Platform
Events

Events

The Events page is the central hub of the NordStellar platform, providing a real-time, consolidated view of all security-relevant events detected across your monitored assets. It acts as your primary dashboard for understanding your organization's current threat landscape, prioritizing response efforts, and tracking incident resolution. The Events page aggregates data from all NordStellar modules, presenting a unified view of potential risks.

Key Features

  • Event Listing: Displays all events generated by NordStellar's monitoring modules, ensuring no critical activity is missed.
  • Powerful Filtering: Narrow down the event list using a variety of criteria, including event type, risk level, date range, associated asset, and free-text search. This allows you to quickly focus on the most relevant information.
  • Sorting: Organize events by "Date Added" (newest first, by default) or by "Risk Level."
  • Detailed Event Information: Access in-depth information about each event via a modal overlay, providing all the context needed for effective investigation and remediation.
  • Resolution Management: Mark events as "Resolved" to track incident response progress and filter out addressed issues.
  • Configurable Notifications (Separate Page): Fine-tune email and Slack notifications for specific event types and risk levels. This ensures you're alerted to critical events without being overwhelmed by noise. For detailed instructions on setting up notifications, visit Notifications Setup page.

Event Sources

The Events page displays events generated by the following NordStellar modules:

  • Digital Threats Product:
    • Leaked Data Module:
      • Data Breaches
      • Combo Lists (Leaked Credentials)
      • Malware Infections (Infostealer Incidents)
    • Dark Web Monitoring Module:
      • Forum Posts
      • Telegram Posts
      • Ransomware Blogs
    • Domain Squatting Module:
      • Domain Squatting
  • Attack Surface Management Product:
    • Vulnerabilities

Filtering Events

The Events page offers robust filtering to help you focus on specific threats. Filters are combined using an "OR" condition. The available filters are:

  • Event Type: Select one or more event types from the list above.
  • Risk Level: Filter by severity:
    • Critical
    • High
    • Medium
    • Low
    • Informational
  • Date Range: Specify a start and end date.
  • Asset: Filter by specific assets associated with the event. This is a searchable dropdown allowing you to select one or more of your monitored assets (Domains, IPs, Emails, and Phone Numbers).
  • Search: Perform a free-text search on asset values and event titles.
  • Tags: Filter by tags associated with the events.

Sorting Events

By default, events are sorted by "Date Added" (newest first).

You can also sort by:

  • Risk Level

You can reverse the sorting direction for any selected criterion by clicking the direction indicator in the sorting menu. The entire sorting menu can be found in the top right corner of the events page.

Resolving Events

Events can be marked as "Resolved" to indicate that the associated threat has been addressed. This helps track incident response progress and removes the event from the default view (which shows only unresolved events). Resolved events are still accessible via filtering.

To resolve an event:

  1. Locate the event in the Events list.
  2. Click the "Resolve" button associated with the event.

Notifications

While the Events page provides a comprehensive view of all events, NordStellar also offers configurable notifications (via email and Slack) to alert you in real-time about new events matching your specified criteria. See the Notifications documentation for details on configuring notification rules.

API Integration

The Events data is also accessible via the NordStellar Platform Integrations API, allowing for seamless integration with your existing security tools, such as SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms. This enables you to:

  • Automate Incident Response: Trigger automated workflows in your SOAR platform based on specific event types or risk levels.
  • Centralize Security Data: Consolidate event data from NordStellar with other security logs and telemetry in your SIEM for comprehensive threat analysis.
  • Build Custom Integrations: Create custom integrations with other security tools or internal systems.

See the Platform Integrations API documentation for details on accessing the API.

Quick Start GuideAssets List
NordStellar © 2026Privacy Policy