New Relic integration
SIEM & Monitoring
New Relic is where many teams already correlate application performance, infrastructure metrics, and logs in one place — which makes it a natural home for external attack-surface signal too. The FortWatch New Relic integration (currently in development) will stream every finding from your continuous external scans into New Relic as custom events and metrics, so an exposed database or an expiring certificate shows up alongside the latency spike or error rate it might explain — queryable with NRQL and ready to trip an alert.
Exposed Redis on 203.0.113.10:6379
Unauthenticated database reachable from the internet.
View finding & step-by-step fix →New Relic + FortWatch
FortWatch sends findings to New Relic using its standard ingest paths: custom events through the Event API and counts through the Metric API, authenticated with a New Relic Insights Insert (ingest) key. When a scan completes or a new issue is detected, FortWatch posts a structured event — for example a FortWatchFinding event carrying severity, the scanner that found it, the affected asset, a CVE or finding ID, and first-seen timestamp — into your New Relic account. Because the data lands as normal events and metrics, you can build NRQL dashboards (findings by severity over time, open criticals per asset), drop widgets onto existing observability boards, and define NRQL alert conditions that route through your New Relic workflows and destinations to Slack, PagerDuty, or email. As findings are remediated in FortWatch, follow-up resolution events let dashboards and alerts reflect the current state rather than a one-time snapshot.
FortWatch scans
Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.
AI triages the finding
Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.
Delivered to New Relic
The finding lands in New Relic, routed by severity — so the right people see the right alert, fast.
What you'll be able to do
Everything the New Relic integration will bring to your security workflow.
Unified observability
see external security findings on the same New Relic dashboards as APM, infrastructure, and log data, so exposures sit next to the systems they affect.
NRQL-driven alerting
write a condition like critical-severity FortWatch findings greater than zero and route it through your existing New Relic alert policies and on-call workflows.
Severity-over-time dashboards
chart open criticals, highs, and mediums across your attack surface to show whether exposure is trending up or down.
Per-asset security posture
facet findings by host, domain, or IP to spot which assets carry the most external risk right now.
Correlate exposure with incidents
when an asset starts misbehaving, check whether a new open port, public bucket, or exposed .env appeared around the same time.
Compliance and audit trails
retain a timestamped event history of when each finding was detected and resolved, queryable for reporting.
What an alert looks like
Every finding arrives formatted for New Relic — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.
- Severity-tagged and color-coded
- The exact asset and port affected
- One click to the full finding & remediation
New ReliceventType: FortWatchFinding\nseverity: critical\nscanner: nmap\ntitle: Unauthenticated Redis exposed on port 6379\nasset: cache-prod-1 (203.0.113.10)\nfindingId: fw-9f2c41\nfirstSeen: 2026-06-07T14:22:08Z\nmessage: Internet-reachable Redis with no auth — readable, wipeable, host takeover risk\n\nNRQL: SELECT count(*) FROM FortWatchFinding WHERE severity = 'critical' SINCE 1 hour ago\n→ Trips alert policy: External Attack Surface — Critical
Set it up in minutes, once it lands
No agents, no infrastructure changes — just connect New Relic and choose where alerts go.
When it launches, open Settings → Integrations in FortWatch and choose New Relic.
Paste a New Relic Insights Insert (ingest) API key and your account ID so FortWatch can post events and metrics.
Pick which severities to forward and confirm the FortWatchFinding event and metric naming.
Send a test event and verify it appears in New Relic with a quick NRQL query (SELECT * FROM FortWatchFinding).
Add the prebuilt FortWatch dashboard or wire findings into your own boards, then create NRQL alert conditions for the severities you care about.
Why route FortWatch into New Relic?
Security signal is most useful next to the operational data it explains, not stranded in a separate dashboard nobody opens during an incident. Feeding FortWatch findings into New Relic means your existing observability stack — queries, dashboards, alert policies, and on-call routing — already covers external exposure, so a new open database or expiring certificate gets the same attention as a latency regression.
Frequently asked questions
Is the New Relic integration available now?
Not yet — it is in active development. Add your email on this page and we will notify you the moment it ships.
How does FortWatch get data into New Relic?
Through New Relic's standard ingest APIs — custom events via the Event API and counts via the Metric API, authenticated with an Insights Insert (ingest) key. Findings land as normal New Relic events and metrics, so you query them with NRQL and alert on them like any other data.
Will it create alerts, or just dashboards?
Both. Findings are queryable in NRQL for dashboards, and you can define NRQL alert conditions that fire through your existing New Relic policies, workflows, and destinations. You choose which severities forward so the data stays signal, not noise.
Want the New Relic integration when it ships?
We'll email you the moment it goes live — no spam, just the launch.
Get notified
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.