Skip to main content

Security Events

Security events are records of threats and anomalies detected by the MeetLoyd platform. Every time the system blocks a malicious file, detects a prompt injection attempt, or identifies suspicious behavior, it creates a security event that your administrators can review and act on.

What Triggers a Security Event

Security events are created automatically when the platform detects something that requires attention:

CategoryExamples
File securityMalicious content, disguised files, credential exposure in documents
Prompt securityAdversarial content in chat messages or uploaded documents
Authentication securityFailed login patterns, unusual access patterns
Rate limitingExcessive usage from a single source

Events are never created manually -- they are always the result of an automated detection by the platform's security pipeline.

Severity Levels

Each event is assigned a severity based on the potential impact:

SeverityMeaningExamples
CriticalActive threat that could cause immediate harmDisguised malware, high-confidence adversarial content
HighSignificant threat that requires prompt investigationCredential exposure, malicious document content
MediumSuspicious activity that should be reviewedUnusual file patterns, moderate-confidence detections
LowMinor anomaly, informationalRate limit approaching threshold

Monitoring Security Events

Security Center Dashboard

Security events are visible in the Security Center, accessible from the shield icon in the top navigation bar. The dashboard provides:

  • Real-time event stream -- New events appear immediately as they are detected, without refreshing the page
  • Filtering -- Filter by severity, status, category, tenant, and date range
  • Event details -- Click any event to see full details and the evidence collected for investigation

Event Statuses

Every security event has a status that tracks its lifecycle:

StatusMeaning
OpenNewly detected, not yet reviewed
InvestigatingAn admin is looking into the event
BlockedThe threat was confirmed and action was taken
False positiveThe detection was incorrect -- no actual threat
ResolvedInvestigation complete, no further action needed

Resolution Workflow

When you see a new security event:

  1. Review the event -- Open the event to see what was detected, who triggered it, and the evidence collected
  2. Investigate -- Determine whether the event represents a real threat or a false positive. Check the user's activity history and the file or message that triggered the detection
  3. Take action -- Based on your investigation:
    • Mark as false positive if the detection was incorrect
    • Block the user if the activity was intentional and malicious
    • Warn the user if the activity was accidental (e.g., uploading a file containing old credentials)
    • Quarantine the file if it was a file-based threat (this happens automatically on detection)
  4. Resolve -- Add a resolution note and close the event

Available Actions

ActionWhen to Use
NoneEvent reviewed, no action needed
User warnedNotified the user about the security event
User blockedBlocked the user's access to the platform
User suspendedTemporarily suspended the user's account
File quarantinedFile moved to secure quarantine (automatic for detected threats)
IP blockedBlocked the originating IP address

SIEM Integration

Security events can be exported to your existing Security Information and Event Management (SIEM) system for centralized monitoring. MeetLoyd supports:

  • Splunk, Datadog, Elastic Security, and SumoLogic as built-in destinations
  • Custom HTTP endpoints for any SIEM that accepts webhooks (including Microsoft Sentinel and AWS Security Hub)
  • Real-time streaming -- Events flow to your SIEM as they are detected
  • Multiple formats -- JSON, CEF (Common Event Format), and LEEF (Log Event Extended Format)

This allows your security operations team to correlate MeetLoyd events with signals from the rest of your infrastructure in a single pane of glass.

See SIEM Integration for setup instructions.

Feature Availability

FeatureGrowthEnterprise
Security event detectionYesYes
Security Center dashboardYesYes
Real-time event streamYesYes
Event investigation & resolutionYesYes
SIEM export--Yes
Custom alert rules--Yes

File Security
How MeetLoyd scans and secures uploaded files
Security Center
Centralized security management hub
SIEM Integration
Export events to external security tools
Incidents
Track and respond to security incidents