffic before you start blocking anyone.

Step 5: Review the Borderline Cases

The cases near your threshold are where tuning happens. Pull the requests just above and just below it and judge them by hand. If clean requests are getting blocked, raise the threshold; if obvious threats are passing, lower it. Repeat until the borderline looks right.

Step 6: Re-Tune Periodically

Traffic changes; attack patterns change. A threshold that was right six months ago may drift. Schedule periodic reviews of the borderline cases rather than setting it once and forgetting it.

Honest Limitation

No threshold makes Sprappy Filter perfect. It's a fast first-line screen, and even a well-tuned one won't catch everything. Keep downstream safeguards in place. Tuning improves the cost-benefit balance; it doesn't make the filter infallible.

Summary

Identify your costlier error, start from a reasonable default in monitoring mode, tune on borderline cases, and revisit periodically. The score documentation at https://doc.sprapp.com gives you the range and fields to work from.

Written bySPRAPP Engineering

Integration Walkthrough: Sprappy Filter in Front of SPRAPP Panel

Wire Sprappy Filter threat scoring ahead of a SPRAPP Panel call for a screened multi-model pipeline.

2025-11-126 min read

How-To

Integration Walkthrough: Adding smoltext to a JSON API Pipeline

A step-by-step walkthrough for compressing small JSON payloads with smoltext between services.

2026-01-076 min read