All integrations

Generic webhooks integration

Stream Tracelight events anywhere via webhooks.

Subscribe any HTTPS endpoint to the events you care about. Use it to feed your case-management system, your data warehouse, your alerting layer, your custom Zapier alternative.

What's in this integration

Subscribe any HTTPS URL to any subset of 7 events
Optional HMAC-SHA256 signing — payloads ship with X-Tracelight-Signature so you can verify origin
Per-webhook event subscription — narrow down to exactly what you need
SSRF guard at dispatch time — blocks RFC1918 + link-local + loopback at the resolved-IP level (not just at the URL parse layer)
Retried once on transient failure (5xx or network)

Setup

1
Dashboard → Integrations → New webhook → Kind: generic_json
2
Paste your endpoint URL
3
Pick events to subscribe to + optional HMAC secret
4
Test from Tracelight; check your endpoint logs for the test payload

Events you can subscribe to

case.createdcase.completedsubject.addedenrichment.completedalert.firedreport.generatedmonitor.match

See the full event payload schemas at /zapier + /docs.

Sample payload

{
  "event": "monitor.match",
  "workspace_id": "abc-123",
  "occurred_at": "2026-05-15T18:24:00.000Z",
  "data": {
    "monitor_id": "...",
    "subject_id": "...",
    "monitor_type": "email_breaches",
    "title": "New breach: ExampleCorp 2025-09",
    "severity": "high"
  }
}

Wire it up.

Sign up, head to Dashboard → Integrations, and turn this on in 60 seconds.

Start free trial Configure now

Other integrations

Native OAuth bot + /tracelight slash command + alert notifications routed to channels of your choice.

Wire Tracelight events into 6,000+ Zapier-connected apps. HMAC-signed webhooks make Zaps tamper-proof.

Channel webhook for alert digests + per-event notifications. SSRF-guarded outbound dispatch.

Microsoft Teams

Adaptive Card alerts in any Teams channel via incoming-webhook URL. Works with both classic O365 connectors and the new Workflows.

Pipe Tracelight events into a Notion database — auto-log every case, alert, or report into your team workspace.

Auto-create Linear issues for high-severity Tracelight alerts. Useful for teams running investigations like an engineering project.

Sync Tracelight cases + alerts into HubSpot CRM as deal records, contacts, or activity timeline entries.

Tracelight events → Salesforce Cases or custom objects via Flow Builder + the generic webhook integration.

Stream Tracelight audit events + alerts into Splunk via HEC. Useful for SOCs running Tracelight as one of many investigation feeds.

Tracelight alerts → Datadog events. Use Datadog's monitor language to set up follow-on alerting on Tracelight signals.

Auto-create Jira issues from high-severity Tracelight alerts. Useful for SOC + investigation teams running case management in Jira.

Stream Tracelight alerts into ServiceNow as incident records. For enterprise SOCs running ITSM-style alert workflows.

Auto-open GitHub issues from Tracelight alerts. Useful for security teams running incident response in Issues + Projects.

Auto-create Asana tasks from Tracelight alerts + cases. Useful for investigation teams running case management in Asana.

Tracelight events → ClickUp tasks. For teams running case management in ClickUp.

Tracelight events into Microsoft 365 — Outlook calendar holds for incidents, OneDrive report archival, Power Automate flows.

Tracelight events → Trello cards. For investigation teams running Kanban-style case management.

Auto-schedule investigator follow-up calls when high-severity alerts fire. Useful for client-facing PI shops.