Skip to main content

What are notifications?

Notifications let you receive alerts when scan results match specific conditions. Instead of checking every scan manually, you set up rules and only hear about what matters.

How notifications work

1

Create a notification rule

Define what conditions should trigger an alert.
2

Choose a trigger type

Select what type of scan results to monitor (vulnerability, ports, scan status, etc.).
3

Set conditions

Specify the exact criteria (e.g., risk level is at least High).
4

Select destinations

Choose where to send the notification (email, Slack, webhook, etc.).

Trigger types

Notifications can be triggered based on different types of scan results:
TriggerDescription
VulnerabilityFindings from vulnerability scans
Scan statusScan completion status (finished, failed, timed out, etc.)
Port ScannerOpen ports discovered by the Port Scanner or Network Scanner
Technology foundTechnologies detected by Website Scanner or Website Recon
SubdomainsSubdomains discovered by the Subdomain Finder
URL FuzzerItems found by the URL Fuzzer
Password AuditorCredentials found by the Password Auditor
DomainsDomains found by the Domain Finder

Condition examples

Vulnerability conditions

ConditionOperatorsExample
Risk levelis at leastAlert when risk is at least High
Finding namecontains, isAlert when finding contains “SQL Injection”
Confirmed tagis confirmedAlert only for confirmed findings
Difffrom previous scanAlert when new vulnerabilities appear

Scan status conditions

StatusDescription
FinishedScan completed successfully
Timed outScan exceeded time limit
Stopped by userScan was manually stopped
Failed to startScan could not start
VPN connection errorVPN agent connectivity issue
Authentication errorLogin credentials failed
Connection errorTarget unreachable
AbortedScan was aborted

Port Scanner conditions

ConditionOperatorsExample
Open portis any of, is not one of, is greater than, in top N, contains all ofAlert on port 22, 23, 3389
Protocolis, containsAlert when SSH is detected
Difffrom previous scanAlert when new ports appear

Subdomains conditions

ConditionOperatorsExample
Subdomain namecontainsAlert when subdomain contains “admin”
NetnamecontainsAlert when netname contains “AMAZON”
CountrycontainsAlert when country contains “US”
Difffrom previous scanAlert when new subdomains appear

URL Fuzzer conditions

ConditionOperatorsExample
Items foundat leastAlert when at least 10 items are found
HTTP codeisAlert when HTTP code is 200

Password Auditor conditions

ConditionOperatorsExample
Credentials foundat leastAlert when at least 1 credential is found

Domains conditions

ConditionOperatorsExample
Domain namecontainsAlert when domain contains “example”
CompanycontainsAlert when company contains “Corp”
EmailcontainsAlert when email contains “@example.com”
Certaintyat leastAlert when certainty is at least 80

Technology conditions

ConditionOperatorsExample
TechnologycontainsAlert when “WordPress” is found

Notification destinations

Email

Send to your account email or custom addresses.

Slack

Send to a Slack channel.

Microsoft Teams

Send to a Teams channel via webhook.

Discord

Send to a Discord channel via webhook.

Webhook

Send to any HTTP endpoint.

Nucleus

Send findings to Nucleus for vulnerability management.

Creating a notification

1

Go to Notifications

Click Notifications in the sidebar.
2

Add a notification

Click Add and enter a name.
3

Select a trigger type

Choose what to monitor, for example, Vulnerability or Port Scanner.
4

Set conditions

Add one or more conditions, for example, Risk level is at least High.
5

Select destinations

Under Notification actions, choose where to send alerts: your default email, additional addresses, or an integration like Slack, Teams, Discord, Webhook, or Nucleus.
6

Save

Click Save. The notification activates immediately.
You can add multiple conditions to a single notification. All conditions must match (AND logic) for the notification to trigger.

Workspace scope

Notifications are scoped to your current workspace. Each workspace can have its own set of notification rules. The notifications configured on this page are applied to all scans running in the current workspace, whether started manually, scheduled, or via API. A notification will be sent if a scan result matches any of the defined notification rules in the workspace.

Enabling and disabling

You can enable or disable notifications without deleting them:
  • Enabled: Notification will trigger when conditions match
  • Disabled: Notification is saved but won’t trigger

Diff notifications

Diff notifications alert you when results change from a previous scan:
  • New vulnerabilities: alert when new findings appear
  • New ports: alert when new ports are discovered
  • New subdomains: alert when new subdomains are found

Best practices

Begin by setting up notifications for critical and high severity findings. Add more granular rules as needed.
Name notifications descriptively, for example “Critical vulns - Production”.
Use multiple conditions to reduce noise. For example, “Risk level at least High” AND “Finding name contains SQL”.
For scheduled scans, use diff notifications to only alert on changes instead of every finding.
Too many notifications can lead to alert fatigue. Focus on actionable alerts rather than notifying on everything.