June Updates: Detection and Organization Settings Improvements

Detection Upgrades & Transparency

This month, we focused on improving the flexibility, visibility, and interpretability of ChainPatrol’s detection pipeline.

Detection Chart by Asset Type

The Detection page now features a time-based chart that shows detection results split by asset type. This helps teams monitor system health, identify emerging threat patterns, and better prioritize triage.

Multiple Detection Configurations per Source

It’s now possible to maintain multiple configurations for a single detection source. For example, we can create separate configs for URLScan to search for “similar screenshots to scam site”, “request to a known C2 server”, and “favicon similar to official site” all under the same organization so that we can roll-out new detection configs without affecting existing ones. This enables safer experimentation with queries and more precise tuning of detection logic.

Passed Rule Checks on Search Page

The Search page now includes a breakdown of which detection rules an asset passed during analysis. This improves transparency and helps explain why a threat may not have been flagged.

Organizational Settings Improvements

We also shipped new tooling to help teams better manage and audit their protection setup at the organization level.

Organization Terms Revamp

Keyword-based brand protection terms have been reworked to better match scam patterns and reduce missed detections—particularly for impersonation threats. You can now specify for each term whether you want to use an “exact” match or a “loose/fuzzy” match. This change will lead to more accurate results and avoid false positives on the Detection page.

Detection Upgrades & Transparency

This month, we focused on improving the flexibility, visibility, and interpretability of ChainPatrol’s detection pipeline.

Detection Chart by Asset Type

The Detection page now features a time-based chart that shows detection results split by asset type. This helps teams monitor system health, identify emerging threat patterns, and better prioritize triage.

Multiple Detection Configurations per Source

It’s now possible to maintain multiple configurations for a single detection source. For example, we can create separate configs for URLScan to search for “similar screenshots to scam site”, “request to a known C2 server”, and “favicon similar to official site” all under the same organization so that we can roll-out new detection configs without affecting existing ones. This enables safer experimentation with queries and more precise tuning of detection logic.

Passed Rule Checks on Search Page

The Search page now includes a breakdown of which detection rules an asset passed during analysis. This improves transparency and helps explain why a threat may not have been flagged.

Organizational Settings Improvements

We also shipped new tooling to help teams better manage and audit their protection setup at the organization level.

Organization Terms Revamp

Keyword-based brand protection terms have been reworked to better match scam patterns and reduce missed detections—particularly for impersonation threats. You can now specify for each term whether you want to use an “exact” match or a “loose/fuzzy” match. This change will lead to more accurate results and avoid false positives on the Detection page.

Detection Upgrades & Transparency

This month, we focused on improving the flexibility, visibility, and interpretability of ChainPatrol’s detection pipeline.

Detection Chart by Asset Type

The Detection page now features a time-based chart that shows detection results split by asset type. This helps teams monitor system health, identify emerging threat patterns, and better prioritize triage.

Multiple Detection Configurations per Source

It’s now possible to maintain multiple configurations for a single detection source. For example, we can create separate configs for URLScan to search for “similar screenshots to scam site”, “request to a known C2 server”, and “favicon similar to official site” all under the same organization so that we can roll-out new detection configs without affecting existing ones. This enables safer experimentation with queries and more precise tuning of detection logic.

Passed Rule Checks on Search Page

The Search page now includes a breakdown of which detection rules an asset passed during analysis. This improves transparency and helps explain why a threat may not have been flagged.

Organizational Settings Improvements

We also shipped new tooling to help teams better manage and audit their protection setup at the organization level.

Organization Terms Revamp

Keyword-based brand protection terms have been reworked to better match scam patterns and reduce missed detections—particularly for impersonation threats. You can now specify for each term whether you want to use an “exact” match or a “loose/fuzzy” match. This change will lead to more accurate results and avoid false positives on the Detection page.