Once your detection bots start emitting alerts, the question becomes:
How will your team see them?
An alert that isn’t routed is like a fire alarm in an empty building…Yes, it goes unheard. Today, we focus on routing Forta alerts to your operational tools, including Slack, Discord, email, and professional monitoring systems like PagerDuty.
Structure of a Forta Alert
Each Forta agent emits structured alert objects, for example:
{
"name": "High ETH Transfer",
"description": "More than 1000 ETH sent in one tx",
"alertId": "HIGH-ETH-TRANSFER",
"protocol": "ethereum",
"severity": "High",
"type": "Suspicious",
"metadata": {
"txHash": "0x...",
"amount": "1050"
}
}
Alerts are published via:
Forta Explorer: Web interface
Alert API: For integrations
Webhook: Your own custom endpoints
You can subscribe to these alerts and forward them to your tools.
Routing Alerts to Slack
1. Create a Slack Webhook
Go to Slack API Webhooks
Create a new app > Enable Incoming Webhooks > Add to a channel
Copy your webhook URL (e.g.
https://hooks.slack.com/services/T000/B000/XXX)
2. Build a forwarding script
const axios = require("axios");
const SLACK_WEBHOOK = process.env.SLACK_HOOK;
function forwardAlertToSlack(alert) {
const msg = {
text: `🚨 *${alert.name}*\n${alert.description}\nTx: ${alert.metadata.txHash}`
};
axios.post(SLACK_WEBHOOK, msg);
}
3. Trigger from agent or post-processor
You can either:
Send directly from the agent (
handleTransaction)Or have a post-processing bot that reads alerts and forwards them
Routing to Discord or Telegram
Most chat apps support webhooks.
For Discord, follow this guide
For Telegram, use the Bot API to send messages to a channel:
Example payload:
curl -X POST "https://api.telegram.org/bot<BOT_TOKEN>/sendMessage" \
-d chat_id="@your_channel" \
-d text=" High ETH transfer detected"
Routing to SIEM or Threat Dashboards
For teams using enterprise monitoring tools:
Splunk: Send alerts via HTTP Event Collector (HEC)
PagerDuty: Use their Events API v2
You may need to format Forta alerts to match your internal schemas.
Filtering Alerts Before Forwarding
To reduce noise:
if (alert.severity === "High" && alert.protocol === "ethereum") {
forwardAlertToSlack(alert)
}
You can:
Forward only certain
alertIdsOnly “High” severity
Only alerts from specific addresses or chains
Collect alerts and send a summary every hour
Alert Subscription via Forta API
You can subscribe to Forta alerts directly:
curl -X POST https://api.forta.network/graphql -H "Content-Type: application/json" -d '{
"query": "{ alerts(first: 5, input: { alertId: \"HIGH-ETH-TRANSFER\" }) { alerts { name, description }}}"
}'
For complex pipelines, consider setting up Grafana dashboard with Prometheus exporters.
Key Concepts Recap
Forta bots emit alerts, but humans and systems must receive them
Use Slack, Discord, or SIEM integrations to route alerts
You can route directly from agents or through post-processing services
Webhooks, APIs, and filtering allow full control over alert delivery
Effective alert routing connects detection with timely response
In the next meditation, we will explore how to monitor and maintain your detection bots, ensuring uptime, gas control, and alert performance.
Until next meditation,
The Blockchain Security Monk