Supported Event Types and Data Fields

The first step in detecting suspicious activity is understanding what’s already happening in your environment.

Send your existing usage logs to Verosint, either using the API or CLI. Verosint automatically analyzes user behavior, highlights anomalies, and surfaces risky patterns.

The richer the event data, the more precise our threat detection. Results are visualized in the Threats inbox, Account Intelligence, the Event Explorer and SignalPrint, where you can easily see detected threats, investigate accounts, and analyze user activity.

📘

Processing Identifiers

  • Only valid identifiers on an event are processed and enriched with Verosint signals.
  • If at least one identifier is valid, the event is saved and signals are processed for valid data only.
  • If no identifiers are valid, the event is discarded and no signals are processed.

Supported Identifier Fields

The following table lists the fields that you can submit to Verosint:

Identifier Name

Description

Example

timestamp

RFC3339 or UNIX formatted timestamp (defaults to the time of submission when omitted)

2023-03-25T16:04:43.865-05:00

accountId

the unique user identifier (may be the same as email)

  • *Note:** Account ID is case sensitive, Verosint will not transform the data sent in the account ID field

babsjensen

email

the email address of the user

[email protected]

userAgent

the full user agent string associated with the event

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36

ip

the origin IPv4 or IPv6 address

97.105.216.107

phone

the phone number of the user in the international phone number format

+15123944240

type

the event type

LOGIN_SUCCESS

deviceId

the optional device ID associated with an event, with a maximum of 150 characters

device-abc-1234

sessionId

the session identifier

session-id-1234

targetApp

the target application identifier

app-abc-1234

📘

Specifying Identifiers

  • Event type, IP address, and user agent are required.
  • If you add events without an account ID or an email address, they will not display in SignalPrint.
  • If there is an email address but no account ID, it will display in SignalPrint if the email has history against other events with more data.

Each event may have at most one identifier for each type. For example, each event can only have a single IP address.

Event Types

The following table lists event types that you can submit to Verosint:

Verosint EventDescription
ACCOUNT_RECOVERY_FAILEDFailed account recovery
ACCOUNT_RECOVERY_SUCCESSSucceeded to recover account
CHANGE_EMAIL_FAILEDFailed to change email
CHANGE_EMAIL_SUCCESSSucceeded to change email
CHANGE_PASSWORD_FAILEDFailed to change password
CHANGE_PASSWORD_SUCCESSSucceeded to change password
CHANGE_PAYMENT_FAILEDFailed to change payment
CHANGE_PAYMENT_SUCCESSSucceeded to change payment
CHANGE_PHONE_FAILEDFailed to change phone number
CHANGE_PHONE_SUCCESSSucceeded to change phone number
CHANGE_USERNAME_FAILEDFailed to change username
CHANGE_USERNAME_SUCCESSSucceeded to change username
EMAIL_SUCCESSSucceeded to send email
LOGIN_FAILEDFailed to log in
LOGIN_SUCCESSSucceeded to log in
LOGOUT_FAILEDFailed to log out
MFA_DEVICE_UNENROLLEDUnenrolled device used for MFA
MFA_ENROLLMENT_FAILEDFailed enrollment in MFA
MFA_ENROLLMENT_SUCCESSCompleted enrollment in MFA
MFA_FAILEDFailed to authenticate with MFA
MFA_STARTEDStarted MFA authentication
MFA_SUCCESSSucceeded to authenticate with MFA
PAYMENT_ADDED_FAILEDFailed to add payment
PAYMENT_ADDED_SUCCESSSucceeded to add payment
PAYMENT_FAILEDPayment failed
PAYMENT_REMOVED_FAILEDFailed to remove payment
PAYMENT_REMOVED_SUCCESSSucceeded to remove payment
PAYMENT_SUCCESSPayment succeeded
PUSH_NOTIFICATION_FAILEDFailed to send push notification
PUSH_NOTIFICATION_SUCCESSSucceeded to send push notification
SIGNUP_FAILEDFailed to sign up
SIGNUP_SUCCESSSucceeded to sign up
SMS_FAILEDFailed to send SMS
SMS_SUCCESSSucceeded to send SMS
TOKEN_ISSUED_SUCCESSSucceeded to issue token
VERIFICATION_SUCCESSSucceeded identity verification