Alerting

Route detection alerts to the right people through email, Slack, Discord, PagerDuty, or custom webhooks with severity-based filtering.

Alert Channels

Sentinel Nerd supports multiple alert channels. Each channel can be configured with severity filters so you only receive the alerts that matter.

Email

Email alerting is built-in and enabled by default. All team members with alert permissions receive notifications.

  • HTML-formatted alert emails with event details
  • Configurable digest mode (immediate, hourly, daily)
  • Per-user severity thresholds

Slack

Send alerts to Slack channels with rich formatting, action buttons, and thread-based updates.

Slack Configuration 

Webhook URL: https://hooks.slack.com/services/T00/B00/xxxxx
    Channel: #security-alerts
    Username: Sentinel Nerd
    Min Severity: medium
    Include Event Details: true
    Thread Follow-ups: true

Slack best practice

Create separate channels for different severity levels. Route critical/high to a channel with on-call notifications enabled, and medium/low to a review channel.

Discord

Send alerts to Discord channels via webhook. Alerts appear as rich embeds with color-coded severity.

Discord Configuration 

Webhook URL: https://discord.com/api/webhooks/xxxxx/yyyyy
    Min Severity: medium
    Mention Role: @security-team

PagerDuty

Trigger PagerDuty incidents for critical alerts with automatic resolution when the condition clears. Pro

PagerDuty Configuration 

Integration Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    Min Severity: high
    Auto-resolve: true
    Dedup Key: rule_name + group_by

Custom Webhooks

Send alert data to any HTTP endpoint. Use this to integrate with ticketing systems, SOAR platforms, or custom automation.

Webhook Configuration 

URL: https://your-app.com/api/sentinel-alerts
    Method: POST
    Headers:
      Authorization: Bearer your-token
      Content-Type: application/json
    Min Severity: low
    Retry: 3 attempts with exponential backoff

Webhook Payload

All webhooks receive a JSON payload with the following structure:

Webhook Payload 
{
  "alert_id": "alt_abc123",
  "rule_name": "net.ssh_brute_force",
  "severity": "high",
  "title": "SSH Brute Force Detected",
  "description": "10 failed SSH logins from 203.0.113.42 in 5 minutes",
  "source": "unifi_network",
  "timestamp": "2025-01-15T14:32:01Z",
  "events": [...],
  "enrichment": {
    "geo": { "country": "CN", "city": "Beijing" },
    "threat_score": 87,
    "abuse_reports": 142
  },
  "instance_id": "inst_xyz789",
  "dashboard_url": "https://app.sentinelnerd.com/alerts/alt_abc123"
}

Severity Routing

Configure which severities go to which channels:

Severity Recommended Channels Response Time
CriticalPagerDuty + Slack + EmailImmediate
HighSlack + EmailWithin 1 hour
MediumSlack or DiscordWithin 4 hours
LowEmail digestNext business day
InfoDashboard onlyReview weekly

Alert Suppression

Prevent alert fatigue with suppression rules:

  • Deduplication — Group identical alerts within a time window
  • Rate limiting — Max alerts per rule per time period
  • Maintenance windows — Suppress alerts during planned downtime
  • Acknowledgment — Suppress follow-ups once an alert is acknowledged

Note

Alert channels can be managed via the Alerts API for programmatic configuration.