Alert Routes
Configure routing for policy alerts to Slack, Jira, email, Coralogix, and Amazon S3.
Alert Routes define where policy alerts are sent when a condition is triggered. At least one route must be configured before creating policies.
Supported Destinations
| Destination | Use Case |
|---|---|
| Slack | Real-time alerting to security channels |
| Jira | Automatic ticket creation with policy context |
| Digest or immediate notifications | |
| Coralogix | SIEM/APM forwarding for correlation |
| Amazon S3 | Audit log archiving |
Creating an Alert Route
Navigate to Settings → Alert Routes → Add Route, select the destination type, and provide the required configuration:
- Slack: Webhook URL + optional channel override
- Jira: Base URL, project key, issue type, API token
- Email: SMTP server, from/to addresses
- Coralogix: API key + application name
- S3: Bucket name + IAM role ARN
Recommended Routing Matrix
| Severity | Recommended Route |
|---|---|
| critical | On-call Slack channel + P1 Jira ticket |
| high | #sec-ops Slack + P2 Jira ticket |
| medium | #sec-ops Slack + P3 Jira ticket |
| low | Daily email digest |
Create separate alert routes for different teams — one for the security team (Slack + Jira) and one for compliance (email digest). Assign routes per policy severity.