Supported Event Types and Data Fields
The first step in detecting suspicious activity is understanding what’s already happening in your environment.
Send your existing usage logs to Verosint, either using the API or CLI. Verosint automatically analyzes user behavior, highlights anomalies, and surfaces risky patterns.
The richer the event data, the more precise our threat detection. Results are visualized in the Threats inbox, Account Intelligence, the Event Explorer and SignalPrint, where you can easily see detected threats, investigate accounts, and analyze user activity.
Processing Identifiers
- Only valid identifiers on an event are processed and enriched with Verosint signals.
- If at least one identifier is valid, the event is saved and signals are processed for valid data only.
- If no identifiers are valid, the event is discarded and no signals are processed.
Supported Identifier Fields
The following table lists the fields that you can submit to Verosint:
Identifier Name | Description | Example |
|---|---|---|
timestamp | RFC3339 or UNIX formatted timestamp (defaults to the time of submission when omitted) | 2023-03-25T16:04:43.865-05:00 |
accountId | the unique user identifier (may be the same as email)
| babsjensen |
the email address of the user | ||
userAgent | the full user agent string associated with the event | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 |
ip | the origin IPv4 or IPv6 address | 97.105.216.107 |
phone | the phone number of the user in the international phone number format | +15123944240 |
type | the event type | LOGIN_SUCCESS |
deviceId | the optional device ID associated with an event, with a maximum of 150 characters | device-abc-1234 |
sessionId | the session identifier | session-id-1234 |
targetApp | the target application identifier | app-abc-1234 |
Specifying Identifiers
- Event type, IP address, and user agent are required.
- If you add events without an account ID or an email address, they will not display in SignalPrint.
- If there is an email address but no account ID, it will display in SignalPrint if the email has history against other events with more data.
Each event may have at most one identifier for each type. For example, each event can only have a single IP address.
Event Types
The following table lists event types that you can submit to Verosint:
| Verosint Event | Description |
|---|---|
ACCOUNT_RECOVERY_FAILED | Failed account recovery |
ACCOUNT_RECOVERY_SUCCESS | Succeeded to recover account |
CHANGE_EMAIL_FAILED | Failed to change email |
CHANGE_EMAIL_SUCCESS | Succeeded to change email |
CHANGE_PASSWORD_FAILED | Failed to change password |
CHANGE_PASSWORD_SUCCESS | Succeeded to change password |
CHANGE_PAYMENT_FAILED | Failed to change payment |
CHANGE_PAYMENT_SUCCESS | Succeeded to change payment |
CHANGE_PHONE_FAILED | Failed to change phone number |
CHANGE_PHONE_SUCCESS | Succeeded to change phone number |
CHANGE_USERNAME_FAILED | Failed to change username |
CHANGE_USERNAME_SUCCESS | Succeeded to change username |
EMAIL_SUCCESS | Succeeded to send email |
LOGIN_FAILED | Failed to log in |
LOGIN_SUCCESS | Succeeded to log in |
LOGOUT_FAILED | Failed to log out |
MFA_DEVICE_UNENROLLED | Unenrolled device used for MFA |
MFA_ENROLLMENT_FAILED | Failed enrollment in MFA |
MFA_ENROLLMENT_SUCCESS | Completed enrollment in MFA |
MFA_FAILED | Failed to authenticate with MFA |
MFA_STARTED | Started MFA authentication |
MFA_SUCCESS | Succeeded to authenticate with MFA |
PAYMENT_ADDED_FAILED | Failed to add payment |
PAYMENT_ADDED_SUCCESS | Succeeded to add payment |
PAYMENT_FAILED | Payment failed |
PAYMENT_REMOVED_FAILED | Failed to remove payment |
PAYMENT_REMOVED_SUCCESS | Succeeded to remove payment |
PAYMENT_SUCCESS | Payment succeeded |
PUSH_NOTIFICATION_FAILED | Failed to send push notification |
PUSH_NOTIFICATION_SUCCESS | Succeeded to send push notification |
SIGNUP_FAILED | Failed to sign up |
SIGNUP_SUCCESS | Succeeded to sign up |
SMS_FAILED | Failed to send SMS |
SMS_SUCCESS | Succeeded to send SMS |
TOKEN_ISSUED_SUCCESS | Succeeded to issue token |
VERIFICATION_SUCCESS | Succeeded identity verification |
Updated 2 days ago