Log File Ingestion

You can configure Auth0 to stream logs into Verosint to detect account fraud. Logs ingested by Verosint will create event and account prints in the SignalPrint Explorer and show details in the Fraud Dashboards.

πŸ“˜

Ingest Past and Present Logs

When configuring Auth0, you can start streaming at the current date and time, or you can set a previous time and have past logs evaluated in addition to current logs. Adding previous access events to the ingestion can help create a more complete picture of potential fraud in your environment.

In Auth0 navigate to Logging -> Monitoring -> Streams -> Create a Stream -> Create Webhook. Enter your information on the Custom webhook page:

Auth0 Custom Webhook Page

Auth0 Custom Webhook Page

  1. Enter a name for this webhook.
  2. Enter Verosint's URL https://api.verosint.com/v1/signalprint/logs to receive data.
  3. Type Bearer in the Authorization Token field and append your Verosint API key, which is located in your Verosint account profile. Make sure that there is a space character between Bearer and the API key.
  4. Select the following settings, and choose the events processed by Verosint:
    Content Type -> Application/JSON
    Content Format -> JSON Array
    Filter by Event Category ->
    Authentication events (Login, Logout, Signup), User/Behavioral events (Failure, Notification, Success), and Other events (to include MFA events)
    For a list of all event types, see Events.
  5. Select the date when you want log streaming to start. If you choose a past date, ingestion may take some time, depending on the amount of data you include.
  6. Save the settings.