Grafana integration
SIEM & Monitoring
Grafana is where DevOps and SRE teams already watch their infrastructure, so it's a natural place to see external attack surface alongside uptime, latency, and error rates. The FortWatch + Grafana integration (in development) will push critical exposures — open ports, unauthenticated databases, public buckets, expiring TLS certs — into the dashboards and alerting pipelines your team checks every day. Instead of attack-surface risk living in a separate tool, it shows up next to the metrics on-call already trusts.
Exposed Redis on 203.0.113.10:6379
Unauthenticated database reachable from the internet.
View finding & step-by-step fix →Grafana + FortWatch
FortWatch will connect to Grafana through Grafana's standard, supported integration surfaces — no custom agent required. As FortWatch's 11 scanners run continuously and the AI triage engine assigns a severity to each finding, new and changed issues will flow to Grafana in two complementary ways. First, as annotations via the Grafana HTTP API (POST /api/annotations): each significant finding becomes a timestamped, tagged annotation (for example tags like fortwatch, critical, redis) that overlays directly on your existing dashboards, so an exposure shows up as a marked event on the same timeline as your infra metrics. Second, as alert events into Grafana Alerting / IRM (OnCall) incoming webhooks: FortWatch posts a formatted payload (alert_uid, title, state, message, link back to the finding) that flows through your notification policies and escalation chains, routing critical findings to the right responders just like any other alert. You'll authenticate with a Grafana service account token (for annotations) or an IRM webhook URL, map FortWatch severities to Grafana severity/labels, and choose which dashboards or contact points receive events. Findings resolve cleanly too — when FortWatch confirms an exposure is remediated, it sends a resolved state so the alert closes itself rather than lingering.
FortWatch scans
Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.
AI triages the finding
Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.
Delivered to Grafana
The finding lands in Grafana, routed by severity — so the right people see the right alert, fast.
What you'll be able to do
Everything the Grafana integration will bring to your security workflow.
Overlay attack-surface events on infra dashboards — see an exposed Redis port or expiring cert as an annotation on the same timeline as CPU, latency, and deploy markers, so spikes and exposures correlate at a glance.
Route critical exposures through existing on-call — feed FortWatch findings into Grafana Alerting / IRM so unauthenticated databases and public buckets escalate through the same notification policies and rotations as production incidents.
Build a dedicated external attack surface panel — query FortWatch annotations by tag (fortwatch, critical, high) to chart open issues over time, severity breakdowns, and time-to-remediate alongside your reliability SLOs.
Correlate exposures with deploys — when a new annotation for an open port or missing security header appears right after a release annotation, you immediately see which change introduced the risk.
Auto-close resolved findings — FortWatch sends a resolved state when an exposure is remediated, so alerts clear themselves and dashboards stay accurate without manual cleanup.
Unify security and reliability views for MSPs — give each managed client a Grafana view where attack-surface findings sit next to the infrastructure metrics you already monitor for them.
What an alert looks like
Every finding arrives formatted for Grafana — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.
- Severity-tagged and color-coded
- The exact asset and port affected
- One click to the full finding & remediation
Grafana[FortWatch] CRITICAL: Unauthenticated Redis exposed on the public internet\n\nstate: firing\nseverity: critical\nasset: cache-01.example.com:6379\nfinding: Redis responds to INFO without authentication (no requirepass set)\nimpact: Full read/write access to cached data; documented mass-ransom target\nfirst_seen: 2026-06-07T09:14:00Z\nremediation: Bind to localhost/private network, enable requirepass, or firewall port 6379\nlink: https://app.fortwatch.ai/issues/9f3a21\n\ntags: fortwatch, critical, open-port, redis
Set it up in minutes, once it lands
No agents, no infrastructure changes — just connect Grafana and choose where alerts go.
When it launches, open FortWatch → Integrations and select Grafana, then choose how you want findings delivered: dashboard annotations, alert events, or both.
For annotations, create a Grafana service account token with annotation write access and paste it into FortWatch along with your Grafana base URL (and optional target dashboard UID).
For alerting, create a Grafana Alerting / IRM (OnCall) incoming webhook and paste its URL into FortWatch, then map FortWatch severities (critical/high/medium/low) to your Grafana labels and routing.
Pick a severity threshold so only findings at or above your chosen level (for example high and critical) reach Grafana, keeping dashboards and on-call signal clean.
Send a test event to confirm annotations appear on your dashboard and alerts flow through your notification policy, then enable continuous delivery.
Why route FortWatch into Grafana?
Attack-surface risk and reliability are usually watched in separate tools, which means exposures get noticed late — often only after a breach or an audit. Surfacing FortWatch findings inside Grafana puts critical exposures on the dashboards and in the on-call pipeline your team already lives in, so a public database or expiring cert gets the same attention as a latency spike. Correlating findings with deploys and infra events on one timeline also makes root cause obvious: you can see exactly when an exposure appeared and what changed.
Frequently asked questions
Is the FortWatch Grafana integration available yet?
Not yet — it's in active development and marked Coming Soon. You can request early access or get notified from this page, and we'll email you the moment it goes live. In the meantime, FortWatch's scanners run continuously, so your findings will be ready to stream into Grafana on day one.
Will it work with both Grafana Cloud and self-hosted Grafana?
That's the plan. The integration is designed around Grafana's standard interfaces — the annotations HTTP API and Grafana Alerting / IRM incoming webhooks — which are available in both Grafana Cloud and self-managed Grafana (OSS/Enterprise). You'll point FortWatch at your Grafana base URL or webhook endpoint, so as long as FortWatch can reach it, either deployment works.
Will this flood my dashboards and on-call with low-value noise?
No. FortWatch applies AI triage and a severity to every finding, and the integration lets you set a threshold so only findings at or above your chosen level reach Grafana. Findings also auto-resolve when remediated, so alerts close themselves instead of piling up. You decide whether exposures arrive as quiet dashboard annotations, escalating alerts, or both.
Want the Grafana integration when it ships?
We'll email you the moment it goes live — no spam, just the launch.
Get notified
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.