Create a Monitor

🚀

Monitors let you take real-time actions on events in your workspace. Each one runs on every event and triggers automated actions when conditions are met.

To create a Monitor:

1. Select Monitors from the navigation pane and click the + in the top right corner of the page.

2. Name the Monitor: Enter a unique name for the Monitor.

3. Define Conditions: Use the filter builder or custom expressions to specify the conditions you want to detect.

   1. Standard filters let you choose from Verosint’s powerful options, including Event Type, Identifiers, Lists, Risks, and a wide range of Signals tied to Email, IP Address, User Agent, Phone, Payment, and more.

   2. Custom filters: Use Common Expression Language (CEL) to create flexible, powerful rules for fraud detection (learn more about building CEL expressions here).

      📘

      Some Verosint signals (e.g., account.asoCount.last24hours) are only available in Custom CEL mode.

4. Configure Automated Actions: Choose how you want Verosint to respond when your defined conditions are met. Supported actions include:

   1. Send Email: Trigger an email notification to specified recipients or distribution list.
   2. Send Slack Message: Trigger a message to specified Slack channels.
   3. Send Teams Message: Trigger a message to specified Microsoft Teams channels.
   4. Send to Datadog: Send event details as a JSON payload to Datadog.
   5. Send to Splunk: Send event details as a JSON payload to Splunk.
   6. Send to Webhook: Send event details as a JSON payload to a custom webhook.
   7. Add to List: Automatically add an entity (account, session, device, etc.) to a selected List for future monitoring or investigation.

5. Hit Create. The Monitor is live!

   📘

   Required Integrations for Actions: Slack, Teams, Datadog, Splunk, and Webhook actions only appear if those integrations are already configured in your Account Settings.

   Notification Payloads: For Datadog, Splunk, and Webhook, the event payload is identical to what you receive through your configured SIEM Logs.

   Message Customization: To personalize your Email, Slack, or Teams messages, see Action Variables.

Every event flowing into Verosint is evaluated against your Monitors. When conditions are met, configured actions are automatically executed in real time.