SOC and Monitoring¶
Protocol monitoring should cover contracts, privileged actions, frontend drift, DNS, dependencies, wallets, APIs, and governance.
Monitoring Resources¶
| Resource | Tier | Use |
|---|---|---|
| Forta | Use in real audits | On-chain detection bots and alerting. |
| OpenZeppelin Defender Monitor | Use in real audits | Contract event and admin monitoring. |
| Hypernative | Paid / certification | Real-time exploit and anomaly detection. |
| Tenderly Alerts | Use in real audits | Transaction and contract monitoring. |
| Dune | Situational / advanced | Custom dashboards and queries. |
| EigenPhi | Situational / advanced | MEV and transaction behavior analysis. |
| DigiBastion Threat Intel | Use in real audits | Free Web3, DeFi, supply-chain, and operational-security feed with daily, weekly, or immediate alert subscriptions. |
| zeroShadow | Paid / certification | Web3 incident response, investigations, threat intelligence, and vSOC. |
| TRM Labs | Paid / certification | Wallet risk monitoring, investigations, and blockchain intelligence. |
| VANTAGE by DigiBastion | Watchlist | Maintainer-labeled domain, DNS, frontend, phishing, and Web3 trust-risk monitoring. |
Alert Categories¶
- privileged role changes
- proxy upgrades and implementation changes
- pause/unpause and emergency action calls
- oracle deviation and stale feeds
- TVL and reserve anomalies
- bridge mint/burn mismatches
- abnormal approvals, drains, or token movements
- frontend asset hash drift
- DNS, TLS, registrar, and nameserver changes
- governance proposal creation and execution