Monitoring — Overview¶
Monitoring is automation of detection services. Instead of manually triggering scans and checking results, you configure schedules and get notifications only when something is found.
Continuous monitoring concept¶
Security isn't a "one-off quarterly audit." It's a continuous process:
- Continuous scanning — new leaks appear daily. Rare scans = missed incidents.
- Real-time notifications — response speed is critical. A Pastebin dump lives only hours before search-engine indexing.
- Closed-loop — every finding has a lifecycle: new → acknowledged → resolved. The platform tracks
MTTR(Mean Time To Resolve).
Components of monitoring¶
| Component | What it does | Details |
|---|---|---|
| Scan schedules | When and how often to run each detection service | Schedules |
| Notifications | Where to send alerts (email, webhook) | Notifications |
| Rules | Which findings trigger notifications (by severity, tags) | Notifications |
| Audit log | Who acted on findings and when | Settings section |
Recommended configuration¶
A baseline strategy for a typical company:
| Service | Frequency | Alert severity |
|---|---|---|
| HIBP | Daily | High+ |
| Pastebin | Hourly | Medium+ |
| GitHub | Hourly | High+ |
| GitLab | Hourly | High+ |
| Ransomware | Every 6h | Critical (always) |
You can add a second notification channel — e.g., a Slack webhook for non-critical and email only for critical — so you don't drown your inbox.
Quiet hours¶
If you have working hours (e.g., Mon-Fri 9-18), you can configure:
- Critical — always delivered immediately.
- High/Medium/Low — batched and delivered during working hours.
Settings — Settings → Notifications → Quiet hours.
What's next¶
- Scan schedules — creating and configuring.
- Notifications — channels and rules.