Notifications
Configure how and when you receive alerts when tripwires are triggered.
Notification Channels
Tripwires supports multiple notification channels to ensure you never miss an alert:
Receive detailed alerts via email with full detection information.
Slack
Send alerts to a Slack channel for team visibility.
Webhook
Send JSON payloads to any URL for custom integrations.
PagerDuty
Integrate with PagerDuty for on-call alerting.
Email Notifications
Email is the default notification channel. Alert emails include:
- Tripwire Name - Which tripwire was triggered
- Detection Time - Exact timestamp of the event
- Source IP - Where the connection came from
- Credentials Used - The username that was attempted
- Quick Actions - Links to view details in the dashboard
Webhook Configuration
For custom integrations, configure a webhook endpoint to receive JSON payloads:
{
"event": "tripwire.triggered",
"timestamp": "2024-01-15T10:30:00Z",
"tripwire": {
"id": "tw_abc123",
"name": "Production Database",
"type": "postgresql"
},
"detection": {
"source_ip": "192.168.1.100",
"username": "prod_user_xK9mP",
"timestamp": "2024-01-15T10:30:00Z"
}
}Notification Preferences
Customize when and how often you receive notifications:
| Setting | Description |
|---|---|
| Immediate Alerts | Get notified instantly when any tripwire is triggered |
| Daily Digest | Receive a daily summary of all detections |
| Weekly Report | Get a weekly overview of tripwire activity |
| Quiet Hours | Suppress non-critical notifications during specified hours |
Alert Deduplication
To prevent alert fatigue, Tripwires automatically deduplicates notifications:
- Multiple connections from the same IP within 5 minutes are grouped
- Repeated attempts with the same username are consolidated
- You can configure the deduplication window in settings
Test Your Notifications
Use the "Send Test Alert" button in notification settings to verify your channels are working correctly before relying on them for real alerts.