Plain-text + HTML. Per-user opt-in on alerting categories.
Integrations directory
Email
Where SecurityAlert.ai plugs in.
Inbound alerting (we push), outbound feeds (you pull), developer tooling, and identity. If your stack is on this page, integration is one URL away. If it is not, ping support@securityalert.ai — we ship to documented webhooks against most things in a couple of days.
Inbound (real-time alerting)
Where we push when something fires. Configured per brand on the dashboard. SMS quotas vary by plan.
Slack
Webhook integration. One-click test from the brand-detail Settings drawer.
Microsoft Teams
Webhook integration via Power Automate or direct Teams webhook URL.
Discord
Webhook integration. Suitable for community-run security teams and homelabs.
Google Chat
Webhook integration via Google Workspace incoming-webhook URL.
PagerDuty
Events API v2. Service key per integration. Auto-resolves when a finding is dismissed.
Opsgenie
Heartbeat + alert-create via the API. Team-scoped.
Jira
Auto-creates an issue per critical/high finding. Project + issue type configurable.
SMS
100/mo on Business, 500/mo on Enterprise. Twilio-backed; phone numbers verified per recipient.
Generic webhook
HMAC-signed POST per finding. Schema documented in the API reference.
Outbound (SIEM, TIP, threat-intel feeds)
Pull SecurityAlert.ai data into your SIEM, TIP, or analyst workflow. All endpoints support Bearer-token auth.
REST API v1
Findings, scans, lookup. OpenAPI 3.1 spec at /api/openapi.json. Swagger UI at /api/docs. 120 req/min/key.
STIX 2.1
Per-scan STIX bundle export at /api/public/url-scan/export?format=stix. SDO + SCO output.
MISP Event
Per-scan MISP-compatible Event export at /api/public/url-scan/export?format=misp. Drop-in for any MISP instance.
TAXII 2.1
Discovery + collections at /taxii2/. Ransomware-victim feed and KEV CVE feed published as collections.
IOC list (flat JSON)
Per-scan flat IOC export at /api/public/url-scan/export?format=iocs. URLs, domains, IPs, hashes, certificates.
RSS — release notes
Subscribe to our changelog at /changelog.rss. Featured rocks emit as separate items.
RSS — ransomware
Live ransomware leak-site posts at /ransomware.rss. 30-min cache, last 100 victims.
Developer + automation
Hooks for engineers wiring SecurityAlert into deploy gates, Slack bots, or custom dashboards.
Public REST API
Bearer-token auth, per-key rate limit, OpenAPI 3.1. Mint keys at /settings#api-keys.
Custom YARA rules
Upload your own detection rules; they apply during URL scans alongside our 32 public-source rules. Editor at /yara-rules.
TI Search DSL
Structured field search (kit:, country:, verdict:, score:, asn:, brand:) over the public scan archive. Live at /tools/ti-search.
Universal lookup
Type-to-jump indicator router (CVE, IP, hash, domain, ASN, threat actor, ransomware group). Cmd+K from anywhere.
Public scorecard
Opt-in shareable URL per brand at /scorecard/<slug>. Letter grade + sub-scores + Open FAIR $-loss.
Identity + access
How users authenticate and what they can do once they are in.
Auth0
Standard email + Google + GitHub OIDC sign-in. App Marketplace IdPs supported per the Auth0 connection list.
Role-based access (RBAC)
11 product categories, none/view/manage levels per category, 5 built-in role presets, custom permission blocks per user. /security/rbac for the canonical reference.
API keys
Per-user, scoped, rate-limited. Auth0 app_metadata block inheritance.
SSO (SAML/OIDC)
Federated identity at the org level. Q3 2026 roadmap; Auth0 connection-level SSO available today via support@securityalert.ai.
Audit logs
Mutating actions (brand changes, takedown submissions, role changes, integration edits) emit audit events.
Need an integration we do not list?
Most webhook-based integrations ship in 1-3 days when the destination accepts a JSON POST with HMAC verification. SAML/OIDC SSO at the org level lands in Q3 2026; if your procurement requires it before then, talk to us about a custom Auth0 connection.
Request an integration