Event Sinks

Event sinks are alert destinations.

Types of event sinks

Scanner supports various types of event sinks:

Slack - send event alerts to a Slack channel.
Webhook - send event alerts to a URL webhook.

Creating an event sink

You can click Create New Sink to create a new event sink directly from a detection rule or by going to Settings > Event Sinks. Different sinks require different configuration values.

Slack

Here is what the Event Sink configuration form looks like for Slack. Once you fill out the Slack Channel Name, and the Name and Description of the event sink, you'll be guided to authorize the Scanner app in your Slack workspace.

Webhook

To create a webhook event sink, select Webhook and provide the URL for the webhook (from Tines, Torq, or other applications).

When configuring webhooks on Tines, Torq, or other applications, make sure they accept POST requests and JSON content.

Sending alerts

Alerts are sent to event sinks from detection rules. To configure a detection rule to send an alert to an event sink, see .

Viewing all event sinks

You can view all of your team's event sinks by navigating to the Settings tab and selecting Event Sinks. In this view, you can create a new event sink, or edit your existing event sinks.

PreviousDetection Rules NextAPI

Last updated 2 months ago