Skip to main content
Recon44 can notify you in real time when something important happens — an attack is detected, a brute force attempt is blocked, or a vulnerability is found during a scan. Alert channels vary by plan: email is available on Pro and above, Telegram and SMS on Business and above. This guide walks you through configuring each channel.

Alert channels by plan

Pro and above

Email alerts for all security events. Configure up to 5 recipient addresses.

Business and above

Telegram and SMS alerts in addition to email. Ideal for on-call workflows.

Events that trigger alerts

You can choose which events send notifications. The available event types are:
  • Attack detected — a WAF rule matched an incoming request (read-only mode)
  • Attack blocked — a WAF rule matched and the request was blocked (active blocking mode)
  • IP blocked — an IP was added to your blocklist, either automatically or manually
  • Brute force detected — a suspicious number of authentication attempts was detected from a single source
  • Vulnerability found — a scan discovered a new vulnerability on your site
  • DDoS event — a volumetric attack is being mitigated at the edge
You can enable or disable individual event types per channel. For example, you might want email for all events but SMS only for brute force and DDoS.

Configure alert channels

Email alerts are available on Pro plans and above.
1

Go to Alert Settings

Navigate to Settings → Alerts in the dashboard.
2

Enable the Email channel

Under Email, click the toggle to enable it. The toggle turns green.
3

Add recipient addresses

Click Add email address and enter the address you want to receive alerts. Repeat to add up to 5 addresses.
4

Select event types

Under Notify me when, check the boxes for the event types you want to receive email alerts for. At minimum, enable Attack blocked and Vulnerability found.
5

Send a test alert

Click Send test email to confirm delivery. Check your inbox (and spam folder) for a message from alerts@recon44.com.
6

Save

Click Save changes. Alerts are active immediately.
If you use a shared security alias such as security@yourcompany.com, add that alongside individual addresses so alerts are not lost when team members change.

Manage alert preferences

You can update your alert settings at any time without affecting your protection. To temporarily pause all alerts — for example, during a planned maintenance window — go to Settings → Alerts and toggle Pause all alerts. Recon44 continues blocking attacks during the pause; you simply will not receive notifications. To disable a specific channel entirely, go to Settings → Alerts, find the channel, and click the toggle off. Your configuration (recipient addresses, phone numbers, bot credentials) is saved, so you can re-enable it later without re-entering details.
Check the following:
  • Confirm the channel toggle is enabled (green) under Settings → Alerts.
  • For email, check your spam folder and add alerts@recon44.com to your allowlist.
  • For Telegram, confirm your bot is not blocked and the Chat ID is correct. Use Send test message to verify.
  • For SMS, confirm your number is verified (a green check appears next to it).
  • Confirm the event type that should trigger the alert is checked in your Notify me when settings.
Yes. Email supports up to 5 addresses. For Telegram, add the bot to a group channel and use the group Chat ID. For SMS, you can add up to 3 phone numbers on Business and Scale plans.
Yes. On the Free plan, the WAF is read-only but you are not eligible for alerts. On Pro, you receive alerts for Attack detected events even before enabling active blocking. Upgrading to active blocking changes the event label to Attack blocked but does not change alert eligibility.