Event Sinks

Event sinks are alert destinations.

Types of event sinks

Scanner supports various types of event sinks:

  • Slack - send event alerts to a Slack channel.

  • Torq Webhook - send event alerts to a Torq webhook.

  • Webhook - send event alerts to a URL webhook.

  • PagerDuty - send event alerts to a PagerDuty service.

Creating an event sink

You can click Create New Sink to create a new event sink directly from a detection rule or by going to Settings > Event Sinks. Different sinks require different configuration values.

Slack

First, you will need to connect your Slack workspace to Scanner. Go to Settings > Integrations to do this. You will be guided to authorize the Scanner app in your Slack workspace.

Connect your Slack workspace

After connecting your workspace, go to the Event Sinks to create a new event sink. Select Slack as the destination. Select the Slack workspace that your channel is in.

Select a Slack workspace

Next, you will be prompted to provide your channel ID.

For private Slack channels, you will need to invite the Scanner app to the channel before creating the event sink. To do this, right-click the channel, select View channel details, go to the Integrations tab, and add the Scanner app.

Create Slack event sink

Torq Webhook

To create a Torq webhook event sink, select Torq Webhook and provide the URL for the webhook and any custom HTTP headers (e.g. authentication headers).

Create Torq webhook

Webhook

To create a webhook event sink, select Webhook and provide the URL for the webhook (e.g. from Tines or other applications) and any custom HTTP headers (optional).

When configuring webhooks on Tines or other applications, make sure they accept POST requests and JSON content.

Create webhook event sink

PagerDuty

First, you will need to create an Events API V2 integration for your PagerDuty service. Go to Services -> Service Directory and select the service that you would like to create an event sink for. Go to the Integrations tab, click on Add another integration, and add the Events API V2 integration.

On Scanner, select the PagerDuty event sink and provide the Events API V2 integration key for your service.

To customize alerts sent to PagerDuty, see Customizing PagerDuty Alerts.

Note: PagerDuty alerts from Scanner will need to be resolved manually.

Create PagerDuty event sink

Testing event sinks

After creating an event sink, you can send a test event to the event sink to confirm the event sink works.

Select the event sink and click on Send Test Event on the details panel.

Send a test event to an event sink

Sending alerts

Alerts are sent to event sinks from detection rules. To configure a detection rule to send an alert to an event sink, see Configuring a detection rule to push to an event sink.

Viewing all event sinks

You can view all of your team's event sinks by navigating to the Settings tab and selecting Event Sinks. In this view, you can create a new event sink, or edit your existing event sinks.

Event sink settings
PreviousDetection RulesNextOut-of-the-Box Detection Rules

Last updated

Was this helpful?