---
title: "Notification"
slug: "int-notification"
description: "Learn how to configure notifications in Traceable to receive timely alerts for API security events. Set up custom rules, channels, and event-specific notifications for enhanced monitoring and threat management."
updated: 2026-03-02T05:21:09Z
published: 2026-03-02T05:21:09Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Notification

##### Updates (January 2026 to March 2026)

- *February 2026* — Updated the topic to add information about all the fields available in Traceable Notification. For more information, see [Create a Notification Rule](/v1/docs/int-notification#step-2-—-create-a-notification-rule).

Notifications play an essential role in application protection. Custom notifications also help you streamline the types of notifications you wish to receive and the frequency at which you would like to receive them. Some events also have severity levels associated with them, such as high, medium, or low. You can choose the severity of events for which you wish to be notified. For example, you can decide to be notified only for high and medium-severity events. Navigate to **Settings**(![traceable_icon_settings](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_icon_settings.png)) → **Configuration** → **Notifications** page to create custom notifications.

---

## What will you learn in this topic?

By the end of this topic, you will be able to learn:

- The steps to [create a custom notification](/v1/docs/int-notification#create-a-custom-notification).
- The list of categories and their respective [threat and event types](/v1/docs/int-notification#threat-and-event-types).

---

## Create a custom notification

Creating a custom notification is a two-step process.

1. [Create a channel](/v1/docs/int-notification#step-1-—-create-a-channel)
2. [Create a notification rule](/v1/docs/int-notification#step-2-—-create-a-notification-rule)

After creating a channel, you must create a notification rule to select the type of threats or events for which you wish to receive notifications. During this configuration, you must also select the channel you created for Traceable to distribute the notification.

### Step 1 — Create a Channel

A channel is a group of media or people you want to notify when a type of event is triggered. You can send notifications to one or more of the following channels:

- **Email Addresses** — Sends notifications directly to the specified email address(es), ensuring that users receive alerts in their inbox(es). You can send these alerts to one or more users by adding a comma-separated list of email addresses.
- **Slack Webhook** — Delivers notifications to Slack channels, enabling real-time collaboration and immediate visibility of events within team workflows. For information on creating a Slack webhook, see [Sending messages using Incoming Webhooks](https://api.slack.com/messaging/webhooks).
- **S3 Webhook** — Stores notification payloads in Amazon S3, allowing integration according to your requirements for further analysis or compliance. For more information, see [S3 Integration](https://docs.traceable.ai/docs/s3).

> [!NOTE]
> Note
> 
> When configuring an S3 Webhook, ensure that you configure the Audience in your S3 bucket. Contact Traceable's support at [support@traceable.ai](mailto:support@traceable.ai) to obtain the Audience value for configuration in AWS.

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/Traceable_Notification_create_channel_window.png)
- **Splunk Webhook** — Integrate with Splunk to forward notification data, which supports advanced log analysis and monitoring capabilities using its dashboard. For information on the Splunk webhook, see [Splunk documentation](https://docs.splunk.com/Observability/admin/notif-services/webhook.html).
- **Syslog Server**— Sends notifications to a Syslog server, enabling centralized logging and integration with traditional IT operational tools. For more information on the Syslog server, see the [Syslog documentation](/docs/syslog).
- **Custom Webhook** — Provides a customizable endpoint for delivering notifications, allowing integration with third-party systems or workflows according to your requirements.
- **HTTP Event Collector Webhook**— Once enabled, this sends a notification to the specified channel if any HTTP Event Collector events are triggered on Splunk. For more information, see [HTTP Event Collector (HEC) Integration](/docs/hec-integration).

On the **Settings**(![traceable_icon_settings](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_icon_settings.png)) → **Configuration** → **Notifications** page, click the **Create Channel** button, and provide the details to configure a channel. You can later edit or delete the channel. Once you have created a channel, the next step is to create a notification rule.

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/Traceable_notification_HEC_toggle enabled_create_channel_window.png)

HEC toggle enabled Create Channel

> [!NOTE]
> Note
> 
> You cannot delete a channel associated with a notification rule.

### Step 2 — Create a Notification Rule

A notification is sent through a channel for a specific category of events and a particular event type. To view all events sent through the channel, see the [Notification Types and Field Definition](https://docs.traceable.ai/docs/notification-event-types-and-field-definitions). To create a notification rule, click **+ Create Notification** and complete the following steps:

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_settings_notification_config.png)

Create Notification

1. Specify the notification **Name**.
2. Select a channel where you wish to receive the notification. You can change the channel to which you want to send the notification at any time post-creation. However, a notification can be sent to only one channel.
3. Select the **Category** to which the threat or event belongs.

> [!NOTE]
> Note
> 
> The availability of the fields below depends on the *Category* you select.
4. Select the **Environment(s)** you wish to receive the notification for.
5. Select the **Threat Types**/**Event Types** for which you wish to receive notifications. Each category has different threat types or event types. For more information on the availability, see [Threat and Event Types](/v1/docs/int-notification#threat-and-event-types).
6. Select the **Severity** of the notification.
7. Select the **Impact** of the threat or event types you wish to receive the notification for. For example, you may wish to receive notifications only for threat activities with a *High* impact score.
8. Select the **Confidence** of the threat or event types you wish to receive the notification for. For example, you may wish to receive notifications only for threat activities that have a Medium confidence level.
9. (Optional) Select the frequency of notification from one notification every hour to one notification in 24 hours.
10. Click **Save**.

---

## Threat and Event Types

The following tables list the different category and their corresponding threat types or event types.

| Category | Threat Type |
| --- | --- |
| **Logged threat activity** | Authorization Bypass - Object Level |
| Authorization Bypass - User Level |
| Content Size Anomaly |
| Content Type Anomaly |
| Cross-Site Scripting (XSS) |
| Custom Signature |
| Data Loss Prevention |
| Email Domain Malicious Sources |
| Enumeration |
| GraphQL Attacks |
| HTTP Protocol Attacks |
| Invalid Enumerations |
| IP Range Malicious Sources |
| IP Type Malicious Sources |
| Java Application Attacks |
| Local File Inclusion |
| Mass Assignment |
| Missing Field |
| NodeJS Injection |
| Rate Limiting |
| Region Malicious Sources |
| Remote Code Execution |
| Remote File Inclusion |
| Scanner Detection |
| Server Side Request Forgery (SSRF) Signatures |
| Session Fixation |
| SQL Injection |
| Type Anomaly |
| Value Out of Range |
| XML External Entity Injection (XXE) |
|  |  |
| **Blocked threat activity** | Cross-Site Scripting (XSS) |
| Custom Signature |
| Data Loss Prevention |
| Email Domain Malicious Sources |
| Enumeration |
| GraphQL Attacks |
| HTTP Protocol Attacks |
| In-Agent Vulnerable Library |
| IP Range Malicious Sources |
| IP Type Malicious Sources |
| Java Application Attacks |
| Local File Inclusion |
| NodeJS Injection |
| Rate Limiting |
| Region Malicious Sources |
| Remote Code Execution |
| Remote File Inclusion |
| Scanner Detection |
| Server Side Request Forgery (SSRF) Signatures |
| Session Fixation |
| SQL Injection |
| Threat Actor |
| XML External Entity Injection (XXE) |

| Category | Event type |
| --- | --- |
| **Threat actor status change** | Normal |
| Threat Actor |
| Resolved |
| Always Allowed |
| Always Denied |
| Suspended |
| Snoozed |
|  |  |
| **Threat actor severity state change** | Low |
| Medium |
| High |
| Critical |
|  |  |
| **Protection configuration change** | Signature-Based Blocking |
| Rate Limiting |
| Data Loss Prevention |
| Enumeration |
| Malicious Sources IP Range |
| Malicious Sources Region |
| Malicious Sources Email Domain |
| Malicious Sources IP Type |
| Custom Signature |
| Detection |
| Exclusions |
|  |  |
| **Team activity** | Create User |
| Update User |
| Delete User |
| Invite User |
| User Accept Invite |
| User Login |
| User Logout |
|  |  |
| **Threat scoring configuration change** | Anomalous Behavior Score Contribution |
| Severity Score Contribution |
| Threat Actor Score Contribution |
| Events Contribution |
| IP Reputation Score Contribution |
| Status Code Contribution |
| Threat Auto Blocking |

You can create notifications for any change made to the notification configurations.

| Category | Event Type | Event Category |
| --- | --- | --- |
| **API naming rule configuration change** | Create | — |
| Update |
| Delete |
| **API documentation configuration change** | Create | — |
| Update |
| Delete |
| **Exclude rule configuration change** | Create | — |
| Update |
| Delete |
| **Label configuration change** | Create | - Label application rule - Label rule |
| Update |
| Delete |
| **Risk scoring configuration change** | Update | — |
| **Posture event** | API Discovery | — |
| Risk Score Change |
| Sensitive Data Discovery |
| Sensitive Data Shared With Third Party |
| Service Discovery |
| Vulnerability Discovery |
| **Notification configuration change** | Create | - Channel - Rule |
| Update |
| Delete |
| **Data classification configuration change** | Create | - User attribution - Session Identification - Data set - Data type |
| Update |
| Delete |
| **Integration configuration change** | Create config | — |
| Update config |
| Delete config |

Additionally, you can create notifications for data collection activities to stay informed when an agent comes online or goes offline.

| Category | Agent activity type |
| --- | --- |
| **Data Collection Activity** | New agent deployed |
| No data in the environment |
| Agent status change |

The audience value is often represented as the "Audience" or "Client ID" parameter in the identity provider's configuration settings. It is typically a unique identifier specific to the AWS service or resource that expects to receive the authentication token. By using the audience value, the AWS service or resource can validate the authenticity and intended recipient of the authentication token, providing an additional layer of security for the authentication process.