Skip to content

Monitoring — Overview

Monitoring is automation of detection services. Instead of manually triggering scans and checking results, you configure schedules and get notifications only when something is found.

Continuous monitoring concept

Security isn't a "one-off quarterly audit." It's a continuous process:

  1. Continuous scanning — new leaks appear daily. Rare scans = missed incidents.
  2. Real-time notifications — response speed is critical. A Pastebin dump lives only hours before search-engine indexing.
  3. Closed-loop — every finding has a lifecycle: new → acknowledged → resolved. The platform tracks MTTR (Mean Time To Resolve).

Components of monitoring

Component What it does Details
Scan schedules When and how often to run each detection service Schedules
Notifications Where to send alerts (email, webhook) Notifications
Rules Which findings trigger notifications (by severity, tags) Notifications
Audit log Who acted on findings and when Settings section

A baseline strategy for a typical company:

Service Frequency Alert severity
HIBP Daily High+
Pastebin Hourly Medium+
GitHub Hourly High+
GitLab Hourly High+
Ransomware Every 6h Critical (always)

You can add a second notification channel — e.g., a Slack webhook for non-critical and email only for critical — so you don't drown your inbox.

Quiet hours

If you have working hours (e.g., Mon-Fri 9-18), you can configure:

  • Critical — always delivered immediately.
  • High/Medium/Low — batched and delivered during working hours.

Settings — Settings → Notifications → Quiet hours.

What's next