Skip to main content
Trident detects issues continuously — through the runtime firewall, red-team evaluations, and cloud configuration scans — but a finding is only actionable if the right person sees it at the right time. The Slack and PagerDuty integrations let you route Signal threshold alerts and critical findings directly to your team’s communication and on-call tools, so you never have to poll the dashboard to know when something needs attention.

Slack

Connect Slack

1

Open the Slack integration settings

In the Trident dashboard, navigate to Settings → Integrations → Slack and click Connect.
2

Authorize Trident in your Slack workspace

Slack will redirect you to the OAuth authorization page. Sign in to the workspace where you want to receive alerts and click Allow. You must have permission to install apps in your Slack workspace.
3

Choose a default channel

After authorization, select the Slack channel where Trident should post alerts by default. You can use an existing channel (for example, #security-alerts) or create a new one before completing this step.
4

Configure per-Signal channel overrides (optional)

If you want different Signals to post to different channels — for example, routing LLM cost alerts to #finops and critical findings to #security-incidents — open each Signal’s settings and set a Channel override under the alert destination section.

What triggers a Slack alert

Trident posts a Slack message when any of the following events occur:
  • A Signal threshold is breached (for example, error rate exceeds 5% over 15 minutes)
  • A new Critical or High finding is opened by the firewall, a red-team eval, or a cloud scan
  • Firewall blocks exceed a rate threshold you configure on the Signal

Slack message format

Each alert message includes:
  • Finding or Signal name and severity badge
  • The affected agent or resource
  • A timestamp and the triggering value (for Signals)
  • A deep link directly to the finding or Signal in the Trident dashboard

PagerDuty

Connect PagerDuty

1

Open the PagerDuty integration settings

In the Trident dashboard, navigate to Settings → Integrations → PagerDuty and click Connect.
2

Paste your Events API v2 integration key

In PagerDuty, go to Services → Service Directory → (your service) → Integrations → Add Integration, select Events API v2, and copy the integration key. Paste it into the Integration Key field in the Trident dashboard.
3

Set the minimum severity for escalation

Choose the minimum finding or Signal severity that should create a PagerDuty incident. The default is Critical. Alerts below this threshold are sent to Slack only (if connected) and do not page on-call.

Alert deduplication

Trident groups repeated alerts by finding incident ID. If the same finding fires multiple Signal checks in a short window, Trident updates the existing PagerDuty incident rather than creating a new one, keeping your on-call queue clean.
Use Signals to fine-tune exactly which conditions escalate to PagerDuty. Not every new finding warrants waking someone up — reserve PagerDuty pages for conditions like new_findings on Critical severity or error_rate above a meaningful threshold, and let lower-severity alerts flow to Slack.