🌟 New Feature Alert 🌟

The Verosint team is at it again! New features and improvements are here to make threat detection and response faster, smarter, and more seamless.

What's New?

1. New Event Type: MFA Abandoned

   • Verosint now supports the "MFA Abandoned" event type.

   • This captures when a user begins MFA but doesn’t complete it, helping you identify potentially suspicious activity.

     

2. Footer Added to Notifications

   • All notifications from Monitors and Workflows actions (Email, Slack, Teams) now include a footer for clear context.

   • The footer shows which Monitor or Workflow it’s referring to and confirms it was sent to the intended workspace.

     

Why Does This Matter?

1. Detect risky authentication behavior earlier, like users abandoning MFA mid-process.
2. Greater clarity and confidence in your alerts, so you know exactly where they came from and where they went.

🚀 Improvements Alert 🚀

What's New?

1. Improved “Add to List” in Event Explorer

   • The Add to List experience in Event Explorer now matches the rest of the Verosint platform. Add items to a list, set an expiration, and add an optional description!

   • You can now add Sessions directly to a List from Event Explorer, previously only possible from the Lists UI.

   • This update makes tracking and organizing items faster and more consistent across the platform.

     

Why Does This Matter?

1. Investigations are faster and more seamless — no need to jump back and forth between Explorer and Lists to track suspicious activity!

🌟 New Feature Alert 🌟

The Add to List action is now available in Workflows and Monitors! 🎉

What's New?

1. You can now configure a Monitor or Workflow to automatically add items to a List!
2. Great for handling business-specific risks—whether you want to enforce a cool-off period, contain potential credential stuffing attempts, or take other automated ITDR actions to stop threats before they spread.

Why Does This Matter?

1. Lists are now more than static collections: they can be automatically enriched by your detections and responses.
2. This makes it easier to contain threats in real-time and drive consistent policy enforcement across your environment.

🌟 New Feature Alert 🌟

We’re excited to introduce Monitors — a powerful new way to detect and act on the risks that matter most to you.

Learn more about how you can use Monitors to prevent unauthorized application access within your workspace and identify high-risk users automatically.

What’s New?

1. Define the Risks You Care About 🔍 – In addition to Verosint’s built-in threat detections, you can now create custom Monitors to catch the fraud patterns, suspicious behaviors, or threats unique to your business.

2. Automated Threat Response ⚡ – Your Monitors run on every event flowing through Verosint. When risky activity is detected, notifications are triggered automatically via email, Slack, and/or Microsoft Teams.

3. Always-On Protection 🛡️ – Monitors continuously watch every user action and system event, so once you set them up, you can “set it and forget it.”

4. For Both Workforce & Customers 🌍 – Monitors provide flexible detection across both workforce IAM and CIAM use cases.

   

Why Does This Matter?

1. In addition to the threats Verosint detects for you, you can tailor detection to the risks your business cares about most.
2. Reduce manual review time and respond faster by automating detection and notifications.
3. Gain peace of mind knowing Verosint is monitoring 24/7 in the background.

Stay tuned — we’ll be adding more actions soon to make your Monitors even more effective for detection, investigation, and response. 🚀

🌟 New Feature Alert 🌟

Verosint now allows admins to create and manage API keys directly in the workspace, making it easier to rotate keys and maintain security best practices.

What's New?

1. Create API Keys: Admins can create and name up to 10 active API keys per workspace.

2. Revoke API Keys: Admins can revoke keys at any time. Deactivated keys are timestamped in the Deactivated column.

3. Role-Based Access: Role-based access puts API key management in the right hands—protecting security while empowering the right teams to move faster.

   • Admins: Create, revoke, and view keys.
   • Analysts: View and copy keys.
   • Read-only users: Cannot access the API Keys page.

4. Sorting the API Key Table: Sort your API keys by Name, Created Date, or Deactivated Date for easier management.

   

Why Does This Matter?

• 🔐Security: Easily rotate API keys to follow best practices.
• ⚙️Control: Admins maintain full control over API keys, while analysts can access keys needed for workflows.
• 👁️Transparency: Clear visibility into when keys are created or deactivated, reducing risk of unauthorized access.

🌟 New Feature Alert 🌟

You can now add Applications, Device IDs, and Session IDs to a List for even more flexibility in your workflows and monitors!

What's New?

• You can now add even more to your lists, including:

  • Applications
  • Device IDs
  • Session IDs

Why Does This Matter?

• 📋 Expands the power of Lists, making them more useful across a broader set of use cases.
• ⚙️ Helps streamline automation, investigations, and automated response actions.
• 🚀 Coming soon: Add your own custom workspace data to your lists.

🚀 Other Improvements 🚀

1. ⬇️ Event Data Export for All Users: All users, including Read-Only, can now download event data directly from Event Explorer tables.

2. 💳 Payment Hash Details: New side panel for Payment Hash nodes in the SignalPrint graph, providing quick context where previously there was none.

3. 📍Better Handling of Non-Routable IPs: Side panels for non-routable IPs now display “Location unavailable” instead of showing nothing—clearer, cleaner, and less confusing.

🌟 New Feature Alert 🌟

What's New?

• Search for Custom Workspace Data in Event Explorer

  • You can now search for custom event data (previously only viewable) directly in Event Explorer filters.

    

• Detailed Breach Information in Event Details Panel

  • Added visibility into which breach an email was in and the breach date, alongside existing breach count and most recent breach date.

    

Why Does This Matter?

• Enables deeper investigations by letting you run queries against your own custom data.
• Provides richer breach context for accounts, making it easier to prioritize follow-up actions.

💜Improvements Alert:purple_heart:

What's New?

• Updated Starter Copy for Notification Actions in Workflows

  • The starter copy for Email, Slack, and Teams messages now include workflow name, account ID, email, rule outcome, and reason. This starter copy can be modified.

  • Added helper text with a link to the list of available variables for customizing your own messages.

    

• Improved Threat Card Design

  • Streamlined key details for better readability and faster actionability.

    

Why Does This Matter?

• Notifications now give you all the context you need to act immediately on a rule evaluation.
• Improved threat card design reduces cognitive load, helping you spot key details at a glance.

🌟New Feature Alert 🌟

You can now set up Teams, Slack, or Email notifications as Actions in your workflows so your team is instantly informed when a rule is triggered. ⚡

What’s New?

• 🧠 Workflows actions — Add optional actions, including notifications, to any rule where the conditions are met.
• 💌 Send email — Pick your recipients and customize the message. The message field supports markdown.
• 💬 Send Slack or Teams notifications — Choose the channel and drop alerts right into your team’s existing workflows. Pun intended.
• 🪄 No blank slates! — Message bodies come pre-filled with a dynamic reason (e.g., “Risk is Impossible Travel and New Device”) so you’re never starting from scratch.
• ⚙️ Test it out in EVALUATE tab — Try it out in real time using the Evaluate tab. Yes, the action will run!

Why Does This Matter?

This release enhances your workflows, sending the right information to the right people, right away. Whether it’s routing alerts to a #security Slack channel, pinging a Teams group, or emailing an analyst, your rules now trigger real-time, actionable communication.

This is just the beginning. Soon, you'll be able to add more Actions like add to/remove from list, revoke all sessions, etc. Stay tuned—we're just getting started. 🚀

🌟 New Feature Alert 🌟

Build more sophisticated workflow rules with powerful OR logic and filter grouping! 🎉 Create nuanced filtering scenarios without resorting to complex CEL rules. Now you can handle advanced conditions with an intuitive point-and-click interface.

What's New?

• OR Logic at Top Level: Choose between AND or OR logic when combining filters in your workflow rules, giving you flexibility to create broader or more specific conditions.

• Group Filters: Organize related filters into logical groups, each with its own AND/OR operators. Perfect for creating complex "if this OR that" scenarios within your rules.

• Visual Filter Grouping: Group filters are displayed in visually distinct containers, allowing you to understand your rule logic at a glance.

Why Does This Matter?

• Reduced Complexity: Handle sophisticated filtering scenarios without writing custom CEL rules—simply point, click, and configure.

• Enhanced Flexibility: Create rules that catch threats across multiple conditions or risk profiles, improving your security coverage.

• Better Rule Management: Visual grouping makes complex workflows easier to understand, edit, and maintain over time.

🌟 New Feature Alert 🌟

Now you can receive threat notifications exactly where your team is already collaborating—in Microsoft Teams! 🎉 Stay ahead of identity threats without ever leaving your Microsoft Teams instance.

What’s New?

1. Send Threat Notifications to Microsoft Teams: Connect your Microsoft Teams instance to Verosint to receive real-time threat notifications where your team already works.
2. Select Desired Teams & Channels: Choose which Teams and Channels receive specific threat types or severity levels.
3. Real-Time Alerts: Get notified the moment suspicious activity is detected, in the tool where your team already works and communicates.

Why Does This Matter?

• Faster Response Time: Meet threats where your team is, cutting down the time between detection and action.
• Flexible Delivery: Route different types of threats to different Teams or Channels, so the right people are looped in immediately.
• Incident Response-Ready: Your team can triage and respond to threats and incidents detected by Verosint directly from within Microsoft Teams.

🌟 New Feature Alert 🌟

You can now use Workflows with your Microsoft Entra integration, bringing the power of automation to one of the most widely used identity providers in the enterprise space.

What’s New?

1. Our powerful Workflows feature now supports Microsoft Entra, allowing you to build and automate security workflows based on Entra-driven activity.
2. Automatically trigger workflows when user events from Entra are ingested by Verosint.

Why Does This Matter?

• Respond proactively with automated remediation, like blocking compromised accounts.
• Recognize legitimate users for seamless experiences, and introduce friction only when risks or anomalies arise.
• Deploy automated prevention fast, with no code to install on webpages, applications, or user devices.

This unlocks huge opportunities for enterprise customers using Microsoft Entra—enabling faster, smarter prevention with the automation power of Workflows. 💪

Getting started? Check out the docs.