Log Ingestion

You can configure Auth0 to stream logs into Verosint to detect account fraud. Logs ingested by Verosint will create event and account prints in SignalPrint and show details in the Explorer.

📘

Ingest Past and Present Logs

When configuring Auth0, you can start streaming at the current date and time, or you can set a previous time and have past logs evaluated in addition to current logs. Adding previous access events to the ingestion can help create a more complete picture of potential fraud in your environment.

If you want to enable device fingerprinting, use the Verosint Action available in the Auth0 marketplace. You will not need log ingestion for sign up success & login success events.

In Auth0 navigate to Monitoring -> Streams -> Create Stream -> Custom Webhook. Enter your information on the Custom webhook page, which is divided into three sections.

Log stream details

1. Enter a name for this webhook.
2. Enter Verosint's URL https://api.verosint.com/v1/signalprint/logs to receive data in the Payload URL field.
3. Type Bearer in the Authorization Token field and append your Verosint API key, which is located in your Verosint account profile. Make sure that there is a space character between Bearer and the API key.
4. Set Content Type to application/json
5. Set Filter by Log Event Category to include Authentication events (Login, Logout, Signup,Silent Authentication - Success, Token Exchange - Success), User/Behavioral events (Failure, Notification, Success), and Other events (to include MFA events)
6. Select the date when you want log streaming to start. If you choose a past date, ingestion may take some time, depending on the amount of data you include.

Obscure log stream data

Verosint log ingestion depends on email and username fields. Do not select these fields for obfuscation.

Payload preview

Make sure you select JSON Array as the Content Format. This content type is the only supported streaming format.

When finished, make sure you save the settings.