Manage alerts
One of the most powerful features of Profundis is its ability to alert you when a new asset is discovered. You can create alert tasks based on one of multiple fields. This is a feature available to the paid plans users. Higher subscription plans allow you to create more alert tasks and to receive more alert events per second.
We continuously ingest data and process each host to check if it was already present in our dataset. The alerts are sent only for new hosts (not DNS) we didn't already have (we only evaluate the IP, host and port fields values to detect it was already known). You can run a hosts search to see if the data is already present in Profundis. Only the hosts are evaluated for alerts, not the DNS, vHosts or WHOIS.
Create an alert
To create an alert, make sure you are logged in and navigate to the alerting page. You have 2 ways to create alert tasks:
- Using the Classic mode - this is the easiest method for beginners. Fill up some fields and let us create the regexps automatically.
- Using the Advanced mode - you can create an alert from an example, or create it from scratch yourself. If you are not comfortable with regexps, validate it on regex101.
After creating an alert, a dedicated Profundis service will analyze it to make sure it doesn't consume too much resources. This usually takes less than 1 second. You can then enable the alert task.
The number of alerts you can receive every hour is limited and depends on your subscription plan. If your alert task matches too much data, it will be disabled automatically. if it happens, review your alert task and modify it to make it more precise or upgrade to a higher plan.
You can receive an unlimited number of alert notifications as long as you stay withing your subscription plan alerts rate (e.g. 400 per hour for the Premium plan). It means each alert notification your receive does NOT impact your quota.
Receive the alert results
You can integrate with the Profundis alerting system in many ways.
| Alerting methods | Description | Pros | Cons |
|---|---|---|---|
| Use Profundis servers (recommended) | Specify the alerting settings (e.g. webhook, SMTP credentials, etc) in the Profundis UI and let us notify you automatically. | Very easy to use. | You put sensitive information (e.g. SMTP credentials) in the Profundis UI. |
| Profundis alerting Docker image (recommended) | You deploy a Docker container which connects to the Profundis alerts SSE stream. | Your SMTP credentials, Discord webhooks stay on a machine you control and never goes on Profundis servers. You can use filters to send specific alerts via dedicated notification channels (e.g. send alerts which contain a specific value via the Discord webhook n°1, and the rest via the Discord webhook n°2). The alerts are automatically buffered to avoid being rate limited by the notification system you chose (e.g. Discord). The container automatically reconnects to Profundis SSE stream in case of network disruption. | You have to deploy a Docker container. |
| n8n SSE trigger node | Use the n8n SSE trigger node to receive Profundis alerts in your n8n workflow. | You can receive alerts in n8n and handle them as desired with a custom workflow. If you already use n8n the setup will be very quick and easy. | You have to use n8n. In some rare cases, it doesn't automatically reconnect to the SSE alerts stream (requires a restart) and causes the loss of some notifications. |
Miscellaneous
My regexp is pending validation
We perform various checks on your regexp to ensure it is not going to match too many documents or cause performances issues on our infrastructure. If we detect that your regexp may match too many assets / values, it will be refused. If it happens, edit your query to make it more precise. The regexp validations usually take a few seconds.
I don't receive any alert
You receive alerts only for assets which were NOT already present in Profundis hosts dataset (not DNS) and have just been discovered. Before creating an alert, run a hosts search to see if the data you are looking for is already here. Then, there could be a few reasons why you didn't receive any alert:
- The asset you are looking for has not yet been discovered by Profundis. Be patient.
- Your regexp is not matching the correct value / is incorrect. Validate it on regex101 to be sure it works.
- Don't forget you receive alerts for the hosts which were not already present in the hosts dataset, not the DNS one. We only evaluate the IP, host and port value to identify if an asset was already known.
- You alert was matching too much data and has been disabled automatically. Higher subscription plans can receive more alerts per hour.
- You didn't setup n8n or the Profundis alerting Docker image correctly.
Error: Active alerts limit reached
You may encounter this error when trying to enable an alert task because you reached the maximum number of active alerts for your subscription. If you are a free tier user, you cannot use the alerting feature. Please check our subscription plans.