Logging & Alerting

ProtectAI doesn’t just detect threats, it also keeps track of what’s happening across the system and notifies the right people when something goes wrong. Its logging and alerting setup helps identify attacks, monitor system health, and make sure users and admins get real-time updates when risky activity is detected.

Some events are stored permanently. Others are used to trigger alerts instantly. Together, this ensures that no threat or anomaly goes unnoticed.

How Logging Works

Logging in ProtectAI happens at two levels: on-chain and off-chain.

1. On-Chain Logging

Certain high-impact events are recorded directly on the blockchain using smart contracts. These include:

  • Confirmed malicious contract reports

  • Community-flagged threats

  • AI-generated warnings (stored as hashed data or signatures)

Why on-chain?

  • Transparent

  • Tamper-proof

  • Decentralized access for third-party tools

These logs act as a public record that other platforms, wallets, or explorers can use to block bad actors or display warnings.

2. Off-Chain Logging

Most of the system activity is logged off-chain, in a centralized or cloud-based logging setup. These logs capture:

  • Threat detection events

  • User scan activity

  • Backend/API response history

  • Internal system errors or unusual behavior

  • AI engine decisions and scoring breakdowns

All off-chain logs are stored in a time-series database and linked to analytics tools for real-time monitoring.

Monitoring with Prometheus and Grafana

ProtectAI uses Prometheus to track key system metrics and Grafana to visualize them. These tools allow the team to monitor:

  • Detection volume over time

  • Number of scan requests per minute

  • Response times from the AI engine

  • Backend/server health

  • Node or RPC response delays

  • Alert frequency by type (honeypot, contract scam, etc.)

This gives both developers and security teams a live view of what’s happening and how the system is performing.

If anything starts acting strangely, like a sudden spike in failed transactions or repeated AI misclassifications, it gets flagged.

Alerting Systems

When certain events meet pre-set rules, ProtectAI sends out alerts. These notifications are sent to users, admins, or external channels using:

  • Telegram Bots For direct alerts to admins or security groups

  • Slack Integration For internal team collaboration

  • Email Alerts For users and support staff, especially for high-priority issues

  • Webhooks For third-party tools, dApps, or exchanges that integrate ProtectAI as a service

Each alert includes:

  • The trigger type (e.g. honeypot detected)

  • Contract address or transaction hash

  • Severity level (low, medium, high)

  • Time of detection

  • Suggested next steps (block, ignore, investigate)

Alert Rules

Alerts are not sent for everything, only when certain conditions are met. These are some of the rules configured:

  • Repeated Honeypot Interactions If a single wallet interacts with more than 3 honeypots in under 10 minutes, it triggers a “targeted phishing risk” alert.

  • New High-Risk Contract Launch If a contract is deployed with suspicious bytecode and starts gaining transactions quickly, an “early-stage threat” alert is sent.

  • Unusual Behavior Detected by AI If the AI engine scores a contract above a defined risk threshold (e.g. 85 out of 100), a “critical risk” alert is sent to the user and stored in the logs.

  • System Health Checks If any backend service becomes unresponsive or API error rates spike, a “service warning” alert is sent to the DevOps team.

PreviousHoneypot Detection SystemNextThreat Intelligence Engine

Last updated