How do I avoid alerting on typos?

Filter on the attempt count so a single fat-fingered password stays quiet and only sustained failures escalate.

Where does the geo come from?

enrich.entity resolves the IP to geo, ASN, and a known-bad flag in flight, so the alert carries the context to act on.

Is it safe to post emails to a channel?

redact.pii masks the email for the chat destination while the full record still lands in your audit table.

Monitor failed logins in Telegram

Catch the login failures that look like an attack — repeated misses from one address — with geo and network context attached before they reach you.

01source

sourcesdk.eventTypeScript SDK

matchlogin.failed

02pipeline · 3 steps

01CTLfilter.matchattempt ≥ 5 only
02ENRenrich.entityip → geo · asn · known-bad
03MUTredact.piimask email before posting

03destinations · 1

totelegramTelegram
chat@oncall

the event

You emit login.failed with this shape. The TypeScript SDK keeps the call type-safe, and the event is stored whole — so every field below is available to the pipeline by name.

emailstring
ipstring
reasonstringbad-password | locked | mfa
attemptnumberconsecutive misses

emit it

From your code with the TypeScript SDK — or any language over the REST endpoint and signed webhook ingress.

emit login.failed

import { ingest } from "@ingestlayer/sdk";

await ingest("login.failed", {
  email:   creds.email,
  ip:      req.ip,
  reason:  result.reason,
  attempt: result.consecutive,
});

route it to Telegram

Message a person, group, or channel through a connected bot.

01
connect a bot
Create a bot with @BotFather and paste its token. We register the webhook and verify it in-region.
02
start a chat
Send /start to the bot from the target chat — or add it to the group/channel — then pick the chat from the list.
03
format the text
Messages use MarkdownV2; the default template bolds the event name and lists fields. Reserved characters in field values are escaped for you.

in telegramdelivered

oncall
*support.ticket.created*
ticket    T-4821
subject   API returning 500s
tier      enterprise
urgency   critical

notes

Telegram caps a bot at roughly 30 messages per second overall, and one per second to a single chat.
The bot must be added to a group — and promoted to admin for a channel — before it can post.
MarkdownV2 requires escaping characters like _ * [ ] ( ); ingestlayer escapes field values, but custom templates are your responsibility.

questions

How do I avoid alerting on typos?: Filter on the attempt count so a single fat-fingered password stays quiet and only sustained failures escalate.
Where does the geo come from?: enrich.entity resolves the IP to geo, ASN, and a known-bad flag in flight, so the alert carries the context to act on.
Is it safe to post emails to a channel?: redact.pii masks the email for the chat destination while the full record still lands in your audit table.

build this pipeline or read the quickstart →