Alerts where your team already responds.

Route alerts to specific channels by severity. CRITICAL threats page the #sec-ops channel; HIGH alerts go to #platform-alerts. Includes container ID, process tree, and one-click isolation link.

Maps Kubesentry severity levels to PagerDuty urgency. CRITICAL alerts trigger P1 incidents immediately; HIGH triggers P2. Supports escalation policies and on-call schedules.

Full alert routing to OpsGenie with responder assignment, alert priority mapping, and automatic incident deduplication when the same threat fires across multiple nodes.

Forwards alert events via Splunk HEC (HTTP Event Collector) in JSON format. Field mapping matches Splunk CIM security model for out-of-the-box correlation rules.

Pushes events to Elasticsearch via the Elastic ingest pipeline. Alert documents include all ECS (Elastic Common Schema) fields required for Kibana Security dashboards.

Integrates with Datadog Security Signals via API. Enriches existing Datadog APM and infrastructure data with Kubesentry runtime threat context.

Policy-as-code CI integration. Lint and validate Kubesentry YAML policies in pull requests. Block merges when policies contain syntax errors or logic conflicts.

Import existing Falco YAML rules directly into Kubesentry using ks import-falco rules.yaml. All standard Falco rule fields supported. Kubesentry adds action and routing extensions.

Official Helm chart for DaemonSet deployment. Supports values override for resource limits, namespace targeting, tolerations, and image registry configuration.

Every Kubesentry alert can be forwarded to any HTTP endpoint as a JSON webhook. The REST API provides programmatic access to alert history, policy management, and baseline control. OpenAPI spec available in the docs.