Transaction Monitoring
Real-time transaction surveillance with a 33-rule monitoring engine, automated alert generation, and disposition workflows.
Overview
Every on-chain transaction involving your entity's wallets is processed by the Overvoid monitoring engine. The engine evaluates each transaction against 33 rules covering structuring detection, velocity anomalies, high-risk jurisdiction patterns, round-dollar amounts, rapid movement, dormant account reactivation, and more. When a rule fires, an alert is created with a severity level and linked to the triggering transaction(s).
Monitoring Rules
The 33-rule engine covers the following categories:
| Category | Rules | Description |
|---|---|---|
structuring | 5 | Transactions just below reporting thresholds ($10K CTR, $3K travel rule) |
velocity | 6 | Unusual transaction frequency, volume spikes, rapid succession transfers |
jurisdiction | 4 | Transfers involving FATF grey/blacklist jurisdictions or sanctioned regions |
behavioral | 6 | Round-dollar amounts, dormant account reactivation, unusual timing patterns |
network | 4 | Rapid movement through multiple wallets, funnel/fan-out patterns |
threshold | 4 | Large single transactions, aggregate daily/weekly limits exceeded |
counterparty | 4 | Interaction with flagged addresses, sanctioned counterparties, mixing services |
List Alerts
Returns all alerts generated by the monitoring engine for a given entity. Supports filtering by severity, status, and pagination.
curl "https://api.overvoid.io/v1/onboarding/entities/{entity_id}/alerts?severity=high&status=open&limit=20&offset=0" \-H "Authorization: Bearer cusd_test_YOUR_KEY"
Query parameters:
| Param | Type | Description |
|---|---|---|
severity | string | Filter by severity: low, medium, high, critical |
status | string | Filter by status: open, investigating, resolved, escalated |
limit | int | Max results (default 20, max 100) |
offset | int | Pagination offset |
Response:
{"alerts": [{"alert_id": "alt_01HXY9K3M2N...","entity_id": "ent_01HXYZ...","severity": "high","status": "open","rule_id": "structuring_below_ctr","rule_category": "structuring","rule_description": "Multiple transactions just below $10,000 CTR threshold within 24 hours","triggered_at": "2026-03-20T14:32:00Z","transaction_ids": ["0xabc123...", "0xdef456..."],"aggregate_amount": "29500.00","disposition": null}],"total": 12,"limit": 20,"offset": 0}
Get Alert Detail
Retrieve full details for a specific alert, including the triggering transactions, rule metadata, and disposition history.
curl https://api.overvoid.io/v1/onboarding/entities/{entity_id}/alerts/{alert_id} \-H "Authorization: Bearer cusd_test_YOUR_KEY"
{"alert_id": "alt_01HXY9K3M2N...","entity_id": "ent_01HXYZ...","severity": "high","status": "open","rule_id": "structuring_below_ctr","rule_category": "structuring","rule_description": "Multiple transactions just below $10,000 CTR threshold within 24 hours","triggered_at": "2026-03-20T14:32:00Z","transaction_ids": ["0xabc123...", "0xdef456...", "0x789ghi..."],"aggregate_amount": "29500.00","transactions": [{"tx_hash": "0xabc123...","from": "0x1234...","to": "0x5678...","amount": "9800.00","chain_id": 11155111,"timestamp": "2026-03-20T10:15:00Z"},{"tx_hash": "0xdef456...","from": "0x1234...","to": "0x9abc...","amount": "9900.00","chain_id": 11155111,"timestamp": "2026-03-20T12:45:00Z"},{"tx_hash": "0x789ghi...","from": "0x1234...","to": "0xdef0...","amount": "9800.00","chain_id": 11155111,"timestamp": "2026-03-20T14:30:00Z"}],"disposition": null}
Set Alert Disposition
Record a disposition decision on an alert. This resolves the alert and creates an audit trail entry. True positive alerts can be escalated to a case for further investigation.
curl -X POST https://api.overvoid.io/v1/onboarding/entities/{entity_id}/alerts/{alert_id}/disposition \-H "Authorization: Bearer cusd_test_YOUR_KEY" \-H "Content-Type: application/json" \-d '{"result": "true_positive","notes": "Confirmed structuring pattern. Three transactions totaling $29,500 just below CTR threshold within 4 hours. Escalating to case.","escalate_to_case": true}'
Request body:
| Field | Type | Description |
|---|---|---|
result | string | true_positive, false_positive, or inconclusive |
notes | string | Analyst notes explaining the decision (required) |
escalate_to_case | boolean | If true, automatically creates a case from this alert (only for true_positive) |
Response:
{"alert_id": "alt_01HXY9K3M2N...","status": "resolved","disposition": {"result": "true_positive","notes": "Confirmed structuring pattern. Three transactions totaling $29,500 just below CTR threshold within 4 hours. Escalating to case.","analyst": "analyst@overvoid.io","disposition_date": "2026-03-21T09:15:00Z"},"case_id": "case_01HXZ8B4P7Q..."}
Typologies
Returns alert counts grouped by criminal typology classification. Use this to understand which categories of suspicious activity are most prevalent across your entity portfolio.
curl https://api.overvoid.io/v1/monitoring/typologies \-H "Authorization: Bearer cusd_test_YOUR_KEY"
Response:
{"typologies": [{"name": "structuring","total": 8,"severity": {"critical": 2, "high": 3, "medium": 3}},{"name": "layering","total": 5,"severity": {"critical": 0, "high": 2, "medium": 3}}]}
Typology categories:
| Category | Description |
|---|---|
structuring | Transactions structured to avoid reporting thresholds |
layering | Complex transaction chains designed to obscure fund origins |
sanctions_evasion | Activity suggesting circumvention of sanctions controls |
money_service_business | Patterns consistent with unlicensed MSB activity |
market_manipulation | Wash trading, spoofing, or other market abuse indicators |
volume_anomaly | Significant deviation from established transaction baselines |
onboarding_risk | Red flags detected during or shortly after entity onboarding |
correlated_activity | Coordinated behavior across multiple entities or wallets |
Model Governance
Returns the full rule inventory with performance metrics. Use this to audit rule effectiveness, identify high false-positive rules, and support regulatory examinations of your monitoring program.
curl https://api.overvoid.io/v1/monitoring/model-governance \-H "Authorization: Bearer cusd_test_YOUR_KEY"
Response:
{"rules": [{"name": "large_transaction","description": "Single transaction exceeding threshold","category": "threshold","severity": "HIGH","threshold": "$25,000 (risk-adjusted)","alert_count": 5,"true_positives": 1,"false_positives": 3,"fp_rate": 0.75,"total_dispositions": 4}],"total_rules": 30,"tuning_history_count": 0}
Response fields:
| Field | Description |
|---|---|
alert_count | Total alerts generated by this rule |
true_positives | Alerts dispositioned as true positive |
false_positives | Alerts dispositioned as false positive |
fp_rate | False positive rate (false_positives / total_dispositions) |
total_dispositions | Total alerts that have been reviewed |
Tuning History
Returns the audit trail of threshold changes made to monitoring rules. Useful for demonstrating to regulators that your monitoring program is actively tuned based on performance data.
curl https://api.overvoid.io/v1/monitoring/model-governance/tuning-history \-H "Authorization: Bearer cusd_test_YOUR_KEY"
Alert Severity Levels
Alert severity is determined by the triggering rule and the characteristics of the flagged activity:
| Severity | SLA | Examples |
|---|---|---|
critical | 4 hours | Sanctioned counterparty interaction, confirmed sanctions match |
high | 24 hours | Structuring patterns, large threshold breaches, mixing service interaction |
medium | 72 hours | Velocity anomalies, unusual timing, high-risk jurisdiction transfers |
low | 5 days | Round-dollar amounts, dormant reactivation, minor behavioral flags |