Threat Detection
Learn how cside's detection engine identifies malicious scripts and automatically alerts your team via email.
cside includes a built-in detection engine that continuously monitors third-party scripts on your site for malicious activity. When a threat is identified, cside automatically sends an email alert to all users on your team.
All user emails are automatically opted in to threat detection alerts. There is no way to opt out of these notifications - this ensures that every team member is immediately aware of potential security threats.
How it works
cside’s detection engine analyzes every third-party script loaded on your site using multiple detection methods. When a script is flagged as malicious, an alert is generated and emailed to all team members automatically.
Detection methods
cside uses a layered approach to identify malicious scripts:
Known bad sources
Scripts are checked against databases of known malicious sources, including:
- Hostnames: domains known to serve malicious content
- URLs: specific URLs that have been flagged as malicious
- IP addresses: IP addresses associated with malicious activity
Known bad payloads
Script content is compared against known malicious payloads using:
- File hashes: SHA-256 and other hash comparisons against databases of known malicious script payloads
Dynamic threat analysis
cside uses proprietary parameters to perform dynamic threat analysis on scripts, detecting threats that may not yet be cataloged in static databases.
AI-based detection
cside uses AI models to detect novel and sophisticated threats, including:
- Obfuscated malicious code: scripts that attempt to hide their true intent
- Zero-day threats: previously unknown attack patterns
- Behavioral anomalies: scripts that deviate from expected behavior patterns
Alerts and notifications
When a malicious script is detected, c/side can notify your team through any destination configured in your notification configs - including email, Slack, Discord, Jira, Linear, S3, or custom webhooks.
To set up threat detection alerts, create a notification config with the Script Threat Detected trigger. See Notifications for setup instructions.
Threat detection vs. vulnerability detection
cside offers two complementary security features:
| Feature | Threat Detection | Vulnerability Detection |
|---|---|---|
| What it detects | Actively malicious scripts | Scripts with known CVEs or advisories |
| Detection method | Known bad sources, payload hashes, dynamic analysis, AI | Version matching against vulnerability databases |
| Alert delivery | Configured notification destinations | Dashboard alerts and configured notification destinations |
| Example | A script serving a cryptominer from a compromised CDN | lodash 4.17.21 with a prototype pollution CVE |
Both features work together to provide full protection for your site’s third-party scripts.
Thanks for your feedback!