How do I avoid alerting on typos?

Filter on the attempt count so a single fat-fingered password stays quiet and only sustained failures escalate.

Where does the geo come from?

enrich.entity resolves the IP to geo, ASN, and a known-bad flag in flight, so the alert carries the context to act on.

Is it safe to post emails to a channel?

redact.pii masks the email for the chat destination while the full record still lands in your audit table.

Monitor failed logins in Discord

Catch the login failures that look like an attack — repeated misses from one address — with geo and network context attached before they reach you.

01source

sourcesdk.eventTypeScript SDK

matchlogin.failed

02pipeline · 3 steps

01CTLfilter.matchattempt ≥ 5 only
02ENRenrich.entityip → geo · asn · known-bad
03MUTredact.piimask email before posting

03destinations · 1

todiscordDiscord
channel#ops

the event

You emit login.failed with this shape. The TypeScript SDK keeps the call type-safe, and the event is stored whole — so every field below is available to the pipeline by name.

emailstring
ipstring
reasonstringbad-password | locked | mfa
attemptnumberconsecutive misses

emit it

From your code with the TypeScript SDK — or any language over the REST endpoint and signed webhook ingress.

emit login.failed

import { ingest } from "@ingestlayer/sdk";

await ingest("login.failed", {
  email:   creds.email,
  ip:      req.ip,
  reason:  result.reason,
  attempt: result.consecutive,
});

route it to Discord

Send rich embeds to a channel via a connected bot or a channel webhook.

01
connect the bot
Add the ingestlayer bot to your server, or paste a channel webhook URL. Either credential is held in-region.
02
choose the channel
Select the target channel from the picker. Each connected channel is one reusable destination row.
03
shape the embed
The default embed carries the event name as its title and the payload as name/value fields; override with $event.* references.

in discorddelivered

┌─ #ops ─────────────────────────────────┐
│ ▎ payment.failed                        │
│ ▎ customer   acme-inc                   │
│ ▎ amount     €240.00                    │
│ ▎ reason     insufficient_funds         │
│ ▎ attempt    2                          │
└─────────────────────────────────────────┘

notes

Channel webhooks are limited to about 30 messages per minute; sustained volume should use the bot connection instead.
An embed allows at most 25 fields and 6000 total characters; larger events are summarized.
Mentions (@everyone, @role) are suppressed by default — opt in per pipeline if you actually want a ping.

questions

How do I avoid alerting on typos?: Filter on the attempt count so a single fat-fingered password stays quiet and only sustained failures escalate.
Where does the geo come from?: enrich.entity resolves the IP to geo, ASN, and a known-bad flag in flight, so the alert carries the context to act on.
Is it safe to post emails to a channel?: redact.pii masks the email for the chat destination while the full record still lands in your audit table.

build this pipeline or read the quickstart →