Predefined security playbooks

To help you get started, we've already setup common security scenarios..

Need help building your own playbooks? Contact us! We're here to help.

Built-in playbooks are divided in 2 main categories:

  1. The event is automatically tracked by Sqreen based on your app's traffic (vulnerability discovery, vulnerability triggered, etc).
  2. The event is custom and tracked using the SDK. Such events are tied to your app's business logic.

User protection

  • Admin role granted.
  • Adding user outside of organization domain.
  • Unusual volume of user profile updates.
  • Unusual volume of user invited.
  • Unusual volume of deletion performed.
  • Unusual volume of accounts deleted.
  • Notify on multiple signups from an IP.
  • Block users connecting from TOR.
  • User signups geoblocking.
  • Monitor admin login from overseas.


The Open Web Application Security Project (OWASP) focuses on improving the security of software. Every year, they're publishing a top ten of the most disclosed vulnerability categories.

  • Reset password abuse.
  • Block IPs/users performing vulnerability discovery.
  • Block IPs/users performing injections.

Suspicious activities

This category features playbooks relevant for some business verticals.

  • Unusual volume of failed payment attempts
  • Suspicious volume of microwires
  • Content abuse
  • Free plan abuse
  • Abuse of costly features
  • Potential leak of sensitive data (PHI, PII).