Alerts

The Alerts section allows organizations to define the exact conditions under which they want to be notified. These alerts act as automated triggers, ensuring that the SOC team or administrators are instantly informed whenever critical events occur across the dark web, surface web, or within the brand protection module.

Notification Name

  • Notification Name→ A required field where the user specifies a clear, descriptive name for the alert (e.g., Dark Web Breach Alert, Brand Protection Fraud Alert).

    This helps differentiate alerts when multiple notifications are active.

Notification Type

Users can choose from several categories depending on their monitoring needs:

  • License

    • Reminder Before License Expired → Sends a notification before the platform license ends.

    • License Expired → Alerts when the subscription/license has already expired.

  • Dark Web

    • Botnets → Alerts when infected devices or credentials tied to the organization appear in botnet logs.

    • Breaches → Notifies when a breach contains organizational emails, usernames, or passwords.

    • Credit Cards → Monitors and triggers alerts when stolen or leaked card data is discovered.

    • Mentions → Alerts when the brand, domains, or keywords are mentioned on underground forums or channels.

    • Ransomware → Notifies when the organization appears on ransomware leak sites.

    • VIPs → Sends alerts when monitored high-value individuals (executives, board members, etc.) appear in leaks.

  • Surface Web

    • Impersonating Domains → Alerts for domains or websites impersonating the brand.

    • Dormant → Flags inactive domains/subdomains tied to the brand that could be exploited.

    • New Subdomains → Alerts when new subdomains associated with the organization are detected.

    • Threat Exposures → Captures other exposures related to the surface web.

    • Reminder Before Domain Registration Expiry Date → Alerts before domain renewals are due.

    • Certificate Notification → Tracks SSL/TLS certificates tied to the brand.

    • Reminder Before Certificate Expired → Prevents outages or misuse by warning before certificate expiration.

  • Brand Protection

    • Brand Protection Request Takedown → Notification triggered when a fraudulent asset is submitted for takedown.

    • Brand Protection Takedown Completed → Alerts once the takedown has been successfully executed.

    • New Brand Fraud Detected → Notifies when new fraudulent activity tied to the brand (websites, ads, or social media accounts) is detected.

When you click next you faced notification Settings

The setup is divided into three steps, giving users fine-grained control:

Notification Main Details

  • IP Address

    You can narrow notifications to specific IP addresses. Useful if you only want alerts related to known servers, corporate ranges, or sensitive assets.

  • Compromised Date

    Filter by the date when the compromise was first detected. This helps if you only care about recent incidents instead of old ones.

  • Computer System

    Select a specific machine or system name. For example, if you only want to track exposures on HR systems or finance servers.

  • Antiviruses

    Choose alerts where a specific antivirus was detected or bypassed. Useful for understanding how fraud or malware interacts with your defense tools.

  • Screenshot

    Filters notifications that include a screenshot as proof. This is critical when you want visual evidence of fraudulent or malicious activity.

  • Domain

    Restrict notifications to incidents tied to a particular domain (e.g., example.com). Helps in focusing only on your organization’s brand or critical web assets.

  1. Data Source Filters Criteria

    • Allows narrowing the alert conditions (e.g., only notify for breaches with high severity, or mentions tied to a specific keyword).

  2. Notification Recipients

    • Assigns who will receive the alerts. Recipients can be added individually by email or grouped into pre-defined Groups (explained in the Groups section).

    • This ensures the right teams (SOC, legal, compliance) receive relevant notifications without flooding others with noise.

Data Source Filters Criteria

This step defines where the alerts are delivered. Once you’ve set the type of notification and applied your filters, you must decide who should receive them.

  • Recipients

    A list of all individuals or groups that will get the alert once it is triggered.

  • Add a new email Recipient

    You can manually enter an email address to receive the notification. This is ideal for adding SOC analysts, legal officers, compliance managers, or any other relevant stakeholder.

    Note: Each time you type an email, press Enter to confirm it this ensures the email address is added.

  • OR Add new group Recipient

    Instead of adding people one by one, you can choose a Group.

    A group is essentially a collection of emails bundled together, making it easier to assign notifications to whole teams (e.g., SOC team, Fraud Response team, Legal team).

    Groups are created separately in the Groups section, which we will explain in detail later in Groups.

    Then last one the system presents a summary screen where you can review your configuration before saving. This acts as a final checkpoint to ensure accuracy

PreviousNotificationsNextGroups

Last updated

Was this helpful?