diff --git a/authentik/policies/event_matcher/api.py b/authentik/policies/event_matcher/api.py
index ea865f26d..7a5ded3e3 100644
--- a/authentik/policies/event_matcher/api.py
+++ b/authentik/policies/event_matcher/api.py
@@ -1,5 +1,6 @@
 """Event Matcher Policy API"""
 from django.utils.translation import gettext as _
+from rest_framework.exceptions import ValidationError
 from rest_framework.fields import ChoiceField
 from rest_framework.viewsets import ModelViewSet
 
@@ -14,12 +15,18 @@ class EventMatcherPolicySerializer(PolicySerializer):
     app = ChoiceField(
         choices=app_choices(),
         required=False,
+        allow_blank=True,
         help_text=_(
             "Match events created by selected application. When left empty, "
             "all applications are matched."
         ),
     )
 
+    def validate(self, attrs: dict) -> dict:
+        if attrs["action"] == "" and attrs["client_ip"] == "" and attrs["app"] == "":
+            raise ValidationError(_("At least one criteria must be set."))
+        return super().validate(attrs)
+
     class Meta:
         model = EventMatcherPolicy
         fields = PolicySerializer.Meta.fields + [