Skip to main content

Notifications

TridentStack Control can notify your team when important platform events occur. Notifications support multiple delivery channels and give you granular control over which events trigger alerts and who receives them.

Supported Channels

ChannelIntegration MethodDescription
EmailBuilt-in (Resend)HTML-formatted emails sent to selected team members. Per-category recipient selection lets different teams receive different event types
SlackIncoming webhook URLBlock Kit formatted messages with color coding and action buttons linking back to TridentStack Control
Microsoft TeamsWebhook URLAdaptive Card formatted messages with field-based layouts
DiscordWebhook URLEmbedded messages with color-coded severity levels
Custom WebhookHTTP endpoint URLRaw JSON payloads signed with HMAC-SHA256 for verification. Supports custom headers
In-appBuilt-inAlerts appear in the notification bell inside TridentStack Control, so your team sees them without leaving the platform

Event Categories

Notifications are organized into four categories. Each category can be enabled or disabled independently, and individual events within a category can be toggled on or off.

Deployment Rings

Lifecycle events for phased deployment rollouts. These help you stay informed as updates progress through your ring phases without needing to watch the deployment rings page.

EventDescription
Deployment StartedA deployment ring began deploying updates to agents
Phase AdvancedA ring phase progressed to the next phase
Approval PendingA manual-approval phase is ready for administrator action
Deployment CompletedAll phases in the ring finished, with summary statistics
Emergency HaltA ring was auto-halted because the failure threshold was exceeded
Phase FailureA phase failed to meet its success criteria after the timeout period
tip

At minimum, enable Approval Pending and Emergency Halt for deployment rings. These are the two events most likely to require immediate action from your team.

Security and Access

User management and authentication events for audit awareness.

EventDescription
User InvitedA new user was invited to the tenant
Role ChangedA user was promoted or demoted (for example, granted or revoked admin access)
API Key CreatedA new API key was generated
API Key DeletedAn API key was revoked

Agent Fleet

Agent registration and removal events for fleet visibility.

EventDescription
Agent RegisteredA new agent enrolled with the platform
Agent RemovedAn agent was deleted from the tenant

Risk and Compliance

Summary alerts for vulnerability and compliance posture changes across your fleet.

EventDescription
Critical Vulnerabilities FoundNew critical-severity vulnerabilities (CVSS 9.0+) were detected across the fleet. Includes affected agent count and top CVEs
Compliance Drift DetectedAgents fell out of compliance with assigned frameworks. Includes drifted agent count and affected frameworks

Configuring Notifications

Access notification settings from Settings > Notifications in the sidebar.

Master Switch

The master toggle at the top of the page enables or disables all notifications globally. When disabled, no notifications are sent regardless of individual channel or event settings.

Email Configuration

Email is a built-in channel that does not require a webhook URL:

  1. Toggle Email notifications on
  2. Optionally set a custom "From" display name (defaults to "TridentStack Control")
  3. For each event category, choose who should receive those emails. Select team members from the directory, or, as an administrator, type any email address (such as a shared inbox or distribution list) and add it. Different categories can have different recipient lists, so deployment ring alerts go to your ops team while security events go to your security team

Adding an External Channel

To add Slack, Teams, Discord, or a custom webhook:

  1. Click Add Channel
  2. Select the channel type
  3. Enter the webhook URL (and optionally custom headers for webhooks)
  4. Give the channel a descriptive name
  5. Click Save

For custom webhooks, a signing secret is generated automatically and displayed once on creation. Store this secret securely. TridentStack Control signs every webhook payload with HMAC-SHA256 using this secret, allowing your endpoint to verify authenticity.

Testing a Channel

After adding a channel, click the Test button to send a sample notification. This verifies that the webhook URL is correct and that your receiving application processes the message format properly.

Per-Channel Event Filtering

Each event can be turned on or off independently for every channel. For example, you can send Critical Vulnerabilities Found alerts to email and the in-app bell while leaving them off in Slack, all from Settings > Notifications.

Each external channel can also have its own event whitelist. For example, you might send all deployment ring events to Slack but only send emergency halts and phase failures to a PagerDuty webhook:

  1. Click the channel in the channel list
  2. Toggle individual events on or off for that channel
  3. Save your changes

Events that are disabled at the category level (in the main event settings) are never sent to any channel, regardless of per-channel filtering.

Notification Delivery

Most notifications are sent in near real-time when events occur. Each delivery attempt is logged internally with status (sent or failed) and error details if applicable. Failed deliveries are not automatically retried.

Delivery mode for critical vulnerability alerts

On a large fleet, new critical vulnerabilities can be detected on every scan, which used to mean an alert for every scan. To keep your inbox manageable, critical vulnerability alerts are grouped into a single digest by default instead of sending one alert per scan.

You configure this from the Critical Vulnerabilities Found event in Settings > Notifications. When that alert type is enabled, a Configure button opens a panel where you choose how alerts are delivered:

Delivery modeBehavior
ImmediateSend an alert as soon as new critical vulnerabilities are found, on every scan. Best for small fleets or teams that want every finding surfaced right away
Hourly digestGroup new critical vulnerabilities into one summary sent once per hour
Daily digest (default)Group new critical vulnerabilities into one summary sent once per day, at a send time you choose

For the daily digest, you pick the time of day the summary goes out and the time zone it is measured in. The time zone defaults to your account's time zone, so the digest lands at the same local hour for your team without any extra setup, and you can change it to any zone you prefer.

Whichever mode you choose, actively exploited vulnerabilities always alert immediately, so the findings most likely to be attacked never wait for the next digest. You can also set a severity threshold so that any vulnerability at or above the score you pick bypasses the digest and alerts right away, giving you a fast lane for your most serious findings while everything else rolls up into the digest.

warning

If a webhook endpoint is unreachable or returns an error, the notification is marked as failed and the platform event proceeds normally. Notification failures never block platform operations.

Webhook Payload Format

Custom webhook channels receive a JSON payload with the following structure:

{
"eventType": "deployment.emergencyHalt",
"timestamp": "2026-03-18T14:30:00.000Z",
"tenantId": "your-tenant-id",
"payload": {
"ringId": "ring-uuid",
"ringName": "Production Ring",
"phase": "Canary",
"reason": "Failure threshold exceeded",
"failureCount": 3,
"failureRate": 0.15
}
}

The request includes an X-Signature-256 header containing the HMAC-SHA256 signature of the request body. Verify this against your signing secret to confirm the payload originated from TridentStack Control.