Integrations
Noxen fires scan-completion alerts into whatever stack you already run — chat for the humans, SIEM for the search-and-correlate side. Pick a destination, paste the webhook URL, set a severity threshold, and the next nightly scan starts delivering.
Chat destinations
- Slack — Block Kit message with severity-coloured header, finding counts, and a top-5 critical/high list. Standard Incoming Webhook URL.
- Discord — Embed with severity-coded
color, finding counts, and top findings. Channel webhook URL from server settings. - Microsoft Teams —
MessageCardwith fact list and top findings. Note: Office 365 Connectors are sunsetting; Workflows / Power Automate is the modern path.
SIEM destinations
- Wazuh — NDJSON export, ingested by the Wazuh agent's
logcollector. Cross-correlate Noxen CVE findings with Wazuh HIDS alerts on the same host. - Splunk — NDJSON via HEC or file monitor. Index Noxen findings, search by severity / host / CVE, build dashboards.
- ELK and Loki — same NDJSON exporter. Point Filebeat / Fluent Bit / Promtail at the output directory. One JSON document per LF-delimited line; no schema reconciliation needed.
Generic webhook
Any URL that isn't recognised as Slack / Discord / Teams receives
the raw WebhookPayload as JSON. That covers n8n, Zapier,
Make, your own internal alert router, an AWS Lambda function URL,
or a custom /webhook endpoint on a homelab service.
Fields are stable: host, scanned_at, severity counts, new CVE delta,
and a top-findings array.
SIEM export format
All SIEM destinations consume the same NDJSON output from Noxen's
SIEMExporter — JSON Lines, LF-delimited, one document
per line. Records cover CVE findings, open ports, TLS audit results,
HTTP header audits, and exposed admin surfaces. Optional global
tags (env, region, tenant)
apply to every record for downstream filtering.
Entitlements
Webhooks and SIEM export are paid features. Free and one-time Noxen 1.x licenses don't include them — they unlock at Live Feed ($19/month) for webhooks, and MSP ($149/month) for SIEM export. See pricing for the full tier breakdown, or the MSP page if you're managing multiple client fleets.