$ CHAINALERT_

# core-concepts

Alerts & Notifications

When a detection fires, ChainAlert delivers the alert through every channel you've configured — Slack, email, or custom webhooks. Alerts include the full context: what happened, which contract, which transaction, and a direct link to the block explorer.

Notification Channels

You can configure multiple channels per workspace and route different detections to different channels. A critical security detection might go to your #security-incidents Slack channel and PagerDuty, while a low-severity balance warning goes to email.

Slack

The Slack integration is a first-class citizen. Connect your workspace with a single OAuth click and choose which channels receive alerts. Messages are richly formatted with severity indicators, transaction details, and explorer links.

slack — #security-alerts

[CRITICAL] Ownership Transfer Detected

Contract 0x7a25...3f01 on Ethereum

New owner: 0x9bc1...a4d2

Tx: 0xef29...12ab

Read the full Slack integration guide.

Email

Add one or more email addresses to a channel. Alerts are delivered as HTML-formatted emails with severity badges, transaction details, and direct links to the detection in your dashboard.

Read the full email integration guide.

Webhooks

For programmatic integrations, configure a webhook endpoint and ChainAlert will POST a signed JSON payload every time an alert fires. Use this to pipe alerts into PagerDuty, OpsGenie, Telegram bots, Discord, or your own incident response systems.

Read the full webhook integration guide.

Delivery & Reliability

Automatic retries — failed deliveries are retried with exponential backoff (up to 5 attempts)

Parallel delivery — when multiple channels are configured, alerts are sent to all channels simultaneously

Delivery status tracking — every alert records its notification status (sent, partial, or failed) so you always know if a delivery succeeded

Smart cooldowns — configurable per detection to prevent alert fatigue during noisy events

Alert History

Every alert is stored permanently and visible in the dashboard. Filter by detection, severity, date range, or notification status. Each alert links to the matched event with full decoded transaction data — so when an alert fires at 3am, your team has all the context they need to respond.

How Cooldowns Work

Each detection has a configurable cooldown period (default: 5 minutes). After an alert fires, subsequent matches are silently suppressed until the cooldown expires.

Per-detection scope — when one rule in a detection fires, all its rules are suppressed for the cooldown duration

First observation — conditions comparing against history (percent change, changed) never trigger on their first reading

Suppressed events — events within cooldown are not stored. To see every matching event regardless of cooldown, query the events table via the API