Predefined security playbooks

To help you get started, we've already setup common security scenarios..

Need help building your own playbooks? Contact us! We're here to help.

Built-in playbooks are divided in 2 main categories:

  1. The event is automatically tracked by Sqreen based on your app's traffic (vulnerability discovery, vulnerability triggered, etc).
  2. The event is custom and tracked using the SDK. Such events are tied to your app's business logic.

User protection

  • Unusual volume of user created.
  • Admin role granted.
  • Users abusing Admin-reserved features.
  • Adding user outside of organization domain.
  • Unusual volume of user profile updates.
  • Unusual volume of user invited.
  • Unusual volume of deletion performed.
  • Unusual volume of accounts deleted.
  • Unusual volume of user profile updates.


The Open Web Application Security Project (OWASP) focuses on improving the security of software. Every year, they're publishing a top ten of the most disclosed vulnerability categories.

  • Bad actors performing vulnerability discovery.
  • Reset password abuse.
  • Bad actors performing injection based vulnerability.


This category features playbooks relevant for some business verticals.

  • Unusual volume of failed payment attempts (eCommerce / Marketplace).
  • Suspicious volume of microwires (money exchange platforms).
  • Content abuse (media).
  • Free plan abuse (SaaS).
  • Fraud on feature use (SaaS).