Skip to main content
Alerting configuration
Receive real-time notifications when Garnet detects incidents. Configure GitHub PR comments, Slack notifications, or custom webhooks. Incidents are network connections that are blocked because they’re either known malicious (from Garnet’s blocklist) or anomalous.

Slack

To send alerts to a specific channel, create an Incoming Webhook in Slack:
  1. Create a new Slack app (from scratch) and select your workspace.
  2. In the app settings sidebar, select Incoming Webhooks and toggle it On.
  3. Click Add New Webhook to Workspace, select your target channel, and authorize.
  4. Copy the generated Webhook URL (starts with https://hooks.slack.com/...).
In Garnet:
  1. Go to Settings → Alerting.
  2. Click Add Endpoint and paste your Slack Webhook URL.
Slack security alert
Blocked connections post automatically to your channel with full incident details: destination, source, workflow, user, and alert ID.

GitHub PR Comments

Get in-line feedback during code reviews. When Garnet detects anomalous egress in your CI runs, it comments directly on the pull request with details about the suspicious connection.
Prerequisites:
  • Install the Garnet Platform App on your repositories.
  • Comments only appear for pull_request events.
GitHub PR comment showing incidents
Critical incidents are posted as PR comments with a table showing blocked domains, priority levels, and direct links to view full incident details.
GitHub PR comment showing no incidents
Successful scans display a green checkmark confirming no incidents were detected, giving your team confidence to merge.