Managing alerts

Community Platform

runZero can trigger automatic alerts when certain events occur through a combination of Channels and Rules.

runZero currently supports Internal, Email, and Webhook channel types.

Internal channels store events within the Alerts list within the runZero Console. Internal alerts support explicit acknowledgement. Internal channels can be bulk acknowledged and cleared from within the runZero Console.

Email channels can be configured to deliver mail to one or more recipients. These email messages contain a summary of the alert and a link to the specifics within the runZero Console. Email is sent from the runZero infrastructure using the Sendgrid service.

Webhook channels allow runZero to post alerts to internet-reachable web services. The post request contains a standard text message for use with platforms like Slack and Mattermost, but also additional fields containing the full alert details. Webhooks are a great way to tie runZero alerts into third-party platforms.

To trigger an alert on a channel, a Rule must be created. Rules define which events lead to alert on which channels. The name of the rule will be included in the alert content and should describe the type of event that it monitors.

The following event types can be used to create rules:

  • Scan completed
  • New assets found
  • Assets back online
  • Assets now offline
  • Assets changed

Scan completion and assets changed rules can be noisy but may be useful to keep a running log of network changes over time. For a typical monitoring use case, a rule would be created to trigger on Assets now offline, Assets back online, and New assets found, automatically alerting an email alias or a Slack channel.

Alert rules, when combined with recurring scans, can be a simple way to track network changes over time.