By default, monitoring sends alerts to the email address on your subscription. Each alert is a self-contained, actionable record.
What each alert contains
- The source where the exposure was found.
- What was exposed (truncated for safety — full data on the dashboard).
- When the exposure first appeared.
- A one-click action link to mark the finding in your dashboard.
Other delivery channels
You can also configure Slack, Microsoft Teams, or SIEM webhooks from your audit dashboard. See Configure outbound webhooks.
How quickly alerts fire
Most sources are checked every few hours. Some high-priority sources (ransomware leak feeds) are checked more frequently. There is no published latency target — this is best-effort intelligence, not an emergency response service.