Supported signal types

A login attempt failed.

Recommendation: Review authentication activity and rate limits for the affected account or source.

A user signed in from a location, network, or device not previously seen by the application.

Recommendation: Ask the account owner to confirm the sign-in when the context looks unusual.

A password reset flow was requested for an account.

Recommendation: Review repeated reset requests for abuse or account takeover attempts.

A multi-factor authentication challenge failed.

Recommendation: Review recent sign-in attempts and consider prompting the user to secure the account.

A request was denied by authorization rules.

Recommendation: Confirm the denied action was expected and investigate repeated attempts against sensitive resources.

A request was blocked because it matched a suspicious or abusive pattern.

Recommendation: Review the blocked request pattern and tighten controls if similar attempts continue.

A request failed CSRF validation or an equivalent request-origin protection check.

Recommendation: Check whether failures are isolated client issues or repeated attempts against state-changing routes.

A client exceeded a rate limit.

Recommendation: Review rate-limit thresholds and investigate repeated activity from the same source.

The application observed an elevated error rate.

Recommendation: Review recent deploys, affected routes, and error samples to identify the cause.

A background job, task, or asynchronous worker operation failed.

Recommendation: Check job retries, queue health, and the failure reason for repeated or business-critical failures.

A deployment completed.

A feature flag, runtime toggle, or comparable behavior switch changed.

Recommendation: Confirm the change was expected, especially for production or security-sensitive flags.

Debug or verbose error output is enabled in an environment where it may expose sensitive details.

Recommendation: Disable debug output in public or production environments and rotate exposed secrets if needed.

An expected security header is missing.

Recommendation: Add the missing header where appropriate and verify it is present on public responses.

A secret, token, or credential is due for rotation.

Recommendation: Rotate the credential according to policy and confirm dependent services use the new value.

An expected integration stopped sending data or failed connectivity checks.

Recommendation: Restore the integration so monitoring and security visibility remain complete.

A health check failed for a service, endpoint, or component.

Recommendation: Investigate the failing component and confirm whether users are affected.

A runtime resource crossed a configured threshold.

Recommendation: Review resource trends and scale or optimize the affected component if pressure persists.

A system clock drifted beyond an acceptable threshold.

Recommendation: Verify time synchronization because clock drift can affect authentication, signatures, and audit trails.

A queue or asynchronous work backlog exceeded an expected threshold.

Recommendation: Review worker capacity and failing jobs so queued work can drain normally.

A connected application has not reported a heartbeat within the expected window.

Recommendation: Check the connector process, application logs, and network access to FrameRadar.