Log Ingestion

You can configure Auth0 to stream logs into Verosint to detect account fraud. Logs ingested by Verosint will create event and account prints in SignalPrint and show details in the Explorer.

📘

Ingest Past and Present Logs

When configuring Auth0, you can start streaming at the current date and time, or you can set a previous time and have past logs evaluated in addition to current logs. Adding previous access events to the ingestion can help create a more complete picture of potential fraud in your environment.

If you want to enable device fingerprinting, use the Verosint Action available in the Auth0 marketplace. You will not need log ingestion for sign up success & login success events.

In Auth0 navigate to Monitoring -> Streams -> Create Stream -> Custom Webhook. Enter your information on the Custom webhook page:

1. Enter a name for this webhook.
2. Enter Verosint's URL https://api.verosint.com/v1/signalprint/logs to receive data.
3. Type Bearer in the Authorization Token field and append your Verosint API key, which is located in your Verosint account profile. Make sure that there is a space character between Bearer and the API key.
4. Select the following settings, and choose the events processed by Verosint:
   Content Type -> Application/JSON
   Content Format -> JSON Array
   Filter by Event Category -> Authentication events (Login, Logout, Signup), User/Behavioral events (Failure, Notification, Success), and Other events (to include MFA events)
   For a list of all event types, see Events.
5. Select the date when you want log streaming to start. If you choose a past date, ingestion may take some time, depending on the amount of data you include.
6. Save the settings.