TABLE OF CONTENTS


Alerts Overview

In Aqua alerts are notifications of certain activities (A scan is run or an event is received) in the users' account. The alerts service then sends these notifications to the Integrations that are configured (an Integration must be created before an alert can be configured). There are two types of Alerts: Scan Alerts and Event Alerts.


Scan Alerts

Scan alerts are notifications that get sent after a scan is completed. These alerts can be configured to only send notifications when a certain plugin enters a fail or warning state and will contain the plugin, resource, and severity. 

Scan alerts can also be configured to send notifications whenever a scheduled scan is run. These alerts will contain the number of passing, failing, and warning results as well as any new failing plugins. Check for instructions on how to create a new scan alert


Event Alerts

Event alerts are notifications that get sent after an event is received and processed by the Aqua CSPM Event Service.  These alerts can be configured to only send notifications when specific actions are received by the event service. These alerts will contain the action that was flagged, the invoking user, the IP Address of the invoking user, a description of why the action was flagged, and the raw data of the event that Aqua received. Check for instructions on how to create a new event alert.