Notifications
A notification is the automation that runs when a detection produces a new result. Notifications are template-driven: each template defines the type of automation (email, Slack message, custom webhook, …) and the parameters it needs.
Creating a notification
Go to the Notifications page and click Create new notification. The button is hidden if you have already reached the active-notification quota of your subscription — deactivate an existing notification to free up a slot.
Pick a template first. The form then renders the fields required by that template (for example, an email recipient or a webhook URL). You can return to the notification later to change its values.
Notification fields
| Field | Description |
|---|---|
| Name | How the notification is referenced when assigning it to a detection. |
| Template | The kind of automation. Selecting a template reveals the template-specific parameters below. |
| Description | Optional free-text notes. |
| Active | Toggle the notification on or off. Only active notifications count against the subscription quota. |
| Shared | If set and you belong to an organization, other members can attach the notification to their detections. |
| Periodicity | Minimum number of minutes between two consecutive runs of the same notification. Use this to avoid notification storms when a detection produces many results in a short time. |
| Dedup by domain | When enabled, the notification fires at most once per domain — repeat matches on the same domain are suppressed. Enabled by default. |
| Last triggered | Read-only timestamp of the most recent run. |
Available templates
Templates are managed centrally and may be added over time. The two templates available to every account today are:
Email notification
Sends an email to a configured recipient containing the new detection results in JSON. The body includes the detection name and one record per matched domain with its enriched DNS / WHOIS / certificate / HTTP metadata.
| Parameter | Description |
|---|---|
| Recipient | The email address that should receive the notification. |
Slack webhook
Posts a message to a Slack channel using an incoming webhook URL. Each new detection result is rendered as a Slack message linking back to Shadowspotter for full context.
| Parameter | Description |
|---|---|
| Webhook URL | The Slack incoming webhook URL — generate one in Slack under Apps → Incoming Webhooks. |
Linking notifications to detections
On a detection's form, the Notification dropdown lists every active notification you own plus any active notification shared inside your organization. Picking one wires the notification up so that every new detection result triggers it (within the limits of periodicity and dedup by domain).