Version: Next (Unreleased)

FAQ & Troubleshooting

Common questions and solutions for the Detektix platform.

Account & Access

How do I invite a new user?

Navigate to Settings → Users and click "Invite User." Enter their email address, assign a role (Tenant Admin, Admin, or Read Only), and select which affiliations they should have access to.

What's the difference between the three roles?

Tenant Admin — Full control over everything including user management, billing, and domains
Admin — Can manage PhantomIDs, run injections, and configure integrations within assigned affiliations
Read Only — View-only access for stakeholders who need visibility without operational capabilities

I can't log in. What should I do?

Verify you're using the correct SSO provider (Google or Microsoft)
Ensure your email address has been added to the platform by your administrator
Clear your browser cache and try again
Contact your Detektix administrator to verify your account status

PhantomIDs

How are PhantomIDs generated?

PhantomIDs are generated using region-appropriate data generators. You specify the locale (e.g., German, Italian, English US), the domain for email addresses, and the affiliation. The system creates realistic names, addresses, and metadata matching the selected region.

Can I customize the generated data?

Yes. During generation, you can configure:

Country and locale
Email domain
Affiliation assignment
Business group
Currency settings

What does it mean when a PhantomID status changes to "Dirty"?

A "Dirty" status means someone has contacted that PhantomID — via call, SMS, or email. This is a detection signal indicating that the planted data has been accessed, leaked, or sold. Review the forensics section for the PhantomID to understand the nature and source of the contact.

Injection

Why did my injection job fail?

Common reasons:

Authentication error — The target platform's credentials may have changed or expired
Rate limit exceeded — The target platform is throttling requests; check rate limit settings
Target unavailable — The target URL or API endpoint may be down
Field mapping mismatch — The target's form fields may have changed

Check the job's execution log for specific error details.

How often do auto-injections run?

Auto-injection frequency depends on your tag-to-target mapping configuration. Each mapping can have its own schedule, from immediate (on PhantomID creation) to scheduled intervals.

Can I test an injection target before going live?

Yes. When creating or editing an injection target, use the validation function to test the connection and field mapping with sample data before enabling production jobs.

Forensics & Alerts

How quickly do call and SMS logs appear?

Call and SMS logs typically appear within 1-5 minutes of the event, depending on the sync schedule configured for your tenant.

What does the network graph show?

The network graph visualizes relationships between:

PhantomIDs (your planted identities)
Threat actors (detected suspicious entities)
Communication channels (calls, SMS, emails)

Edges represent communications, and the graph helps identify patterns like a single caller targeting multiple PhantomIDs.

How do I export forensic data?

Use the Generate Report function in the Forensics section to create an HTML report. You can also export data via the Snowflake or BigQuery integrations for custom analysis.

Integrations

How do I connect my own Twilio account (BYOT)?

Navigate to Settings → Integrations and select "External Twilio." Enter your Twilio Account SID and Auth Token. The platform will sync your phone numbers and begin tracking calls and SMS.

How do I set up Slack notifications?

Go to Settings → Integrations, select Slack, and provide your Bot Token and target Channel ID. Configure which events trigger notifications.

Security

Where is my data stored?

Each tenant has a dedicated, isolated database. The database location depends on your tenant's configured region. Contact your account representative for specific data residency information.

Who can access my tenant's data?

Only users explicitly invited to your tenant can access your data. Data isolation is enforced at the database level — there is no cross-tenant data access possible.

Do you provide security audit reports?

Contact your Detektix account representative for security documentation, audit reports, and compliance questionnaire responses.

Contact Support

If you can't find the answer to your question here:

Contact your Detektix administrator (internal support)
Email your Detektix account representative
For urgent security issues, use the dedicated security contact provided during onboarding

Account & Access​

How do I invite a new user?​

What's the difference between the three roles?​

I can't log in. What should I do?​

PhantomIDs​

How are PhantomIDs generated?​

Can I customize the generated data?​

What does it mean when a PhantomID status changes to "Dirty"?​

Injection​

Why did my injection job fail?​

How often do auto-injections run?​

Can I test an injection target before going live?​

Forensics & Alerts​

How quickly do call and SMS logs appear?​

What does the network graph show?​

How do I export forensic data?​

Integrations​

How do I connect my own Twilio account (BYOT)?​

How do I set up Slack notifications?​

Security​

Where is my data stored?​

Who can access my tenant's data?​

Do you provide security audit reports?​

Contact Support​