Notifications
Configure rule-based notification configs with triggers, domain scoping, and destinations like email, webhooks, Slack, Discord, Jira, Linear, and S3.
What are notification configs?
Notification configs are rule-based alert configurations that let you define what triggers a notification, which domains it applies to, and where the notification is delivered. They are managed at the team level from Team Settings > Notifications.
Each config consists of three parts:
- Trigger - the event type that fires the notification (e.g., a malicious script detected)
- Domain scope - which domains the rule applies to (all domains or specific ones)
- Destinations - where the notification is sent (email, webhook, Slack, Jira, Linear, or S3)
You can create multiple notification configs per team, each with different triggers, scopes, and destinations.
Creating a notification config
- Open the dashboard and navigate to Team Settings
- Select the Notifications tab
- Click Create Notification Config
- Enter a Rule Name (e.g., “Monitor PCI compliance” or “Slack alerts for threats”)
- Select a trigger from the Trigger Library
- Configure the domain scope - choose all domains (including future ones) or select specific domains
- Add one or more destinations under “Send To”
- Configure each destination’s settings in the Configuration panel
- Click Save or Save & Test to create the config
Save & Test creates the notification config and immediately sends a test notification to all configured destinations, so you can verify everything is working.
Trigger library
The trigger library contains six event types you can use in your notification configs. Some triggers deliver notifications in real time, while others aggregate events into a daily or weekly digest.
| Trigger | Description | Delivery |
|---|---|---|
| Script Threat Detected | Fires when the rules engine detects a malicious or suspicious script | Real-time |
| Vulnerable Script Detected | Fires when a vulnerable or high-risk script is detected on a monitored domain | Real-time |
| Managed List: Flagged | Fires when a script matches c/side’s curated threat intelligence list | Real-time |
| Web Script Release | Fires when a new version of the c/side monitoring script is released | Real-time |
| PCI Report Available | PCI compliance reports delivered as a scheduled digest | Digest (daily or weekly) |
| Script Blocked by CSP | CSP block events aggregated into a scheduled digest to reduce noise | Digest (daily or weekly) |
Real-time vs. digest triggers
Real-time triggers send a notification immediately when the event occurs. Use these for security-critical events like threat detections and vulnerability alerts.
Digest triggers aggregate events and deliver them on a schedule (daily or weekly). This prevents alert fatigue for high-frequency events like CSP blocks or recurring compliance reports.
When you select a digest trigger, you will be prompted to choose a delivery schedule.
Domain scope
Each notification config can be scoped to specific domains or applied to all domains in your team:
- All domains (including future domains) - the rule applies to every domain in your team, including any domains added later
- Specific domains - select one or more domains from a list. The rule only triggers for events on those domains
Destinations
Destinations define where notifications are delivered. You can add multiple destinations to a single config - for example, send threat alerts to both Slack and Jira simultaneously.
| Destination | Description | Setup guide |
|---|---|---|
| Send notifications to team members or external email addresses | See below | |
| Webhooks | HTTP POST requests with JSON, Slack, or Discord formatting | Webhook guide |
| S3 | Store notifications in AWS S3 buckets | S3 guide |
| Jira | Automatically create Jira issues from alerts | Jira guide |
| Linear | Automatically create Linear issues from alerts | Linear guide |
Email notifications
Email is a built-in destination type. When configuring an email destination, you can:
- Notify all team members (including future members) - every user on your team receives the notification
- Select individual team members - choose specific users from your team
- Add external email addresses - forward notifications to addresses outside your team (e.g., a ticketing system or SIEM)
You can combine these options - for example, notify all team members and also forward to your SIEM.
Integrations
Some destinations (Jira, Linear) require a team integration to be connected before they can be used as destinations:
- Go to Team Settings > Integrations
- Click Connect next to the service (Jira or Linear)
- Follow the OAuth authorization flow
- Once connected, the destination becomes available in your notification configs
Jira and Linear destinations are included on the Enterprise plan and available as an add-on for Business plans. Contact sales to learn more.
Testing notifications
You can test your notification configs in two ways:
- Save & Test - when creating or editing a config, click Save & Test to save the config and send a test notification to all destinations
- Test existing config - from the notification config list, trigger a test for any saved config
Test notifications are clearly marked so your team knows no action is required.
Managing notification configs
All notification configs for your team are listed under Team Settings > Notifications. From there you can:
- Create new configs with the Create Notification Config button
- Edit existing configs to change triggers, domains, or destinations
- Delete configs you no longer need
- Enable or disable configs without deleting them
All changes are recorded in your team’s audit logs.
Thanks for your feedback!