Signal Definitions

Verosint uses signals to evaluate accounts for fraud based on open-source intelligence data. Account fraud can be determined through IP address, email, and phone data characteristics. Once fraud is found, signals power rules to guard against unwanted access to your systems.

Account Evaluation

SignalTypeDescription
account.asnCount.last24hoursintegerThe number of distinct ASNs used to access this account in the last 24 hours
account.asnCount.last7daysintegerThe number of distinct ASNs used to access this account in the last 7 days
account.asoCount.last24hoursintegerThe number of distinct ISPs used to access this account in the last 24 hours
account.asoCount.last7daysintegerThe number of distinct ISPs used to access this account in the last 7 days
account.connectedAccounts.countintegerThe number of other accounts connected to this account in SignalPrint
account.eventCount.last24hoursintegerThe number of events seen for this account in the last 24 hours
account.eventCount.last7daysintegerThe number of events seen for this account in the last 7 days
account.eventCount.lastHourintegerThe number of events seen for this account in the last hour
account.locationCount.last24hoursintegerThe number of distinct locations used to access this account in the last 24 hours
account.locationCount.last7daysintegerThe number of distinct locations used to access this account in the last 7 days
account.loginFailedCount.last24hoursintegerThe number of login failed events seen for this account in the last 24 hours
account.loginFailedCount.last7daysintegerThe number of login failed events seen for this account in the last 7 days
account.loginFailedCount.lastHourintegerThe number of login failed events seen for this account in the last hour
account.loginSuccessCount.last24hoursintegerThe number of login success events seen for this account in the last 24 hours
account.loginSuccessCount.last7daysintegerThe number of login success events seen for this account in the last 7 days
account.loginSuccessCount.lastHourintegerThe number of events seen for this account in the last hour
account.mfaFailedCount.last24hoursintegerThe number of MFA failed events seen for this account in the last 24 hours
account.mfaFailedCount.last7daysintegerThe number of MFA failed events seen for this account in the last 7 days
account.mfaFailedCount.lastHourintegerThe number of MFA failed events seen for this account in the last hour
account.mfaSuccessCount.last24hoursintegerThe number of MFA success events seen for this account in the last 24 hours
account.mfaSuccessCount.last7daysintegerThe number of MFA success events seen for this account in the last 7 days
account.mfaSuccessCount.lastHourintegerThe number of MFA success events seen for this account in the last hour
account.userAgentCount.last24hoursintegerThe number of distinct user agents used to access this account in the last 24 hours
account.userAgentCount.last7daysintegerThe number of distinct user agents used to access this account in the last 7 days
account.verificationSuccessCount.
last24hours
integerThe number of verification success events seen for this account in the last 24 hours
account.verificationSuccessCount.
last7days
integerThe number of verification success events seen for this account in the last 7 days
account.verificationSuccessCount.
lastHour
integerThe number of verification success events seen for this account in the last hour
account.verificationSuccessCount.totalintegerThe total number of verification success events seen for this account in the last 180 days

Email Address Evaluation

SignalTypeDescription
email.breachInfo.breachesarrayArray containing data about every time the email was breached
email.breachInfo.countintegerDetermines if an email is found in any known breaches and the number of breaches
email.breachInfo.daysSinceLastBreachintegerIdentifies the time in days since the last breach in which the email was found
email.breachInfo.mostRecentBreachDatestringDetermines if an email is found in a breach, specified by date
email.breachInfo.yearsSinceLastBreachintegerIdentifies the time in years since the email was found in a breach
email.domainstringDomain name of the email in a normalized format
email.domainRegistrationInfo.
daysSinceDomainRegistered
integerIdentifies the time in days since the email domain was registered
email.domainRegistrationInfo.
domainRegistrationDate
stringSpecifies a date by which the email domain should have been registered
email.domainRegistrationInfo.
yearsSinceDomainRegistered
integerIdentifies the time in years since the email domain was registered
email.emailServerstringSpecifies an email server name
email.riskScoreintegerSpecifies a risk value for an email between 0 (safe) and 100 (risky) for Verosint to assess against OSINT data and internal algorithms

Event Evaluation

SignalTypeDescription
event.anomalyScoreintegerSpecifies an anomaly value for the event between 0 (normal) and 100 (highly unusual) relative to the account’s history
event.listsarrayEvent is on these lists
event.riskScoreintegerSpecifies a risk value for an event between 0 (safe) and 100 (risky) for Verosint to assess against OSINT data and internal algorithms
event.risksarraySee details in the table

Request Identifiers

SignalTypeDescription
identifiers.accountIdstringThe account ID
identifiers.emailstringThe email address
identifiers.ipstringThe IPv4 or IPv6 address
identifiers.paymentHashstringThe hashed payment method identifier
identifiers.phonestringThe phone number in E.164 format
identifiers.printIdstringThe print ID
identifiers.timestampstringThe RFC3339 formatted timestamp. Current time is used if not specified
identifiers.userAgentstringThe full user agent string

IP Address Evaluation

SignalTypeDescription
ip.asnstringIdentifies the Autonomous System Number of the IP assigned to a group of IP prefixes run by network operators that maintain a defined routing policy to the Internet
ip.asnInfo.sizestringSize class expressed in t-shirt sizes that reflect the available IP addresses in the ASN
ip.asostringIdentifies the Autonomous System Organization that administers the IP address
ip.geo.latitudenumberIdentifies the location coordinate of the IP address north or south of the equator
ip.geo.longitudenumberIdentifies the location coordinate of the IP address east or west of the prime meridian
ip.location.citystringIdentifies the city in which the IP address is located
ip.location.continentstringIdentifies the two-letter continent code (ISO 3166-1) from which an IP address is located
ip.location.countrystringIdentifies the two-letter country code (ISO 3166-1) from which an IP address is located
ip.location.regionstringIdentifies the geographical region (state/province) in which the IP is located
ip.location.regionCodestringIdentifies the two-letter region code from which an IP address is located
ip.locationIdstringUnique identifier assigned to the location by GeoNames
ip.network.cidrstringNetwork address in the CIDR (Classless Inter-Domain Routing) format
ip.network.sizestringSize class expressed in t-shirt sizes that reflect the available IP addresses in the network
ip.privacyProviderstringName of the IP privacy service provider, available when vpn, relay, hosted or proxy is true
ip.riskScoreintegerSpecifies a risk value for an IP address between 0 (safe) and 100 (risky) for Verosint to assess against OSINT data and internal algorithms
ip.timezonestringIdentifies the timezone of an IP address
ip.typestringThe type of business using the IP address such as isp, hosting, education

Phone Number Evaluation

SignalTypeDescription
phone.carrierstringSpecifies the name of a phone service provider
phone.carrierIdentificationCodestringSpecifies the carrier identification code (CIC), a four-digit numeric code assigned to carriers or other entities that access a local exchange carrier (LEC) network
phone.location.countrystringSpecifies the two-letter country code (ISO 3166-1) where the phone number is registered
phone.location.regionstringSpecifies the geographical region (state/province) in which the phone is located
phone.mobileCountryCodestringSpecifies a mobile country code (MCC)
phone.mobileNetworkCodestringSpecifies a mobile network code (MNC)
phone.riskScoreintegerSpecifies a risk value for a phone number between 0 (safe) and 100 (risky) for Verosint to assess against OSINT data and internal algorithms
phone.typestringIdentifies the specified phone number type such as wireless, a fixed line, or Voice Over IP

SignalPrint Evaluation

SignalTypeDescription
print.connectedAccounts.avgDegreesnumberThe average number of degrees to the connected accounts in SignalPrint
print.connectedAccounts.countintegerThe number of other accounts connected to this print in SignalPrint
print.connectedAccounts.maxDegreesintegerThe maximum number of degrees to the connected accounts in SignalPrint
print.connectedAccounts.minDegreesintegerThe minimum number of degrees to the connected accounts in SignalPrint
print.eventCount.last24hoursintegerThe number of events seen for this print in the last 24 hours
print.eventCount.last7daysintegerThe number of events seen for this print in the last 7 days
print.eventCount.lastHourintegerThe number of events seen for this print in the last hour
print.failedAcctsCount.last24hoursintegerThe number of accounts with a a failed login connected to this print in the last 24 hours
print.failedAcctsCount.last7daysintegerThe number of accounts with a a failed login connected to this print in the last 7 days
print.failedAcctsCount.lastHourintegerThe number of accounts with a a failed login connected to this print in the last hour
print.loginFailedCount.last24hoursintegerThe number of login failed events seen for this print in the last 24 hours
print.loginFailedCount.last7daysintegerThe number of login failed events seen for this print in the last 7 days
print.loginFailedCount.lastHourintegerThe number of login failed events seen for this print in the last hour
print.loginSuccessCount.last24hoursintegerThe number of login success events seen for this print in the last 24 hours
print.loginSuccessCount.last7daysintegerThe number of login success events seen for this print in the last 7 days
print.loginSuccessCount.lastHourintegerThe number of events seen for this print in the last hour
print.mfaFailedCount.last24hoursintegerThe number of MFA failed events seen for this print in the last 24 hours
print.mfaFailedCount.last7daysintegerThe number of MFA failed events seen for this print in the last 7 days
print.mfaFailedCount.lastHourintegerThe number of MFA failed events seen for this print in the last hour
print.mfaSuccessCount.last24hoursintegerThe number of MFA success events seen for this print in the last 24 hours
print.mfaSuccessCount.last7daysintegerThe number of MFA success events seen for this print in the last 7 days
print.mfaSuccessCount.lastHourintegerThe number of MFA success events seen for this print in the last hour
print.signupFailedCount.last24hoursintegerThe number of signup failed events seen for this print in the last 24 hours
print.signupFailedCount.last7daysintegerThe number of signup failed events seen for this print in the last 7 days
print.signupFailedCount.lastHourintegerThe number of signup failed events seen for this print in the last hour
print.signupSuccessCount.last24hoursintegerThe number of signup success events seen for this print in the last 24 hours
print.signupSuccessCount.last7daysintegerThe number of signup success events seen for this print in the last 7 days
print.signupSuccessCount.lastHourintegerThe number of signup success events seen for this print in the last hour
print.verificationSuccessCount.
last24hours
integerThe number of verification success events seen for this print in the last 24 hours
print.verificationSuccessCount.
last7days
integerThe number of verification success events seen for this print in the last 7 days
print.verificationSuccessCount.lastHourintegerThe number of verification success events seen for this print in the last hour
print.verificationSuccessCount.totalintegerThe total number of verification success events seen for this print in the last 180 days

User Agent Evaluation

SignalTypeDescription
userAgent.browser.namestringIdentifies the name of the browser, such as Safari
userAgent.browser.versionstringIdentifies the version of the browser
userAgent.device.namestringIdentifies the name of the device
userAgent.device.typestringIdentifies the type of device
userAgent.os.namestringIdentifies the operating system on the device
userAgent.os.versionstringIdentifies the version of the operating system on the device