🌟 New Feature Alert 🌟

We’re excited to introduce Monitors — a powerful new way to detect and act on the risks that matter most to you.

Learn more about how you can use Monitors to prevent unauthorized application access within your workspace and identify high-risk users automatically.

What’s New?

1. Define the Risks You Care About 🔍 – In addition to Verosint’s built-in threat detections, you can now create custom Monitors to catch the fraud patterns, suspicious behaviors, or threats unique to your business.

2. Automated Threat Response ⚡ – Your Monitors run on every event flowing through Verosint. When risky activity is detected, notifications are triggered automatically via email, Slack, and/or Microsoft Teams.

3. Always-On Protection 🛡️ – Monitors continuously watch every user action and system event, so once you set them up, you can “set it and forget it.”

4. For Both Workforce & Customers 🌍 – Monitors provide flexible detection across both workforce IAM and CIAM use cases.

   

Why Does This Matter?

1. In addition to the threats Verosint detects for you, you can tailor detection to the risks your business cares about most.
2. Reduce manual review time and respond faster by automating detection and notifications.
3. Gain peace of mind knowing Verosint is monitoring 24/7 in the background.

Stay tuned — we’ll be adding more actions soon to make your Monitors even more effective for detection, investigation, and response. 🚀

🌟 New Feature Alert 🌟

Verosint now allows admins to create and manage API keys directly in the workspace, making it easier to rotate keys and maintain security best practices.

What's New?

1. Create API Keys: Admins can create and name up to 10 active API keys per workspace.

2. Revoke API Keys: Admins can revoke keys at any time. Deactivated keys are timestamped in the Deactivated column.

3. Role-Based Access: Role-based access puts API key management in the right hands—protecting security while empowering the right teams to move faster.

   • Admins: Create, revoke, and view keys.
   • Analysts: View and copy keys.
   • Read-only users: Cannot access the API Keys page.

4. Sorting the API Key Table: Sort your API keys by Name, Created Date, or Deactivated Date for easier management.

   

Why Does This Matter?

• 🔐Security: Easily rotate API keys to follow best practices.
• ⚙️Control: Admins maintain full control over API keys, while analysts can access keys needed for workflows.
• 👁️Transparency: Clear visibility into when keys are created or deactivated, reducing risk of unauthorized access.

🌟 New Feature Alert 🌟

You can now add Applications, Device IDs, and Session IDs to a List for even more flexibility in your workflows and monitors!

What's New?

• You can now add even more to your lists, including:

  • Applications
  • Device IDs
  • Session IDs

Why Does This Matter?

• 📋 Expands the power of Lists, making them more useful across a broader set of use cases.
• ⚙️ Helps streamline automation, investigations, and automated response actions.
• 🚀 Coming soon: Add your own custom workspace data to your lists.

🚀 Other Improvements 🚀

1. ⬇️ Event Data Export for All Users: All users, including Read-Only, can now download event data directly from Event Explorer tables.

2. 💳 Payment Hash Details: New side panel for Payment Hash nodes in the SignalPrint graph, providing quick context where previously there was none.

3. 📍Better Handling of Non-Routable IPs: Side panels for non-routable IPs now display “Location unavailable” instead of showing nothing—clearer, cleaner, and less confusing.

🌟 New Feature Alert 🌟

What's New?

• Search for Custom Workspace Data in Event Explorer

  • You can now search for custom event data (previously only viewable) directly in Event Explorer filters.

    

• Detailed Breach Information in Event Details Panel

  • Added visibility into which breach an email was in and the breach date, alongside existing breach count and most recent breach date.

    

Why Does This Matter?

• Enables deeper investigations by letting you run queries against your own custom data.
• Provides richer breach context for accounts, making it easier to prioritize follow-up actions.

💜Improvements Alert💜

What's New?

• Updated Starter Copy for Notification Actions in Workflows

  • The starter copy for Email, Slack, and Teams messages now include workflow name, account ID, email, rule outcome, and reason. This starter copy can be modified.

  • Added helper text with a link to the list of available variables for customizing your own messages.

    

• Improved Threat Card Design

  • Streamlined key details for better readability and faster actionability.

    

Why Does This Matter?

• Notifications now give you all the context you need to act immediately on a rule evaluation.
• Improved threat card design reduces cognitive load, helping you spot key details at a glance.

🌟New Feature Alert 🌟

You can now set up Teams, Slack, or Email notifications as Actions in your workflows so your team is instantly informed when a rule is triggered. ⚡

What’s New?

• 🧠 Workflows actions — Add optional actions, including notifications, to any rule where the conditions are met.
• 💌 Send email — Pick your recipients and customize the message. The message field supports markdown.
• 💬 Send Slack or Teams notifications — Choose the channel and drop alerts right into your team’s existing workflows. Pun intended.
• 🪄 No blank slates! — Message bodies come pre-filled with a dynamic reason (e.g., “Risk is Impossible Travel and New Device”) so you’re never starting from scratch.
• ⚙️ Test it out in EVALUATE tab — Try it out in real time using the Evaluate tab. Yes, the action will run!

Why Does This Matter?

This release enhances your workflows, sending the right information to the right people, right away. Whether it’s routing alerts to a #security Slack channel, pinging a Teams group, or emailing an analyst, your rules now trigger real-time, actionable communication.

This is just the beginning. Soon, you'll be able to add more Actions like add to/remove from list, revoke all sessions, etc. Stay tuned—we're just getting started. 🚀

🌟 New Feature Alert 🌟

Build more sophisticated workflow rules with powerful OR logic and filter grouping! 🎉 Create nuanced filtering scenarios without resorting to complex CEL rules. Now you can handle advanced conditions with an intuitive point-and-click interface.

What's New?

• OR Logic at Top Level: Choose between AND or OR logic when combining filters in your workflow rules, giving you flexibility to create broader or more specific conditions.

• Group Filters: Organize related filters into logical groups, each with its own AND/OR operators. Perfect for creating complex "if this OR that" scenarios within your rules.

• Visual Filter Grouping: Group filters are displayed in visually distinct containers, allowing you to understand your rule logic at a glance.

Why Does This Matter?

• Reduced Complexity: Handle sophisticated filtering scenarios without writing custom CEL rules—simply point, click, and configure.

• Enhanced Flexibility: Create rules that catch threats across multiple conditions or risk profiles, improving your security coverage.

• Better Rule Management: Visual grouping makes complex workflows easier to understand, edit, and maintain over time.

🌟 New Feature Alert 🌟

Now you can receive threat notifications exactly where your team is already collaborating—in Microsoft Teams! 🎉 Stay ahead of identity threats without ever leaving your Microsoft Teams instance.

What’s New?

1. Send Threat Notifications to Microsoft Teams: Connect your Microsoft Teams instance to Verosint to receive real-time threat notifications where your team already works.
2. Select Desired Teams & Channels: Choose which Teams and Channels receive specific threat types or severity levels.
3. Real-Time Alerts: Get notified the moment suspicious activity is detected, in the tool where your team already works and communicates.

Why Does This Matter?

• Faster Response Time: Meet threats where your team is, cutting down the time between detection and action.
• Flexible Delivery: Route different types of threats to different Teams or Channels, so the right people are looped in immediately.
• Incident Response-Ready: Your team can triage and respond to threats and incidents detected by Verosint directly from within Microsoft Teams.

🌟 New Feature Alert 🌟

You can now use Workflows with your Microsoft Entra integration, bringing the power of automation to one of the most widely used identity providers in the enterprise space.

What’s New?

1. Our powerful Workflows feature now supports Microsoft Entra, allowing you to build and automate security workflows based on Entra-driven activity.
2. Automatically trigger workflows when user events from Entra are ingested by Verosint.

Why Does This Matter?

• Respond proactively with automated remediation, like blocking compromised accounts.
• Recognize legitimate users for seamless experiences, and introduce friction only when risks or anomalies arise.
• Deploy automated prevention fast, with no code to install on webpages, applications, or user devices.

This unlocks huge opportunities for enterprise customers using Microsoft Entra—enabling faster, smarter prevention with the automation power of Workflows. 💪

Getting started? Check out the docs.

✨ New Feature Alert ✨

Chat History is now live in the Vera Agentic AI interface! You can now view your past conversations with Vera, making it easier to pick up where you left off and review previous insights.

What's New?

1. Chat History Sidebar: See a list of your recent conversations on the left panel of the Vera interface.
2. Persistent Conversations: Each chat is saved, making it easy to revisit specific conversations.
3. Click to Resume: Reopen a previous conversation at any time and continue right where you left off.

Why Does This Matter?

• More context: No more losing track of important questions, responses, or insights—everything is saved.
• Smoother workflows: Jump back into previous investigations or reuse prompts that worked well.
• Better collaboration: Easily share or reference past conversations when working across teams.

As always, we're open to feedback. Tell us what you think!

🌟 New Feature Alert 🌟

Verosint supports non-routable IP addresses for workforce use cases!

Customers with internal networks often use non-routable IPs (e.g., 10.x.x.x, 192.168.x.x). Verosint fully supports these addresses when paired with location metadata, unlocking complete ITDR signal enrichment, threat detection, and workflow automation.

What's New?

1. 🌍 IP Enrichment Works for Non-Routable IPs – When location metadata is provided, Verosint enriches activity from internal IPs just like public ones.
2. 🔍 Risk Detection & Workflow Accuracy for Non-Routable IPs – Impossible Travel and other location-based detections now function seamlessly for non-routable traffic. Plus, this location context enhances automated decision-making in workflows, enabling smarter access control across your internal user base.
3. 📊 Unified View of Workforce Risks – Internal employee activity is now visible and actionable within your Verosint environment.

Why Does This Matter?

• 🛡️ Full ITDR Coverage: Cybercriminals don't break in, they log in. Now, you can detect suspicious behavior across your entire workforce—even behind the firewall.
• ⚡ No Gaps in Observability: Just because an IP isn’t public doesn’t mean it should go unanalyzed. With this update, it doesn’t.
• ✅ Insight Activation: If you're already tracking internal IPs with location context, Verosint can make that data work immediately.

Your internal networks just became a whole lot safer. You're welcome.