Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Alert Policies

An alert policy is a rule that determines when and where Odin Scan sends notifications. Each policy connects a severity threshold to a delivery channel: “when findings at this severity or above appear, notify via this channel.”

Creating an Alert Policy

  1. In the Odin Scan dashboard, navigate to Alerts > Policies.
  2. Click New Policy.
  3. Enter a descriptive name (e.g., “Critical to Slack” or “All findings to email”).
  4. Select the minimum severity threshold.
  5. Select the channel to deliver notifications to.
  6. Click Save.

The policy takes effect immediately. The next time an analysis completes with findings matching the threshold, a notification is sent to the selected channel.

Severity Thresholds

The minimum severity setting controls which findings trigger the policy. A policy triggers when an analysis produces at least one finding at or above the configured severity level.

Minimum SeverityTriggers On
CriticalOnly critical findings
HighCritical or high findings
MediumCritical, high, or medium findings
LowCritical, high, medium, or low findings
InformationalAny findings at all

For example, a policy set to High triggers when an analysis contains at least one Critical or High finding, but does not trigger for analyses that only have Medium, Low, or Informational findings.

Using Multiple Policies

You can create multiple alert policies to route different severity levels to different channels. Common configurations include:

  • Critical findings to Slack, all findings to email – a policy with minimum severity Critical targeting a Slack channel ensures immediate visibility for urgent issues, while a second policy with minimum severity Informational targeting an email channel provides a complete record.
  • Separate channels per team – a policy targeting the backend team’s Slack channel and another targeting the smart contract team’s channel, both at the same severity threshold.
  • Escalation tiers – a Medium threshold policy to an email channel for routine review, plus a Critical threshold policy to a Slack channel for rapid response.

Each policy is evaluated independently. If an analysis triggers multiple policies, multiple notifications are sent (one per matching policy).

Enabling and Disabling Policies

From the Alerts > Policies view, you can toggle a policy on or off:

  • Enabled – the policy is active and evaluated after every analysis.
  • Disabled – the policy is skipped during evaluation. No notifications are sent through this policy until it is re-enabled.

Disabling a policy is useful for temporarily pausing notifications without losing the configuration.

Editing and Deleting Policies

  • Edit – update the policy name, severity threshold, or target channel at any time. Changes take effect for the next analysis.
  • Delete – permanently remove a policy. This does not affect notifications that have already been sent.

Next Steps

  • Channels – configure Slack and email delivery destinations
  • Notification History – monitor whether notifications are being delivered successfully
  • Overview – return to the notifications overview