NEXUS
Documentation menu

Docs · Using Nexus

Notification Hub

Wire the manager into the places your team already lives. The Notification Hub fans every qualifying alert out to one or more channels — Telegram, Email, Slack, Discord, a generic Webhook, or WhatsApp — with per-channel severity filtering.

Where
Manager — Fleet
Channels
Telegram · Email · Slack · Discord · Webhook · WhatsApp
Edition
All tiers
API
/notify · /notify/channel · /notify/test

What it does

Each channel is a small JSON config that you register with the manager. When an alert is raised at or above a channel's min_level (and matches its optional severities filter), the manager dispatches it automatically — no polling, no extra glue.

  • Telegram — a bot posts to a chat or group.
  • Email (SMTP) — send to one or more recipients over your own mail server.
  • Slack / Discord / Webhook — POST to an incoming-webhook URL.
  • WhatsApp — the Meta Cloud API (Business) for direct messaging.

Channel config

Every channel shares the same envelope and adds a handful of type-specific fields. Common keys:type, name, enabled, optional min_level (severity threshold, default 12) and an optional severities filter.

  • telegrambot_token, chat_id
  • emailsmtp_host, smtp_port, username, password, use_tls, from_addr, to_addrs
  • slack / discord / webhookurl
  • whatsapptoken, phone_id, to
channel.json — a Telegram channel
{
  "type": "telegram",
  "name": "soc-oncall",
  "enabled": true,
  "min_level": 12,
  "bot_token": "123456789:AA...your-bot-token",
  "chat_id": "-1001234567890"
}

How to use it

1
Register a channel
Save the JSON above, then add it. The manager validates and stores it.
bash
nexus-cli notify-add --file channel.json
2
Send a test
Confirm the wiring before you rely on it — by id, or straight from a file.
bash
nexus-cli notify-test --id <id>
nexus-cli notify-test --file channel.json
3
List and manage
Review what is configured, and remove anything you no longer want.
bash
nexus-cli notify-list
nexus-cli notify-del --id <id>

REST API

endpoints
GET  /notify                  # list channels
POST /notify/channel          # add or update a channel
POST /notify/channel/delete   # remove a channel by id
POST /notify/test             # send a test message

How it feeds the pipeline

The hub is the last hop of the detection chain. An alert at or above a channel's min_level auto-dispatches to allmatching channels — and SOAR's notify steps (such as PB-CRITICAL-NOTIFY) reach your team through exactly these channels.

Tips

  • Raise min_level on noisy channels and keep a low-threshold channel for the SOC on-call.
  • Use the severities filter to route only specific event classes to a channel.
  • Set enabled: false to silence a channel without deleting its config.
Meet your team where they are. One alert, many destinations. Configure once and the manager keeps everyone in the loop — across chat, email and messaging — with the severity threshold each channel deserves.
PreviousNexus Edge (agentless syslog)Next SecOps Dashboard