🌟 New Features Alert!

We’ve introduced some exciting updates to help you gain deeper insights into session activity and detect potential threats more effectively.

What’s New?

1. New Event Type:TOKEN_ISSUED_SUCCESS : This event indicates when access tokens are issued post authentication, providing greater visibility into session activity.
2. Sessions Tab in Explorer:
   • A dedicated Sessions Tab is now available in Explorer, providing a comprehensive view of session activity.
   • Easily track active sessions, detect shared sessions, and uncover suspicious behaviors.
3. New User Agent Signals
   • USERAGENT:OBSOLETE: This new risk signal flags user agents older than 180 days.
   • userAgent.daysSinceRelease: Displays the age of a user agent in days, helping you identify outdated or unusually old user agents that might indicate suspicious activity.

Why This Matters?

• Greater Session Observability: The Sessions Tab offers streamlined access to critical session data, making it easier to identify and respond to anomalies and suspicious activity.
• Improved Threat Detection: New user agent signals give you advanced insights into potentially risky behavior, such as the use of outdated browsers or applications.
• Proactive Security: These updates empower your team to stay ahead of threats with enhanced visibility and actionable data.

💜 Improvements Alert!

We’ve made updates to Threat Insights to ensure everything is crystal clear—spend less time deciphering data and more time responding to threats effectively.

What’s Improved?

Credential Stuffing Insight

Credential stuffing attacks lead to three outcomes:
1️⃣ Successful Takeovers
2️⃣ Failed Takeovers
3️⃣ Nonexistent Accounts (those that don’t match any existing account in your workspace)

We’ve now added Nonexistent Accounts to the Credential Stuffing Attack card to give you a complete view of attack activity.

💡

Pro tip: The sum of Successful Takeovers, Failed Takeovers, and Nonexistent Accounts equals the Total Attempts displayed in the Attack Size & Scope.

Account Takeover Insight

We got feedback that it wasn’t always obvious why an account was taken over—so we made it stand out.

• The reason for the takeover is now highlighted more clearly.
• The email shown in the card is now a clickable link that takes you directly to the associated Account Intelligence page for deeper analysis.

Why Does This Matter?

These improvements make Threat Insights more readable and actionable, so you can spend less time deciphering data and more time responding to threats effectively.

🌟 New Feature Alert!

Verosint has enhanced the way you interact with threat notifications by introducing the Threat Details Panel, a contextual view designed to streamline your response to credential stuffing attacks.

What’s New?

• Accessible directly from the threat card in the Verosint app or via email notification, the panel provides concise yet actionable details about the detected threat
• Includes key threat metrics, IP location activity, and a list of compromised accounts (if any) to help verify legitimacy without diving into complex logs

Why This Matters?

• Simplifies threat investigation by bridging the gap between alert notifications and detailed, complex logs
• Makes responding to threats faster, more intuitive, and seamlessly integrated into your workflow

This update reflects our commitment to enhancing security observability and actionability, creating a more valuable user experience. Try it out and let us know what you think!

💜 Improved Device Info & Signals

We're always looking to improve your user experience. We've made improvements to our device signals, so you know exactly what kind of device is being used by an account. These include support for:

• Okta-specific user agents such as Okta Radius Agent and OktaVerify as well as Okta mobile apps
• Native applications / mobile built with CFNetwork. Now we show the OS as iOS for these devices (instead of unknown)
• The Indy Library bot and WhatsApp bot now trigger the USER_AGENT:BOT risk
• The following custom iOS apps such as Grailed, BestBuy apps, and Outlook on iOS are now parsed properly
• The following Mozilla compatible user agents are now parsed properly: FreeBSD with Firefox, PlayStation, Opera Touch on iOS, and Windows Phone

🦃 Happy Thanksgiving from the Verosint family to yours! 🥧

🌟 New Feature Alert! You can now send session data with your events to see what's really happening once your users have logged in. Specifically, you will understand user behavior more comprehensively and identify patterns and anomalies within active sessions.

Why does this matter? This enhancement lays the groundwork for detecting session hijacking and shared session threats, enabling stronger security and a more seamless user experience. 🚀

How do I set this up? Refer to our API Reference for details on how to send sessionId and targetApp info with your events. ⚙️

Once you send session data, you can search for and see the enriched information in the Event Explorer

🔔 New feature alert! Verosint now detects and notifies you about threats on your platform, including credential stuffing attacks and account takeovers. These insights are obvious, actionable, and easy to verify, so you know exactly what next steps to take when these threats occur.

💜 We're always looking to improve your experience. Verosint makes it easy to trust, but verify the threats and hidden fraud on your platform. We've added a whole bunch of improvements that make trust, but verify a snap! 🫰

1. We removed search result limits in Explorer!🎉 There used to be a 10,000 records limit in the Events table and a 100 records limit in the Accounts, IPs, Prints, and Emails, and Phones tables. Now when you run a search, you get back all results, paginated neatly. You're welcome.

   

2. In the Accounts tab, we replaced the link to the SignalPrint graph with a link to the Account Intelligence page. This makes it easier to drill down into a specific account and see any unusual activity that is worth taking a closer look at.

   

3. In the heat map charts in Explorer, we now save the Group By selection you choose in the URL. This way, when you bookmark and send the link to a colleague, they'll see the Group By too!

   

4. We added a mobile optimized view of the Verosint application for onboarding! Check out https://app.verosint.com from your 📱mobile device!

🔔 New feature alert! You can now enable device fingerprinting with Verosint!

Device fingerprinting uniquely identifies the device used to access a service, and provides an effective layer of security in combating threats by identifying unusual or suspicious device behavior. Enable device fingerprinting with Verosint by:

• Configuring an Auth0 Login
• Adding the VerosintJS Library to Your Application

Device fingerprinting with Verosint enables you to:

1. Prevent Account Takeovers
2. Identify New or Unusual Devices
3. Add Risk-Based Authentication, evaluating the risk of each login attempt to your application

Check out our guide to get set up and running!

💜 We're always looking to improve your experience. We've made some updates to Explorer that will make it even faster and easier to verify conclusions.

1. Want to know the exact count of events? accounts? IPs?

   Hover over the count on the specific tab.

   

   You can also scroll down to the bottom right corner of the table to see the total count of results.

   

2. In the Events by Type stacked bar chart, we noticed a timezone bug and that the bars would increment in un-intuitive intervals (for example, every 46 minutes 🤯). We fixed this so that the bar chart increments will always be a round number (e.g., daily, 3 hours, 5 minutes, etc.), which should make it easier to read and interpret the data.

   

🔔 We added custom actions to workflows. This allows you to provide whatever string of characters you'd like, to set outcomes in your workflows.

In this example, I created a custom action called "LOGOUT" in the Verosint Account Protection for Logins workflow.

Of course you can always feel free to use our default actions. 😉

We actually added 3️⃣ new signals that can be used in workflows to prevent multiple signups from the same IP address:

ip.signupSuccessCount.last24hours

ip.signupSuccessCount.last7days

ip.signupSuccessCount.lastHour