Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.osohq.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Oso monitors agent activity and generates alerts when it detects unsanctioned usage or sensitive data. Alerts are delivered via Slack, and each alert links to investigation details.

Alert types

Unsanctioned agent usage

Fires when an agent marked as disallowed in your agent catalog is detected, whether through an EDR scan, browser extension, or edge proxy traffic. This is enabled by default for disallowed agents. You can optionally enable it for unreviewed agents too, covering agents that haven’t been explicitly approved or denied.

Content patterns

Detects sensitive data flowing through monitored agent sessions. Oso scans prompts and completions for patterns that indicate:
  • Secrets: API keys, tokens, credentials, connection strings
  • PII: names, email addresses, phone numbers, social security numbers
Oso includes built-in patterns for common sensitive data types. You can also define custom regex patterns to detect organization-specific content such as internal project names, proprietary identifiers, or other sensitive strings.

Notification and investigation

Slack notifications

Alerts are delivered to Slack. Each notification includes the alert type, the agent and user involved, the detection source, and a direct link to the trigger details page in Oso. To set up Slack notifications, see Slack integration.

Investigating an alert

The trigger details page shows:
  • What happened: the specific event that triggered the alert
  • Why it was flagged: which rule or pattern matched
  • Context: the relevant agent, tool, user, and device
  • Prior violations: previous alerts from the same trigger
For alerts on monitored agents, you can drill into the session timeline to see the full sequence of exchanges (prompts, completions, and tool calls) that led to the alert.

Configuring alerts

Alerts are configured in Settings → Alerts in the Oso UI. Choose which alert types to enable and which content patterns to monitor. By default, detection for disallowed agents is enabled. To route alert notifications to Slack, see Slack integration.