Alerts
Overview
Alerts are designed to notify you when recent leads or signups have an increase in risk. If data is added to a blacklist that matches your data, E-HAWK will automatically send an email so you can quickly review the user, revet them if you wish, and take any necessary actions. Alert Emails are sent every six hours with all alerts during that time frame. If you do not want email alerts, you can use the Alert API that you can call anytime to get Alert data.
Settings and Reporting
Alert settings are configured in the Reporting Portal. You can select alert data types as well as set a scoring threshold that filters only high impact scoring changes based on your custom scoring profile. In addition, recent alerts can be viewed in the portal Alert tab.
In the settings area you can configure an email address for Alert notices, Alert Type (Email or API), score threshold, and what data points to monitor.
Alert Data and Format
Alerts contain the following data and are delivered in JSON format.
| transaction_id | transaction ID of vet |
| type | The type that hit the alert such as IP, Email, Phone, etc |
| value | The value that hit the alert |
| reason | The reason hit for the alert such as Phishing. |
| transaction_score | The Risk Score of the vet |
| alert_score_impact | the change or impact of the new risk hit based on your scoring profile |
| estimated_new_score | An estimate of the new vet score based on the new risk hit |
| username | username value sent in vet. This should be your unique system user ID |
| transaction_fingerprint | The Talon fingerprint of the vet |
| transaction_date | The timestamp of the vet (UTC) |
| alert_date | The timestamp the Alert was created (UTC) |
The JSON format is:
- transaction_id
string - type
string - value
string - reason
string - transaction_score
string - alert_score_impact
string - estimated_new_score
string - username
string - transaction_fingerprint
string - transaction_date
string - alert_date
string
Email Alerts
Email Alerts are sent every six hours to your configured Alert email address and contain a list of all issues during that period. The emails show data for each Alert and contain JSON data at the end for back-end processing.
The following transactions(s) have been tagged with new information. You may want to review or revet the user(s) as their risk score has changed. At the bottom of this email are alerts in JSON format for back-end processing.
transaction_id: 56fbed88a7c018
type: ip
value: 10.1.1.1
reason: Phishing
transaction_score: -38
alert_score_impact: -70
estimated_new_score: -108
username: user1234
transaction_fingerprint: fb713c209
transaction_date: 2016-04-10 06:00:00 (UTC)
alert_date: 2016-04-10 06:00:00 (UTC)
-- JSON DATA START --
[{"transaction_id":"56fbed88a7c018", "type":"ip", "value":"10.1.1.1", "reason":"Phishing", "transaction_score":"-38", "alert_score_impact":"-70", "estimated_new_score":"-108", "username":"user1234", "transaction_fingerprint":"fb713c209" "transaction_date":"2016-04-10 06:00:00", "alert_date":"2016-06-10 10:00:00"}]
-- JSON DATA END --
Alert API
To get Alerts via an API call (either POST or GET), use the following:
https://feed-api.e-hawk.net/apikey/alert/function/Where function value is list to get all new, undelivered Alerts, and mark undelivered as "sent". As a backup you can also call list24 to view all Alerts within the last 24 hours, but this does not mark any as "sent" and will keep unsent tags in the portal.
The response will be a JSON string with each Alert in a new sub JSON string. The Alert JSON contains the Vet Transaction ID and all the data for the Alert. As an example:
{response":
[{"transaction_id":"56fbed88a7c018",
"type":"ip",
"value":"10.1.1.1",
"reason":"Phishing",
"transaction_score":"-38",
"alert_score_impact":"-70",
"estimated_new_score":"-108",
"username":"user1234",
"transaction_fingerprint":"fb713c209"
"transaction_date":"2016-04-10 06:00:00 (UTC)",
"alert_date":"2016-06-10 10:00:00 (UTC)"}],
"status":200
}
Alert API Response and Status Codes
| Status | Response |
|---|---|
| 200 | OK (no errors) |
| 403 | Alert Type is set to Email in the Portal. Change to API. |
| 502 | Invalid APIKEY or URL |