Skip to main content
Alerts are user-facing notifications about findings that need attention. InfraAudit creates them automatically from drift detections, vulnerability scans, cost anomalies, and compliance failures. You can also create manual alerts when needed.

Alert types and sources

TypeGenerated from
SecurityDrifts (configuration and security types), critical/high vulnerabilities
CostCost anomalies and budget threshold breaches
ComplianceFailed controls during an assessment run
PerformanceResource utilization anomalies

Alert list

In the sidebar, click Alerts. The inbox shows all open alerts, newest first.
ColumnDescription
TitleShort description of what triggered the alert
TypeSecurity, cost, compliance, or performance
SeverityCritical, high, medium, or low
ResourceThe affected resource
CreatedTimestamp
StatusOpen, acknowledged, or resolved
Use the filter bar to narrow by type, severity, provider, or status.

Managing alerts

Acknowledge

Acknowledging an alert marks it as seen but leaves it open. It stays in the list until resolved — useful in on-call workflows where you want to signal “I’m looking at this” to teammates. Click Acknowledge in the alert row, or: 
infraudit alert acknowledge <alert-id>

Resolve

Resolving closes the alert. Do this once the underlying issue is fixed. If you resolve a drift alert, InfraAudit also prompts you to mark the underlying drift as resolved. 
infraudit alert resolve <alert-id>

Bulk actions

Select multiple alerts with the checkboxes and use the Bulk actions dropdown to acknowledge or resolve them all at once. This is useful for clearing a backlog after a maintenance window.

Notification channels

Alerts are delivered to channels you configure under Settings → Notifications:
Add your Slack webhook URL under Settings → Notifications → Slack (SaaS) or set SLACK_WEBHOOK_URL in .env (self-hosted). Then choose which alert types to route to each channel.You can configure multiple Slack channels for different severities — for example, #security-critical for critical alerts and #infra-alerts for everything else.

Alert routing rules

Routing rules let you target different channels for different severities or alert types. Configure them under Settings → Notifications → Routing. Examples:
  • Critical security alerts → #security-critical Slack channel
  • All cost anomalies → FinOps email list
  • All events → audit webhook endpoint

Alert history

Resolved alerts move to the History tab. History is retained for 90 days on Starter and Professional plans, and 1 year on Enterprise.

CLI reference

# List all open alerts
infraudit alert list

# Filter by severity
infraudit alert list --severity critical

# Acknowledge an alert
infraudit alert acknowledge <alert-id>

# Resolve an alert
infraudit alert resolve <alert-id>

# Output as JSON for scripting
infraudit alert list -o json | jq '.[].title'

Next steps

  • Remediation — act on security alerts by applying automated fixes
  • Drift detection — understand the drift findings that generate security alerts
  • Cost optimization — understand the anomalies that generate cost alerts