Workflows are part of the Mjolnir Business tier and enterprise plans. Visit Billing if Workflows aren’t visible in your sidebar.
Events
Every workflow starts with an event trigger:| Event | Fires when |
|---|---|
| New Finding | A finding is created (by Mjolnir, manual triage, Watchdog, or import) |
| New Asset Discovered | A new domain, subdomain or IP is added to your attack surface |
| New Report | A pentest report revision is delivered |
Conditions
Conditions let you filter which events actually trigger the workflow. Each condition compares a variable (e.g. severity CVSS, asset type) against a value using one of five operators:| Operator | Behaviour |
|---|---|
| Equals | Exact match: the variable must equal the specified value |
| Includes | The variable contains the specified value (useful for arrays or partial matches) |
| Not Includes | The variable does not contain the specified value |
| Greater Than | The variable is greater than the specified value |
| Less Than | The variable is less than the specified value |
required or not required. If a required condition fails, the whole workflow fails. Non-required conditions don’t fail the workflow as long as another condition passes.
A workflow must have at least one condition.
Variables
Variables are matched against the specified value to filter which events trigger an action.| Variable | Description | Available for |
|---|---|---|
| Severity Label | The finding’s severity rating: Low, Medium, High, or Critical | New Finding |
| Severity CVSS | CVSS base score from 0.1 to 10 | New Finding |
| Content Title | The finding title from the latest revision (substring match) | New Finding |
| Affected Assets | Matches if any affected asset’s display name contains the value | New Finding |
| Type | The asset type: Subdomain, Domain, or IP | New Asset Discovered |
| Response Time | HTTP response time in milliseconds from the latest recon scan | New Asset Discovered |
| Status Code | HTTP status code (100–599) from the latest recon scan | New Asset Discovered |
| Root Domain | The root domain the asset belongs to (not applicable for IP assets) | New Asset Discovered |
New Report events do not use variables or conditions. The workflow fires automatically whenever a report is delivered.
Actions
When an event passes your conditions, one or more actions execute.Webhook
Send an HTTP POST to an external URL. Three presets are available:- Slack: sends a formatted message to a Slack incoming webhook
- Discord: sends a formatted message to a Discord webhook
- Custom: sends a JSON payload to any URL you specify
{{variable}} template syntax is available in all three fields.
Creating a workflow
Add a condition (optional)
Drag a condition node onto the canvas and configure the variable path, operator, and value.
Configure the action
Fill in the webhook URL or email details, using
{{variable}} placeholders where needed.Managing workflows
From the Workflows page you can:- Enable / disable: toggle a workflow on or off without deleting it
- Rename: click the workflow name to edit it
- Delete: remove a workflow permanently
- Execution count: see how many times a workflow has fired