Monitoring & Alerts
Features
Monitoring & Alerts
BoringSec automatically rescans your domains on a schedule and alerts you when security scores drop, new vulnerabilities appear, or SSL certificates are about to expire.
Monitoring frequency
Weekly
Pro Your domains are rescanned every 7 days. Email alerts on score drops and new critical issues.
Daily
Business Rescanned every 24 hours. Plus Slack integration and webhook callbacks for automated workflows.
Every 30 min
Enterprise Near real-time monitoring. Immediate alerts on any security regression. Custom alert rules.
Alert types
Score Drop
Triggered when a domain score drops by 10+ points between scans.
New Critical Issue
Immediately notified when a new CRITICAL severity vulnerability is detected.
New High Issue
Notified when a new HIGH severity finding appears.
SSL Expiry
Warning sent 30 days before your SSL certificate expires.
Domain Verified
Confirmation when domain ownership verification completes.
Score Improved
Positive notification when your security score increases.
Scan Failed
Alert if a scheduled scan fails (site down, timeout, etc.).
Notification channels
All paid plans Configure which alert types trigger emails. Setup: Dashboard → Alerts → Settings.
Slack
Care or Team+ Post scan results and alerts to a Slack channel automatically. Pro does not include this channel. Setup: Dashboard → Alerts → Slack Integration.
Webhooks
Care or Team+ Receive POST callbacks on scan events: SCAN_COMPLETED, SCORE_CHANGED, ISSUE_NEW_CRITICAL, SSL_EXPIRING. Pro does not include webhooks. Setup: API → POST /api/v1/webhooks.
Webhook events
Webhooks deliver a JSON payload to your URL when events occur. Each delivery is signed with HMAC for verification.
POST /api/v1/webhooks
{
"url": "https://your-app.com/webhook/boringsec",
"events": ["SCAN_COMPLETED", "ISSUE_NEW_CRITICAL"],
"secret": "auto-generated"
}SCAN_COMPLETEDBase report is ready; eligible verified-owner engines may still be running
SCORE_CHANGEDScore went up or down
ISSUE_NEW_CRITICALNew critical vulnerability found
SSL_EXPIRINGCertificate expires within 30 days
GET /api/v1/webhooks/{id}/deliveries.SCAN_COMPLETED payload means the base report is ready and has baseReportReady: true plus a durable data.links.status URL. Public and anonymous scans run base modules only. Nuclei, ZAP, and Medusa require a signed-in, non-anonymous scan of a domain owned by that user or team and marked VERIFIED. A requested engine without that authorization is authorization_required; a module not requested is not_requested. Eligible engines run independently in the background, so the base report stays available while they are queued, running, or retrying, and their results update the report when ready. A module failure does not retract the base report. Unknown is nonterminal. A second SCAN_COMPLETED callback is not promised for engine completion; poll the status link while deepScan.active=true.Setting up monitoring
- 1
Add a domain
Go to Domains and add the URL you want to monitor.
- 2
Verify ownership for background engines
Monitoring can publish applicable base results before verification. Nuclei, ZAP, and Medusa run only for a signed-in account on a domain it owns and has verified with a DNS TXT record or meta tag.
- 3
Configure alerts
Go to Alerts → Settings to choose which notifications you want.
- 4
Done — monitoring is automatic
Based on your plan (weekly/daily/30min), BoringSec rescans and alerts automatically.