Real-time Security Alerts

FortWatch delivers alerts through three first-class channels: email (with full finding context and remediation links), Slack (per-channel routing with severity color coding), and webhooks (JSON payloads for PagerDuty, Opsgenie, Microsoft Teams, Discord, or any custom endpoint). You can enable any combination — most teams run Slack for visibility, email for the record, and webhooks for on-call escalation.

Alert fatigue is the single biggest reason monitoring tools get muted. FortWatch fights it three ways: severity filtering so you only get paged on what matters, intelligent deduplication so the same finding doesn't re-alert every scan, and a digest mode that batches medium and low severity findings into a daily or weekly summary. Critical and high findings still arrive instantly — the noise does not.

Yes. Every alert rule has a severity floor: Critical only, High and above, Medium and above, or All. You can set different floors per channel — for example, page the on-call via webhook only for Critical, post to #security in Slack for High and above, and email a weekly digest of everything else. Info-severity findings are never alerted by default; they require explicit opt-in.

Yes. Quiet hours suppress non-critical alerts outside your team's working hours and queue them for the next business day — Critical findings still page immediately. For on-call rotation, use the webhook channel to route alerts into PagerDuty or Opsgenie, which handle the schedule, escalation policy, and acknowledgment flow. FortWatch stays the source of truth for the finding; your on-call tool handles the human side.

Real-time alerts fire within seconds of a scan detecting a new finding — use them for Critical and High severity where minutes matter. Digest mode batches lower-severity findings into a single email or Slack post delivered on your schedule (daily at 9am, end of week, etc.). Most teams run both: real-time for the urgent, digest for the ambient awareness.

Yes. Rules can filter by severity, asset (specific domains or IPs), finding category (SSL, exposed ports, vulnerabilities, headers, etc.), and workspace. You can route different rule sets to different channels — for example, SSL expirations to the ops webhook, new CVEs to the security Slack channel, and a weekly digest of everything to the compliance mailbox.

Yes. FortWatch rate-limits alerts per channel to protect against storm scenarios — if a misconfiguration suddenly exposes 200 findings, you get one summary alert instead of 200 individual pages. Deduplication also prevents the same open finding from re-alerting on every subsequent scan; you'll only hear about it again if its state changes (severity increases, asset scope changes, or it's closed and reopens).

Yes. Every alert that fires — plus every alert that was suppressed by a rule, quiet hours, or dedup — is logged with timestamp, channel, recipient, severity, related finding, and delivery status. The log is searchable by date, severity, channel, and asset, so you can answer 'did we alert on this before the incident?' during a post-mortem or audit review.