New feature alert! The Anomaly Score helps you determine if an account is behaving normally or not based on prior account activity.

Here's a metaphor to explain that one: if you saw a guy wearing a blue t-shirt and jeans every day for a month, you'd expect him to come in tomorrow wearing a blue t-shirt and jeans . Tomorrow comes around and instead, the guy is wearing a red t-shirt and jeans . Can you be sure it's the same guy or not?

In a similar way, the Anomaly Score looks at past event history for a given account, and then determines if future events for that account are normal (score = 0) or unusual (score = 100). In fact, an Anomaly Score ≥ 75 indicates highly unusual activity that's worth digging deeper into -- and generates the Anomalous Event signal in Explorer.

New features alert! We added new IP signals to help discover and prevent platform risks in a more precise and nuanced way, so you can keep out fraudsters and streamline the experience for actual customers. These signals are available to use in Explorer and Rules.

Autonomous systems (ASN) can have very wide range of IP address pool sizes, ranging from the thousands to over tens of millions. Risk assessment based only on the number of ASNs can be misleading, and factoring in the size of the IP address pool can help you detect and prevent risky behavior in a more nuanced way.

• ip.asnInfo.size and ip.network.size show in "t-shirt size" form the number of available IP addresses in the ASN or network associated with the IP identifier.
  • X-Small: <256 IP addresses
  • Small: Between 256 and 4,096
  • Medium: Between 4,096 and 64K
  • Large: Between 64K and 1M
  • X-Large: Between 1M and 16M
  • 2X-Large: > 16M IP
• ip.network.cidr stores the network address associated with the IP identifier in Classless Inter-Domain Routing (CIDR) format (e.g. 193.6.32.110/24). Each ASN is composed of one or more networks. Having this signal provides a more granular grouping of IP addresses.

New features alert! We added 4 new signals that make it easier to detect and prevent fraud.

1. Credential Stuffing: Indicates that the ASN or IP address of an event is currently attempting to access multiple accounts at an unnatural speed
2. Account Takeover: Indicates that the account has been accessed through unusual activity
3. Outlier Account: Indicates unusual activity relative to other accounts in this workspace
4. Anomalous Event: Verosint provides an Anomaly Score (0 to 100) for each event in your workspace. For a given account, an Anomaly Score ≥ 75 indicates highly unusual activity relative to the account’s history -- and is labeled an Anomalous Event.

5. Do you want to add or remove identifiers to your lists using an existing tool or integration on your platform? Our Lists API now has public endpoints for adding or removing users so you can do just that!
   Here's how (API Reference):

• Add
• Remove

We want to provide the best experience, so we're constantly fixing up the Verosint application.

We fixed a bug that prevented you from pulling up the Event Details side panel for any event older than 30 days in Explorer. Onwards and upwards!

New feature alert!

1. Archiving insights is now available so you can focus on the ones you care about. Here's how it works:

• You can archive Unusual Activity insights. Workspace Trends insights automatically disappear when the trend no longer occurs.
• Once you've archived an insight, it's accessible to you in the "Archived" view for 30 days. After 30 days, the archived insight will disappear from the "Archived" view.
• Unusual Activity insights will automatically be archived 15 days after they occurred. You can undo archive if you want to keep the insight around for longer.

2. Send Custom Event Data: You can send us custom data that we'll display in Explorer so you have more intel to discover potential fraud quickly! Learn more about Sending Custom Event Data

New feature alert! You now have an email.relay signal, which identifies if an email address is forwarded to another email address. We detect and label email address from Apple iCloud+, Hide My Email, Firefox Relay, DuckDuckGo, addy.io, Fastmail, and SimpleLogin.

New feature alert! We added an email.domain signal, which you can use to:

• Enforce real-time decisions on your users with Rules
• Group users by specific domains with Lists
• Discover new information by searching with the email.domainsignal in Explorer

We want to provide the best experience, so we're constantly fixing up the Verosint application.

If you (dis)like a particular AI-generated insight in your workspace ,you can give it a or . We fixed this functionality so you can tell if you've already liked (or disliked ) an insight.

We're always looking to improve your experience.

1. We updated the look and feel of AI Insights, so that it's easier for you to digest a lot of info quickly and discern which insights you might care to dig deeper into.

   The biggest change is that we added Insight Types to the AI Insights page, so you can quickly filter (out) the insights you care about.

   

2. You can now search for empty Account IDs in Explorer, making it easier for you to discover when a potential stuffing attack or account takeover attempt may be occurring.

   For example, a bad actor may attempt to log into your platform by trying a bunch of email usernames and passwords. If that email username does not exist in your platform, the Account ID will be empty when you search for it in Explorer.

   

We want to provide the best experience, so we're constantly fixing up the Verosint application.

1. We squashed a bug that was setting the validDomain signal = false when it shouldn't have been.
2. We also noticed that the Apple Relay domain was being flagged as an Invalid Domain, so we fixed that too!

We're always looking to improve your experience.

1. Read-only users in a workspace can now download csv files from Explorer and export rule sets! You asked -- we delivered!

   

2. We bumped up the number of rules you can write into a rule set to 50, enabling you to make more decisions in real time when your users are accessing your platform. You asked -- we delivered!