Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.petrasecurity.com/llms.txt

Use this file to discover all available pages before exploring further.

Why Notification Methods Matter

Petra only sends notifications when actual incidents occur. If you don’t have Petra Response enabled for a tenant, you need to configure notification methods that will reach you immediately.
Petra’s notification system is deliberately quiet to avoid alert fatigue. Unlike tools that constantly ping you about routine activities, Petra only sends alerts for confirmed security incidents that require immediate attention. If Petra Response is on, you will not need to perform any time-sensitive actions. However, if Petra Response is off, you will need to configure notification methods that will reach you immediately.

Available Notification Methods

You can receive incident alerts via:
  • Email Notifications - Receive detailed incident reports via email
  • SMS/Text Messages - Get instant text alerts with incident summaries
  • Phone Calls - Automated calls for high-priority incidents
  • Microsoft Teams - Notifications directly in your Teams channels
  • PSA Integration - Automatic ticket creation in ConnectWise or Autotask
  • Slack Webhook - Incident alerts in your Slack workspace
  • Custom Webhooks - Send incident data to any external service or automation tool (Zapier, Make, n8n, and more)
You should always set up multiple notification methods.

Viewing Your Current Configuration

You can quickly see your currently configured notification methods from the main dashboard:

Configuring Notification Methods

To update your notification settings:
  1. Navigate to Settings in the top navigation bar
  2. Select Notification Methods (this should be the default tab)
  3. Here you can configure all available notification options
The notification settings apply tenant-wide. If you manage multiple clients through Petra, you’ll need to switch tenants to configure each client’s notification preferences separately.

Email Configuration

Add as many email addresses as needed for your team. These can be individual addresses or distribution lists.

Phone/SMS Configuration (On-Call Sequence)

Phone notifications follow an on-call sequence:
  1. Add multiple phone numbers to create your escalation path
  2. Arrange them in order of priority
  3. When an incident occurs, Petra will attempt to reach each contact in sequence

PSA Integration

Petra currently supports automatic ticket creation in:
  • ConnectWise
  • Autotask
  • HaloPSA

Microsoft Teams Integration

Teams notifications are often preferred for non-urgent communication about incidents that have already been remediated automatically. This provides an audit trail without requiring immediate action.
Teams notifications can include detailed remediation steps, such as password reset instructions, making them valuable for documentation purposes.

Custom Webhooks

Send incident data to any external service (Zapier, Make, n8n, Power Automate, or your own API) using fully configurable HTTP requests. See the Custom Webhooks guide for setup instructions and available payload variables.

Slack Integration

Configure a Slack webhook to receive rich, structured incident notifications in your security channels:
  1. Create a webhook in your Slack workspace
  2. Copy the webhook URL into Petra
  3. Select which types of incidents should trigger Slack notifications
Slack notifications use Slack’s Block Kit format to provide structured, actionable alerts. Each notification includes:
  • Header - A clear summary of the incident type
  • Incident Details - Tenant name, affected identity, and incident timestamp (UTC)
  • Steps Taken - What Petra has already done to respond to the incident
  • Next Steps - What actions you need to take
  • Action Button - Direct link to open the incident in the Petra portal
This format makes it easy to quickly understand the incident context and take appropriate action without leaving Slack.

Testing Your Notification Configuration

To verify all your notification methods work properly:
  1. Navigate to Settings > Notification Methods
  2. Click the Test Notification Methods button at the bottom of the page
  3. Petra will send a test notification through all configured channels
This test:
  • Sends emails to all configured addresses
  • Sends SMS messages to all configured phone numbers
  • Places test calls to your on-call sequence
  • Creates a test ticket in your PSA system
  • Posts test messages to Teams and Slack

When Notifications Are Sent

Petra sends notifications through all configured channels whenever an incident is published. However, there are specific situations where Petra intentionally does not send some or all notifications.

Baselining Period (Scan Tenants)

When a tenant is onboarded with a Scan, Petra scans historical Microsoft 365 logs to surface past compromises. Rather than sending a separate alert for every historical finding, Petra batches them into a single baselining summary email. Individual incident notifications are suppressed until that summary email is sent. Exceptions that always trigger immediate alerts, even during baselining:
  • Uncaught Before Petra incidents where the attacker still has access to the account (e.g., “Uncovered in Baselining” or “Attacker Retains Password” status)
  • Live incidents detected in real time while the baselining scan is still in progress
Once the baselining email has been sent, all future incidents for that tenant trigger notifications normally.

Leftover Persistence Items

Incidents marked as Leftover Persistence (such as malicious apps or suspicious inbox rules left behind by an attacker) do not trigger notifications when they are not part of an active, live incident. These items are residual artifacts from a prior compromise. They need cleanup, but they are not time-sensitive active attacks, so Petra does not generate alerts for them. You can find leftover persistence items in the Leftover Persistence section at the bottom of the Incidents page.

Notification Methods Not Configured

If no notification methods are set up for a tenant, Petra has no way to reach you. Petra will still record the incident in the dashboard, but no emails, texts, calls, or messages will be sent. To fix this, go to Settings > Notifications and add at least one contact method. You should always configure multiple channels so that at least one reaches you.
Even when no customer notification methods are configured, Petra’s SOC team receives an internal alert, so incidents are never silently lost.

PSA Tickets Not Created

PSA tickets (ConnectWise, Autotask, HaloPSA) are not created when any of the following are true:
  • The PSA integration is not connected for the organization
  • The tenant is not mapped to a company in the PSA system
  • Required configuration is missing, such as:
    • ConnectWise: no default service board assigned
    • Autotask: no queue, status, or priority configured
    • HaloPSA: no default ticket type, team, or status configured
If PSA tickets are not appearing for a specific tenant, check that the tenant is mapped to the correct PSA company and that all required fields are configured. See the setup guides for ConnectWise, Autotask, or HaloPSA.

Phone Calls Skipped for Non-Urgent Incidents

Petra does not place phone calls for incidents that are already resolved:
  • Remediated Prior to Onboarding - the compromise was already cleaned up before Petra was connected
  • Leftover Persistence - residual artifacts that are not active threats
These incidents still generate email, SMS, Teams, Slack, and PSA notifications (if configured). Only phone calls are skipped because they are reserved for incidents that require immediate action.
SituationWhat happens
Baselining period (Scan)Individual alerts suppressed, batched into a single summary email. Latent compromises and live incidents still alert immediately.
Leftover Persistence (non-live)No notifications sent. Items appear in the dashboard for cleanup.
No notification methods configuredIncident recorded in dashboard, no customer alerts sent. SOC team notified internally.
PSA integration incompleteOther channels (email, SMS, etc.) still fire. PSA ticket is not created until the integration is fully configured.
Phone calls for resolved incidentsPhone calls skipped. All other channels still send.
If you believe an incident should have triggered a notification and none of these cases explain why it did not, contact support@petrasecurity.com.