Event Sinks
Event sinks are alert destinations.
Last updated
Was this helpful?
Event sinks are alert destinations.
Last updated
Was this helpful?
Scanner supports various types of event sinks:
Slack - send event alerts to a Slack channel.
Webhook - send event alerts to a URL webhook.
PagerDuty - send event alerts to a PagerDuty service.
You can click Create New Sink to create a new event sink directly from a detection rule or by going to Settings > Event Sinks. Different sinks require different configuration values.
Here is what the Event Sink configuration form looks like for Slack. Once you fill out the Slack Channel ID, and the Name and Description of the event sink, you'll be guided to authorize the Scanner app in your Slack workspace.
For private Slack channels, you will need to invite the Scanner app to the channel before creating the event sink.
When configuring webhooks on Tines, Torq, or other applications, make sure they accept POST requests and JSON content.
On Scanner, select the PagerDuty event sink and provide the Events API V2 integration key for your service.
To customize alerts sent to PagerDuty, see Customizing PagerDuty Alerts.
Note: PagerDuty alerts from Scanner will need to be resolved manually.
You can view all of your team's event sinks by navigating to the Settings tab and selecting Event Sinks. In this view, you can create a new event sink, or edit your existing event sinks.
To create a webhook event sink, select Webhook and provide the URL for the webhook (from , , or other applications).
First, you will need to create an Events API V2 integration for your PagerDuty service. See the for more information.
Alerts are sent to event sinks from detection rules. To configure a detection rule to send an alert to an event sink, see .
