Skip to content

Email & Webhooks

SentriKat sends alerts when new vulnerabilities match your product inventory. Configure email notifications, webhook integrations, and escalation policies to keep your team informed.

PRO Feature

Email alerts and webhook integrations require a PRO license. DEMO users can view vulnerability matches in the dashboard but do not receive automated notifications.

Email Alerts

SMTP Configuration

Configure SMTP via environment variables in your .env file:

SMTP_HOST=smtp.example.com
SMTP_PORT=587
[email protected]
SMTP_PASSWORD=your-app-password
SMTP_USE_TLS=true
[email protected]
SMTP_FROM_NAME=SentriKat

Restart after changes:

docker compose restart sentrikat

See Configuration for the full list of SMTP variables.

Testing Email

Verify your SMTP setup:

docker compose exec sentrikat flask smtp test --to [email protected]

Or from the admin panel: Admin > Settings > Notifications > Send Test Email.

Alert Types

Alert Trigger Default
New KEV Match A new KEV entry matches one of your products Enabled
Due Date Approaching Remediation deadline within 7 days Enabled
Due Date Overdue Remediation deadline has passed Enabled
Ransomware Association KEV entry flagged as ransomware-linked Enabled
Vendor Advisory New vendor advisory matched (PRO) Disabled
Agent Offline Agent has not checked in for 72+ hours Disabled

Alert Rules

Create custom alert rules in Admin > Notifications > Alert Rules:

  1. Click Add Rule
  2. Configure conditions:
  3. Priority: Critical, High, Medium, Low
  4. Organization: Specific org or all
  5. Product criticality: Minimum criticality level (1-5)
  6. Ransomware only: Only alert on ransomware-linked CVEs
  7. Set recipients:
  8. Specific email addresses
  9. All org admins
  10. All org members
  11. Click Save

Tip

Create a "Critical Only" rule that sends to your SOC team, and a broader "High+" rule for weekly digests to management.

Email Digest

Instead of individual emails per vulnerability, configure a daily or weekly digest:

  1. Go to Admin > Notifications > Digest Settings
  2. Choose frequency: Daily or Weekly
  3. Set delivery time (UTC)
  4. Select included organizations
  5. Click Save

Webhooks

SentriKat can send real-time notifications to external services via webhooks.

Creating a Webhook

  1. Go to Admin > Notifications > Webhooks
  2. Click Add Webhook
  3. Configure:
  4. Name: Descriptive label
  5. URL: Endpoint to receive events
  6. Events: Select which events trigger the webhook
  7. Secret: Optional HMAC signing key for payload verification
  8. Click Save

Platform-Specific Setup

  1. In Slack, go to Apps > Incoming Webhooks
  2. Create a new webhook and select a channel
  3. Copy the webhook URL
  4. In SentriKat, create a webhook with the Slack URL
  5. Set Format to Slack

Example payload SentriKat sends: 

{
  "text": "New KEV Match: CVE-2024-1234",
  "blocks": [
    {
      "type": "section",
      "text": {
        "type": "mrkdwn",
        "text": "*CVE-2024-1234* - Microsoft Windows Privilege Escalation\n*Priority*: Critical | *Due*: 2024-02-15 | *Ransomware*: Yes"
      }
    }
  ]
}

  1. In Teams, add an Incoming Webhook connector to your channel
  2. Copy the webhook URL
  3. In SentriKat, create a webhook with the Teams URL
  4. Set Format to Teams

SentriKat sends Adaptive Card payloads compatible with Teams.

  1. In Discord, go to Server Settings > Integrations > Webhooks
  2. Create a new webhook and copy the URL
  3. In SentriKat, create a webhook with the Discord URL
  4. Set Format to Discord

For custom integrations, use the generic JSON format:

{
  "event": "vulnerability.matched",
  "timestamp": "2024-12-01T12:00:00Z",
  "data": {
    "cve_id": "CVE-2024-1234",
    "vendor": "Microsoft",
    "product": "Windows Server",
    "priority": "critical",
    "due_date": "2024-02-15",
    "ransomware": true,
    "organization": "ACME Corp"
  }
}

Webhook Events

Event Description
vulnerability.matched New KEV entry matches a product
vulnerability.due_soon Remediation deadline within 7 days
vulnerability.overdue Remediation deadline passed
vulnerability.acknowledged Vulnerability marked as resolved
agent.offline Agent missed check-in window
sync.completed KEV sync finished
sync.failed KEV sync encountered an error

Webhook Security

When a secret is configured, SentriKat signs each payload with HMAC-SHA256:

X-SentriKat-Signature: sha256=abc123...

Verify the signature on the receiving end:

import hmac, hashlib

def verify_signature(payload, signature, secret):
    expected = "sha256=" + hmac.new(
        secret.encode(), payload, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, signature)

Escalation Policies

Define escalation chains for unacknowledged critical vulnerabilities:

  1. Go to Admin > Notifications > Escalation Policies
  2. Click Add Policy
  3. Define escalation tiers:
  4. Tier 1 (immediate): Notify assigned team via email + Slack
  5. Tier 2 (after 24h): Notify org admin
  6. Tier 3 (after 72h): Notify super admin + all configured webhooks
  7. Click Save

Warning

Escalation policies only trigger for vulnerabilities with priority Critical or High. Lower-priority items follow standard alert rules.

Troubleshooting

Emails Not Sending

# Check SMTP connectivity
docker compose exec sentrikat flask smtp test --to [email protected]

# View mail-related logs
docker compose logs sentrikat | grep -i smtp

Webhook Failures

  1. Go to Admin > Notifications > Webhooks
  2. Click the webhook name
  3. Check the Delivery Log for status codes and error messages
  4. Use Redeliver to retry failed deliveries

Next Steps