🌟 New Feature Alert 🌟

What's New?

  1. Verosint now supports the Google Workspace integration.

    • Connect your Google Workspace directly to Verosint. Learn how in our Google Workspace guide.

    • Get actionable insights into suspicious activity, risks, and threats across your workspace.

Why Does This Matter?

  1. Using Google Workspace for your organization? Verosint's got you covered.
  2. Verosint continuously monitors your environment for risks and threats. Observability and security made easy.
  3. Security teams can respond quickly to contain threats before they escalate.

** 🚀 Improvements Alert 🚀**

What's New?

  1. See Active Search Filters in Event Explorer

    • Your applied search filters are now visible in the header, making it clear what your current search includes. This is especially helpful for simple searches (e.g. Email = "[email protected]").

    • For more complex searches (multiple filters), you can still open the Filters modal to see the full details.

  2. Smoother Email Search Flow in Event Explorer

    • When selecting the Email filter and pasting in an address, the Search button automatically activates.

    • No more hitting Enter or clicking out of the field. One less click to get where you're going.

Why Does This Matter?

  1. Faster, more intuitive behavior in Event Explorer.
  2. Less guesswork about what filters are applied during investigations.
  3. Reduced clicks --> quicker time to insights.

🚀 Improvement Alert 🚀

What's New?

We've added key Session metadata to the Event Details panel in Event Explorer, including:

  • Session ID: The unique identifier for the account session.
  • First Seen: The timestamp when this Session ID was first observed in your workspace.
  • Hours Since First Seen: Longer-lived sessions are more susceptible to suspicious activity or malicious actions.

See key Session info in the Event Details panel of Event Explorer

Why This Matters

  • Having the First Seen timestamp and Hours Since First Seen metrics provides critical context about each session’s history.
  • Sessions that have been active for longer periods can indicate persistent access, making them more likely to be targeted or exploited.
  • Highlighting this info in the Event Details panel enables security teams to identify sessions that may warrant closer monitoring for suspicious or malicious activity.

🌟 New Feature Alert 🌟

You can now create a Monitor or add a Rule directly to a Workflow from an active search filter in Event Explorer.

What's New?

  1. From Event Explorer, users can investigate specific activity and build a search query to identify suspicious behavior.

  2. With a single click, users can then:

    1. Turn the query into a Monitor
    2. Add the query as a Rule to a Workflow
  3. This creates a seamless path from investigation to action, without leaving Event Explorer.

    Turn your search query into a Monitor or Workflow Rule with one click in Event Explorer

Why Does This Matter?

  1. Closes the loop between detection and prevention, enabling faster response to suspicious activity.
  2. Strengthens interoperability between Explorer, Monitors, and Workflows, demonstrating a full lifecycle from investigation to automated response.
  3. Reduces friction for analysts by letting them act directly on insights as they discover them.

🌟 New Feature Alert 🌟

The Verosint team delivers again! This release brings powerful new features for investigation and detection, helping you cut through noise, streamline workflows and monitors, and act with confidence.

Also, we’re at Oktane this week! Swing by our booth to share feedback and see the entire Verosint platform in action!

Rule & Monitor Impact Preview

See the number of events and unique accounts your selected filters would have impacted (last 7 days)

What’s New?

  • When creating Monitor or a Rule in a Workflow, you now see:

    • Events Count: Total events that match your selected filters (last 7 days)
    • Accounts Count: Total unique accounts impacted (last 7 days)
    • Daily Triggers Chart: Bar chart showing event volume and distribution (last 7 days)

Why Does This Matter?

  • Write smarter, more effective rules.
  • Prevents noisy workflows or monitors that generate thousands of unnecessary alerts.
  • Gives confidence that rules and monitors are tuned to detect real risks without alert fatigue.

Updated Event Explorer Search (Filter Builder)

What’s New?

  • Build advanced searches in Event Explorer using OR and +GROUP filters.
  • Unified filter-building experience across Event Explorer, Workflows, and Monitors.

Why Does This Matter?

  • Zero in on exactly the events you want, without noise.
  • Unified filter experience means less context-switching and faster investigations.

Lists in Event Explorer Filters

What’s New?

  • Filter events directly based on your Lists.

Why Does This Matter?

  • Investigate historical user activity based on the lists you care about.
📘

Event Explorer List searches are historical, showing items that were on the List when the event happened. Expired items may appear in results even if they’re no longer on the List.


🌟 New Feature Alert 🌟

You can now extend your Workflows and Monitors to send actions to integrations to streamline event notifications!

Send to Webhook, Datadog, and Splunk actions in an example Monitor

What's New?

  1. Send to Webhook, Datadog, and Splunk Actions
    1. These actions can now be enabled in your Workflows and Monitors.
    2. When a rule or monitor triggers, event details are sent automatically as a JSON payload to your chosen destination (Datadog, Splunk, or a Webhook).

Good to Know:

  • Actions for Datadog, Splunk, and Webhooks only appear if the corresponding integration is already configured in your Account Settings.
  • Event payloads sent via Datadog, Splunk, and Webhook match exactly what you see in your configured SIEM logs, ensuring consistency across platforms. See an example payload here.

Why Does This Matter?

  • Streamlines automated alerting to your monitoring tools and collaboration platforms.
  • Keeps your team and systems in sync with real-time event data.
  • Simplifies setup by only showing actions relevant to your configured integrations.

🌟 New Feature Alert 🌟

The Verosint team is at it again! New features and improvements are here to make threat detection and response faster, smarter, and more seamless.

What's New?

  1. New Event Type: MFA Abandoned

    • Verosint now supports the "MFA Abandoned" event type.

    • This captures when a user begins MFA but doesn’t complete it, helping you identify potentially suspicious activity.

      MFA Abandoned event type in Event Explorer filters

  2. Footer Added to Notifications

    • All notifications from Monitors and Workflows actions (Email, Slack, Teams) now include a footer for clear context.

    • The footer shows which Monitor or Workflow it’s referring to and confirms it was sent to the intended workspace.

      Example notification with footer in Slack

Why Does This Matter?

  1. Detect risky authentication behavior earlier, like users abandoning MFA mid-process.
  2. Greater clarity and confidence in your alerts, so you know exactly where they came from and where they went.

🚀 Improvements Alert 🚀

What's New?

  1. Improved “Add to List” in Event Explorer

    • The Add to List experience in Event Explorer now matches the rest of the Verosint platform. Add items to a list, set an expiration, and add an optional description!

    • You can now add Sessions directly to a List from Event Explorer, previously only possible from the Lists UI.

    • This update makes tracking and organizing items faster and more consistent across the platform.

Why Does This Matter?

  1. Investigations are faster and more seamless — no need to jump back and forth between Explorer and Lists to track suspicious activity!

🌟 New Feature Alert 🌟

The Add to List action is now available in Workflows and Monitors! 🎉

What's New?

  1. You can now configure a Monitor or Workflow to automatically add items to a List!
  2. Great for handling business-specific risks—whether you want to enforce a cool-off period, contain potential credential stuffing attempts, or take other automated ITDR actions to stop threats before they spread.

Contain credential stuffing attacks by automatically putting suspicious IPs on a block list

Why Does This Matter?

  1. Lists are now more than static collections: they can be automatically enriched by your detections and responses.
  2. This makes it easier to contain threats in real-time and drive consistent policy enforcement across your environment.

** 🌟 New Feature Alert 🌟**

Lists just got smarter: you can now set expiration dates for items you add to any list.

What's New?

  1. Expiration Dates for List Items: Every item added to a list can now have an optional expiration date, so you can control exactly how long it stays active.

  2. Updated Add-to-List Design: Adding items now happens in a clean modal interface, making it faster and more intuitive.

Why Does This Matter?

  1. Automatic Cleanup: Items can now expire automatically, reducing clutter and keeping your lists up-to-date without manual intervention.
  2. Improved ITDR Workflows: Automatically expiring items supports rotation policies, temporary access tracking, and risk cleanup after investigations.
  3. Foundation for Automation: This addition sets the stage for automated add-to-list actions in Monitors and Workflows (coming soon!), letting you take action programmatically based on signals or events.
  4. Better Risk Visibility: Expiration dates help ensure that sensitive accounts, IPs, or devices aren’t lingering in lists longer than necessary, reducing stale or outdated risk data.

🌟 New Feature Alert 🌟

We’re excited to introduce Monitors — a powerful new way to detect and act on the risks that matter most to you.

Learn more about how you can use Monitors to prevent unauthorized application access within your workspace and identify high-risk users automatically.

What’s New?

  1. Define the Risks You Care About 🔍 – In addition to Verosint’s built-in threat detections, you can now create custom Monitors to catch the fraud patterns, suspicious behaviors, or threats unique to your business.

  2. Automated Threat Response ⚡ – Your Monitors run on every event flowing through Verosint. When risky activity is detected, notifications are triggered automatically via email, Slack, and/or Microsoft Teams.

  3. Always-On Protection 🛡️ – Monitors continuously watch every user action and system event, so once you set them up, you can “set it and forget it.”

  4. For Both Workforce & Customers 🌍 – Monitors provide flexible detection across both workforce IAM and CIAM use cases.

Why Does This Matter?

  1. In addition to the threats Verosint detects for you, you can tailor detection to the risks your business cares about most.
  2. Reduce manual review time and respond faster by automating detection and notifications.
  3. Gain peace of mind knowing Verosint is monitoring 24/7 in the background.

Stay tuned — we’ll be adding more actions soon to make your Monitors even more effective for detection, investigation, and response. 🚀


🌟 New Feature Alert 🌟

Verosint now allows admins to create and manage API keys directly in the workspace, making it easier to rotate keys and maintain security best practices.

What's New?

  1. Create API Keys: Admins can create and name up to 10 active API keys per workspace.

  2. Revoke API Keys: Admins can revoke keys at any time. Deactivated keys are timestamped in the Deactivated column.

  3. Role-Based Access: Role-based access puts API key management in the right hands—protecting security while empowering the right teams to move faster.

    • Admins: Create, revoke, and view keys.
    • Analysts: View and copy keys.
    • Read-only users: Cannot access the API Keys page.
  4. Sorting the API Key Table: Sort your API keys by Name, Created Date, or Deactivated Date for easier management.

Why Does This Matter?

  • 🔐Security: Easily rotate API keys to follow best practices.
  • ⚙️Control: Admins maintain full control over API keys, while analysts can access keys needed for workflows.
  • 👁️Transparency: Clear visibility into when keys are created or deactivated, reducing risk of unauthorized access.