Docs/Security Intelligence/Instant Alerts

Instant Alerts

Get notified immediately when security events require your attention.

Alert Types

SecZim can notify you about various security events:

  • Threat Detected: Malicious email blocked
  • Quota Exceeded: User hit sending limits
  • Anomaly Detected: Unusual sending pattern
  • Auto-Blacklist: IP automatically blocked
  • Authentication Failed: Multiple failed login attempts
  • Service Status: Service started/stopped

Configure Alerts

Go to Settings → Alerts to configure:

  1. Select which events trigger alerts
  2. Choose notification channels (email, webhook)
  3. Set severity thresholds
  4. Configure quiet hours (optional)

Email Notifications

Set up email alerts:

  1. Enter recipient email addresses
  2. Configure SMTP settings (or use default)
  3. Select alert types to receive
  4. Test the configuration
Tip

Create a dedicated email alias for alerts (e.g., alerts@company.com) and distribute to your security team.

Webhook Integration

Send alerts to external systems via webhook:

POST https://your-system.com/webhook Content-Type: application/json { "type": "threat_detected", "severity": "high", "message": "Malicious email blocked from 192.168.1.100", "timestamp": "2024-01-15T10:30:00Z", "details": { "sender": "attacker@malicious.com", "recipient": "user@company.com", "client_ip": "192.168.1.100", "action": "REJECT" } }

Alert Severity

  • Critical: Immediate action required
  • High: Should investigate soon
  • Medium: Monitor situation
  • Low: Informational

Quiet Hours

Suppress non-critical alerts during off-hours:

  • Set quiet hours schedule
  • Critical alerts still send immediately
  • Lower severity alerts are batched and sent after quiet hours
Important

Critical security alerts are never suppressed, even during quiet hours.

View Alert History

See past alerts in Dashboard → Alerts. Filter by type, severity, or date range.