Alert Rules

Alert rules control which events trigger notifications and how they are delivered.

Event Types

12 event types can trigger notifications:

critical_cve — New critical vulnerability detected
high_cve — New high vulnerability detected
sla_breach — Vulnerability exceeded remediation deadline
scan_complete — Scan finished successfully
scan_failed — Scan failed
agent_disconnected — Sensor lost connectivity
coverage_gap — Image has no recent scan
exception_expiring — Attestation approaching expiration
regression — Previously fixed vulnerability reappeared
new_image — New image discovered in registry
cve_watch_new — CVE Watch detected a new CVE
cve_watch_kev — CVE added to CISA KEV catalog

Digest Modes

Realtime — Immediate delivery on each event
Daily — Batched daily summary
Weekly — Batched weekly summary

Previous

Channel Configuration

Next

Webhook Signatures

On this page

Event Types Digest Modes