Coming Soon

PagerDuty integration

Q: Is the PagerDuty integration available now?

Not yet — it is in active development. Add your email on this page and we will notify you the moment it ships.

Q: Will every finding page my on-call?

No. You choose which severities create incidents — most teams start with critical and high only — and FortWatch maps lower severities to low-urgency incidents so they file quietly rather than ring a phone.

Q: What happens to a PagerDuty incident after we fix the issue?

FortWatch sends a resolve event on the same dedup_key when its next scan confirms the exposure is gone, so the incident closes automatically. Recurring detections deduplicate into a single incident instead of paging repeatedly.

Alerting & Communication

PagerDuty is where on-call engineers find out something is on fire — and an internet-exposed database or a soon-to-expire production certificate is exactly the kind of thing that should reach the right person at any hour, not wait in a dashboard until morning. The FortWatch PagerDuty integration (currently in development) will turn critical and high-severity findings from your continuous external scans into PagerDuty incidents that follow your existing escalation policies and on-call schedules. Exposures get the same urgency, routing, and accountability you already give to uptime and infrastructure incidents.

Get notified All integrations

New alert in PagerDuty

Criticaljust now

Exposed Redis on 203.0.113.10:6379

Unauthenticated database reachable from the internet.

View finding & step-by-step fix →

Delivered in < 1 minute

How it works

PagerDuty + FortWatch

FortWatch will connect to PagerDuty through the Events API v2 (the same integration mechanism PagerDuty uses for monitoring tools), authenticated by an integration/routing key you generate on a PagerDuty service. When a scan produces a new critical or high-severity finding, FortWatch sends a `trigger` event carrying a summary, the affected asset as the `source`, a severity, and a stable `dedup_key` derived from the finding so repeat detections collapse into one incident instead of paging twice. FortWatch maps its severity scale to PagerDuty's four-value `severity` field (critical/high → critical/error, medium → warning, low → info), so with Dynamic Notifications enabled, criticals notify on-call at high urgency while quieter findings land at low urgency. When FortWatch's post-scan pipeline auto-resolves the underlying issue — the port closes, the bucket is locked down, the certificate is renewed — it sends a `resolve` event on the same `dedup_key`, closing the PagerDuty incident automatically so your on-call queue reflects reality.

FortWatch scans

Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.

AI triages the finding

Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.

Delivered to PagerDuty

The finding lands in PagerDuty, routed by severity — so the right people see the right alert, fast.

Capabilities

What you'll be able to do

Everything the PagerDuty integration will bring to your security workflow.

Page on-call for criticals

an unauthenticated Redis or MongoDB reachable from the internet triggers a high-urgency incident the moment a scan finds it, day or night.

Escalation that already works

incidents follow your existing PagerDuty escalation policies, so an unacknowledged exposed .env or public S3 bucket climbs the chain instead of going stale.

Severity-driven urgency

criticals and highs notify on-call at high urgency while medium and low findings file as low-urgency incidents, keeping noise off the phone.

Deduplicated alerts

a finding that persists across repeated scans uses a stable dedup_key, so a long-lived exposure is one incident with a running log, not a fresh page every scan cycle.

Auto-resolve on remediation

when FortWatch confirms a port is closed or a certificate renewed, it resolves the matching PagerDuty incident automatically — no manual cleanup.

Service-scoped routing

point different FortWatch asset groups at different PagerDuty services so client or environment ownership maps to the right on-call team (useful for MSPs and multi-team orgs).

In practice

What an alert looks like

Every finding arrives formatted for PagerDuty — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.

Severity-tagged and color-coded
The exact asset and port affected
One click to the full finding & remediation

PagerDuty

[CRITICAL] Exposed Redis on 203.0.113.10:6379\nUnauthenticated Redis is reachable from the internet — anyone can read, modify, or wipe the dataset and may achieve remote code execution on the host.\nSource: cache-prod-1   ·   Service: FortWatch External Surface\nSeverity: critical (→ high urgency)   ·   dedup_key: fw-redis-203.0.113.10-6379\nDetected by: continuous port scan   ·   2 minutes ago\nView finding & step-by-step fix → https://app.fortwatch.ai/issues/...

Setup

Set it up in minutes, once it lands

No agents, no infrastructure changes — just connect PagerDuty and choose where alerts go.

When it launches, in PagerDuty create or pick a service and add an Events API v2 integration, then copy its integration (routing) key.

In FortWatch, open Settings → Integrations, select PagerDuty, and paste the routing key.

Choose which severities trigger incidents (for example critical and high only) and confirm the FortWatch → PagerDuty severity mapping.

On the PagerDuty service, enable Dynamic Notifications so alert severity drives incident urgency, and attach your escalation policy.

Send a test event to verify it lands on the right service and pages the right on-call, then turn the integration on.

Why route FortWatch into PagerDuty?

Detection only reduces risk if it reaches a human fast — and an exposed credential store or a public bucket is a clock-ticking event, not a backlog item. Routing FortWatch findings through PagerDuty gives external exposures the same on-call rigor, escalation, and accountability your team already trusts for outages, so the window between exposure and remediation is measured in minutes. Because incidents auto-resolve when the finding clears, your on-call queue stays an honest signal instead of filling with stale alerts.

FAQ

Frequently asked questions

Is the PagerDuty integration available now?

Not yet — it is in active development. Add your email on this page and we will notify you the moment it ships.

Will every finding page my on-call?

No. You choose which severities create incidents — most teams start with critical and high only — and FortWatch maps lower severities to low-urgency incidents so they file quietly rather than ring a phone.

What happens to a PagerDuty incident after we fix the issue?

FortWatch sends a resolve event on the same dedup_key when its next scan confirms the exposure is gone, so the incident closes automatically. Recurring detections deduplicate into a single incident instead of paging repeatedly.