Alerts & Notifications
Notification channels are configured per organization by admins.
EntryGuard continuously verifies every cloud resource in your organization (every 30 min), reconciles IP rules against each provider (every 10 min), and tracks session apply/remove outcomes. When a resource transitions from healthy to unhealthy — or the other way — the platform can push an alert to the channels you configure.
What triggers an alert
Three event categories are watched:
| Category | Fires on |
|---|---|
VERIFY | Credential became invalid; provider API unreachable; resource deleted on the provider side. |
RECONCILE | EntryGuard couldn't compare the DB state to the provider (e.g. APISIX admin endpoint down, AWS API throttling). |
STALE_CIDRS | Reconciliation found a CIDR on the provider that isn't tracked in EntryGuard's DB (orphaned rule, stale session IP, manual edit, etc.). |
A "new failure" is emitted when the latest event in a category flips from healthy to unhealthy. A "newly resolved" is emitted on the reverse transition. Steady-state conditions (still failing, still healthy) produce no alert — the resource is already known. Use reminders if you want periodic pings about unresolved issues.
The 5-minute digest
Every 5 minutes, EntryGuard pulls all state transitions since the last run, groups them by organization, and sends one message per enabled channel with two sections:
- New failures (red)
- Newly resolved (green)
Even when a single credential outage takes 23 resources down at once, you get one email — not 23.
If no resources changed state in a given 5-min window, no message is sent.
Setting up channels
Navigate to Settings → Notification channels (admin only). Click Add channel and pick a type:
Email
Available on all plans. Any email address can be added — it doesn't have to belong to an EntryGuard user. Good targets: your ops-team shared inbox, PagerDuty's email integration, or a personal email for solo orgs.
Webhook
Paid plans. Any HTTPS URL. EntryGuard POSTs a JSON body like:
{
"event": "resource_health_digest",
"timestamp": "2026-04-23T12:34:56Z",
"organization": {
"id": "…",
"slug": "acme",
"name": "Acme Ltd"
},
"newFailures": [
{
"resourceId": "…",
"resourceName": "sg-prod-api",
"resourceType": "security_group",
"category": "VERIFY"
}
],
"newResolutions": []
}
Use this for Discord bots, n8n / Zapier / Make workflows, PagerDuty's Events API v2 (just paste in the integration URL), or your own internal tooling. Delivery is retried via the task queue on 4xx / 5xx / connection error.
Slack
Paid plans. Paste an incoming webhook URL from Slack (App Directory → Incoming Webhooks → add to a channel). EntryGuard formats the payload with Slack Block Kit — red header for failures, green for resolutions, monospace resource names — so it renders cleanly in-channel instead of as a raw JSON dump.
If you're already comfortable with Slack's JSON webhook format, you can also use channel type Webhook with a Slack URL — you'll get the generic payload instead. Slack is purely a formatting convenience.
Testing a channel
Once you've added a channel, click the paper-plane icon next to its enable toggle. EntryGuard fires a canned digest with two fake failures and one fake resolution straight to the channel's target. The button turns into a green check for three seconds on success. Testing is completely separate from the real alert pipeline — no real resource is marked as alerted and no state changes.
Use this to confirm:
- The email address / webhook URL is reachable.
- Slack renders the message the way you expect in the target channel.
- The receiving webhook can parse the payload shape (read the JSON from the received request).
Reminders
By default, you only hear about transitions. If you also want periodic pings for issues that are still unresolved, set a reminder interval on the channel:
Off(default)HourlyEvery 4 hoursDailyWeekly
A dedicated reminder job runs every 15 min and fires a "still failing" digest per channel when its interval has elapsed. Channel-scoped, so you can set the #ops-realtime Slack to Hourly and the weekly-review email to Weekly on the same organization.
Multiple channels
You can have up to 10 channels per organization. Every enabled channel receives every digest (and every reminder). Mix and match: e.g. an email for audit trail + a Slack webhook for live visibility + a PagerDuty webhook for out-of-hours paging.
Disabling without deleting
Toggle the switch next to a channel to pause it. State and config are retained; re-enable anytime. Useful for suppressing noise during planned maintenance.
What alerts do NOT cover (yet)
- Billing events (past-due, low balance) — handled by the billing flow itself, not the notification channels. Email the org's billing address directly. No Slack/webhook integration for billing yet.
- Session-level failures (a user's individual session couldn't apply to a specific resource) — only surfaces if it also produces a RECONCILE or STALE_CIDRS event during the next scheduled scan.
- Push notifications (mobile app) — out of scope; use UptimeRobot or similar on
https://app.entryguard.io/api/v1/healthfor on-phone availability alerts.
Troubleshooting
Got a channel but no emails ever arrive
Check that the channel toggle is on, the target email is correct, and send a test. If the test fires but never lands, the address is likely filtering EntryGuard as spam — add [email protected] to your safe-senders list.
Webhook receiver returning 4xx / 5xx
Check the task queue with an admin: failed webhook tasks retry with exponential backoff and eventually land in DEAD_LETTER after max retries. Fix the receiver and re-send from the test button to confirm.
Slack message arrives as plain text, not pretty blocks
You likely set the channel type to Webhook with a Slack URL. Change it to Slack to get the Block Kit payload.
A resource keeps showing up in "new failures" on every digest
Your state is being reset between digests — likely a resource is being created and destroyed (or renamed) within the window. Open an issue at [email protected] with the resource name.