Discord integration

Noxen posts to a Discord channel via a channel webhook after every scheduled scan that produces findings above your configured severity threshold. Messages use Discord's embed format with a severity-coded colour stripe, the count breakdown, and the top five most severe findings.

What gets sent

Noxen detects Discord by URL (discord.com or the legacy discordapp.com) and posts an embed-shaped payload. The embed color is an integer encoding the severity (purple for critical, red for high, orange for medium, blue for low), which renders as a coloured stripe on the left of the message in the Discord client. A representative payload looks roughly like:

{
  "username": "Noxen",
  "embeds": [
    {
      "title": "🔥 Scan — db-01.prod.example",
      "description": "**1 critical** · 2 high · 3 medium · 1 low\n⚠️ 7 new CVE(s) since last scan\n\n• [CRITICAL] CVE-2024-6387 — openssh-server\n• [HIGH] CVE-2024-3094 — xz-utils\n• [HIGH] Grafana (exposed admin surface)",
      "color": 9109759,
      "timestamp": "2026-05-27T03:14:00Z"
    }
  ]
}

The color field is the decimal form of the hex severity colour (critical = 0x8B00FF, high = 0xFF3B30, medium = 0xFF9500, low = 0x007AFF). The timestamp is the scan completion time in ISO 8601, which Discord renders as a relative timestamp under the embed.

Setup

1. In Discord, open the target server: Server Settings → Integrations → Webhooks → New Webhook. Pick the channel, give it a name (e.g. noxen), and copy the webhook URL — it looks like https://discord.com/api/webhooks/.../....
2. In Noxen: Settings → Webhooks → Add. Paste the URL. Noxen auto-detects Discord from the host and switches to embed formatting.
3. Choose a severity threshold (see below). Hit Send test payload to confirm delivery. Save.

Severity thresholds

Each webhook has its own threshold so a #alerts-critical channel can stay quiet while a #alerts-all channel sees everything. Options are Critical only, Critical + High, Critical + High + Medium, or All findings. The webhook only fires when the scan produces at least one finding at or above the threshold.

When alerts fire

Alerts fire on scan completion, not in real time. Noxen runs scheduled scans (nightly by default) plus any manual or batch scans you trigger. If the scan produces findings above the threshold, the embed delivers within a few seconds. Noxen retries on 5xx and 429 responses with exponential backoff — Discord rate limits and transient outages won't drop your alerts.

What it doesn't do

• No two-way commands. Noxen is one-way posting — you can't react to an embed to mark a finding handled, and there's no slash command listener.
• No interactive bot. Noxen doesn't register as a bot user, doesn't read messages, and doesn't need a gateway connection. It's purely a webhook POST.
• No DM delivery. Channel webhooks only — there's no per-user direct-message path.
• No real-time CVE alerts. Coverage of a freshly-disclosed CVE is bounded by your scan schedule.

Discord webhooks unlock at the Live Feed tier ($19/month). See the integrations hub for other supported destinations, or the 30-minute homelab baseline post for a worked example of wiring Noxen into a small fleet.

See pricing →