Events
Every workflow starts with an event trigger:| Event | Fires when |
|---|---|
| New Finding | A finding is created (by Mjolnir, black-box testing, or manual triage) |
| New Asset Discovered | A new domain, subdomain, IP, or URL is added to your attack surface |
| New Report | A pentest report or findings summary is generated |
Conditions
Conditions let you filter which events actually trigger the workflow. Each condition compares a variable path (e.g.severity.cvss, asset.type) against a value using one of three operators:
| Operator | Behaviour |
|---|---|
| Equals | Exact match — the variable must equal the specified value |
| Includes | The variable contains the specified value (useful for arrays or partial matches) |
| Not Includes | The variable does not contain the specified value |
Actions
When an event passes your conditions, one or more actions execute.Webhook
Send an HTTP POST to an external URL. Three presets are available:- Slack — sends a formatted message to a Slack incoming webhook
- Discord — sends a formatted message to a Discord webhook
- Custom — sends a JSON payload to any URL you specify
{{variable}} template syntax in your message body to include dynamic data from the event. For example, {{finding.title}} inserts the finding’s title.
{{variable}} template syntax is available in all three fields.
Creating a workflow
Add a condition (optional)
Drag a condition node onto the canvas and configure the variable path, operator, and value.
Configure the action
Fill in the webhook URL or email details, using
{{variable}} placeholders where needed.Managing workflows
From the Workflows page you can:- Enable / disable — toggle a workflow on or off without deleting it
- Rename — click the workflow name to edit it
- Delete — remove a workflow permanently
- Execution count — see how many times a workflow has fired