Monitoring Alerts

When a monitored wallet triggers an alert rule, the platform creates an alert with full context — including the triggering transaction, counterparty details, severity level, and recommended actions. Alerts are delivered through the dashboard, email, Telegram, and webhooks.

Alert Lifecycle

Detection — A new transaction on a monitored wallet matches one or more alert rules.
Creation — An alert is created with the rule code, severity, and transaction details.
Notification — The user is notified via their configured channels (dashboard, email, Telegram, webhook).
Review — The user opens the alert in the dashboard, reviews the details, and investigates.
Resolution — The user marks the alert as resolved with a disposition: True Positive, False Positive, or Escalated.

Alert Detail View

Each alert in the dashboard includes:

Rule Code — Which rule triggered (e.g., SANCTIONS-001). See Alert Rule Codes.
Severity — Critical, High, Medium, or Low.
Triggering Transaction — Hash, value, timestamp, and direction (inbound/outbound).
Counterparty — The address that triggered the rule, with entity attribution if available.
Wallet Context — The monitored wallet's current risk score and monitoring history.
Copilot Integration — A "Ask Copilot" button opens BA Copilot in Alerts mode with the alert pre-loaded, allowing you to ask questions like "Is this a false positive?" or "What should I include in a SAR?".

Wallet Detail Page

Clicking on a monitored wallet opens the Wallet Detail Page, which shows:

Current Risk Score — Real-time risk score with trend indicator (↑ ↓ →).
Alert History — All alerts triggered for this wallet, sorted by date.
Transaction Timeline — Visual timeline of transactions with alert markers.
Counterparty Summary — Breakdown of all counterparties by category and threat level.
Monitoring Configuration — Which rules are active and at what thresholds.

Notification Channels

| Channel | Configuration | Alert Content | |---------|--------------|---------------| | Dashboard | Always on | Full alert with all details | | Email | Account > Notifications | Summary with link to dashboard | | Telegram | Monitoring > Telegram Setup | Compact alert with rule code, severity, and transaction hash | | Webhook | Monitoring > Webhooks | JSON payload with full alert data |

Webhook Payload

{
  "event": "alert.created",
  "alert": {
    "id": "alt_abc123",
    "rule_code": "SANCTIONS-001",
    "severity": "critical",
    "wallet_address": "0x742d...4a9e",
    "chain": "ethereum",
    "transaction_hash": "0xabc...def",
    "counterparty": {
      "address": "0x123...456",
      "entity_name": "OFAC Designated Wallet",
      "threat_level": "critical"
    },
    "created_at": "2026-03-15T10:30:00Z"
  }
}

Webhook endpoints must respond with a 2xx status code within 10 seconds. Failed deliveries are retried up to 3 times with exponential backoff.

Alert Management

Filtering

Filter alerts by:

Rule code (SANCTIONS-001, MIXING-001, etc.)
Severity (Critical, High, Medium, Low)
Status (Open, Resolved, Escalated)
Date range
Wallet address

Bulk Actions

Select multiple alerts to:

Mark as resolved (with disposition)
Escalate to a team member
Export as CSV for compliance records

Audit Trail

Every alert action is logged with a timestamp and user identity for compliance audit purposes. The audit trail includes:

Alert creation
Status changes
Disposition assignments
Notes added
Copilot queries related to the alert

Severity Customization

Navigate to Monitoring > Alert Settings to customize:

Severity overrides — Change the default severity for each rule code.
Threshold adjustments — Modify when rules trigger (e.g., VELOCITY-001 sensitivity).
Quiet hours — Suppress email/Telegram notifications during specified hours (alerts are still created in the dashboard).
Escalation rules — Auto-escalate critical alerts to specific team members.

Next Steps

Alert Rule Codes — Detailed reference for each rule code.
Transaction Monitoring — How to set up monitoring.
BA Copilot — AI-assisted alert investigation.