Integrations

Dynamic variables

Updated: June 19, 2025

integrations

The use of variables in notification integrations can be done through tokens. Notification integrations contain customizable payloads where you can add, remove and change tokens and text.

The information and tokens in the payload determine what information is populated into your alert or incident. For example:

  • {alert_name} was triggered at {alert_timestamp}, this populates the alert with the name you have given the alert and the time in UTC when the alert was generated: "404 alert was triggered at 21/04/2023T12:35:36".

The tables below details the different variables you can use in a payload.

Alerts

Variable Name Description Example Process Type
alert_link Link to the alert in the FireTail SaaS platform. https://firetail.app/organisations/2b33ac05.../monitor-alerting/27da7c63... Alert
alert_uuid Unique UUID of the alert. bd65fefc-43d9-4c6c-9719-21ef828afa6c Alert
alert_name Name of the alert. 404 alert Alert
alert_timestamp Timestamp alert was generated (UTC). 21/04/2023T12:35:36 Alert
alert_operand Operand of the alert. < > >= <= == Alert
alert_nice_operand Operand in text form. less than Alert
alert_type Type of alert. static | anomaly Alert
alert_static_threshold_condition Same as alert_operand. < > >= <= == Alert
alert_static_threshold_value Threshold value for triggering a static alert. 1000 Alert
alert_static_triggered_value Value that caused the alert to trigger. 1001 Alert
alert_period Period checked for alert breach (seconds). 900 Alert
alert_throttle_enabled If true, alert won't re-trigger during threshold period. true Alert
alert_throttle_period Mute period after alerting (seconds). 900 Alert
alert_anomaly_sensitivity Sensitivity level for anomaly detection. 1.5 Alert
alert_anomaly_max_data_points Max data points checked for anomaly breach. 1 Alert
alert_anomaly_min_data_points Min data points for anomaly check (× alert_period). 1 Alert
alert_anomaly_comparison_operator Comparison operator for anomaly threshold. LessThanLowerOrGreaterThanUpperThreshold Alert
alert_message The alert message. Alert
org_uuid UUID of the organization. bd65fefc-43d9-4c6c-9719-21ef828afa6c Alert

Incidents

Variable Name Description Example Process Type
incident_link Link to the incident in the FireTail SaaS platform. https://firetail.app/.../incidents/660a1f2f... Incident
incident_uuid UUID of the incident. bd65fefc-43d9-4c6c-9719-21ef828afa6c Incident
Incident_title The title of the incident. Incident title Incident
incident_timestamp Timestamp incident was generated in UTC. 21/04/2023T12:35:36 Incident
incident_policy_name Name of the policy that triggered the incident. Incident policy name Incident
incident_policy_frequency How frequently the policy is checked. 1 day Incident
incident_policy_uuid UUID of the incident policy. bd65fefc-43d9-4c6c-9719-21ef828afa6c Incident
incident_policy_link Link to the policy in FireTail SaaS. https://firetail.app/.../incidents-policy Incident
incident_period Time period checked for breach (seconds). 900 Incident
incident_message The incident message. Incident
incident_findings_info_count Number of info-level findings. 90 Incident
incident_findings_low_count Number of low-severity findings. 20 Incident
incident_findings_medium_count Number of medium-severity findings. 50 Incident
incident_findings_high_count Number of high-severity findings. 5 Incident
incident_findings_critical_count Number of critical-severity findings. 3 Incident
incident_findings_total_count Total findings in the incident. 128 Incident
org_uuid UUID of the organization. bd65fefc-43d9-4c6c-9719-21ef828afa6c Incident

Example incident message for Slack



{
    "blocks": [
        {
            "type": "header",
            "text": {
                "type": "plain_text",
                "text": "Incident Triggered by Policy '{incident_policy_name}'",
                "emoji": true
            }
        },
        {
            "type": "section",
            "fields": [
                {
                    "type": "mrkdwn",
                    "text": "*Name:*\n{incident_title}"
                },
                {
                    "type": "mrkdwn",
                    "text": "*Trigger Time:*\n{incident_timestamp}"
                }
            ]
        },
        {
            "type": "header",
            "text": {
                "type": "plain_text",
                "text": "Findings - {incident_findings_total_count}"
                "emoji": true
            }
        },
        {
            "type": "section",
            "fields": [
                {
                    "type": "mrkdwn",
                    "text": "*Critical:*\n{incident_findings_critical_count}"
                },
                {
                    "type": "mrkdwn",
                    "text": "*High:*\n{incident_findings_high_count}"
                },
                {
                    "type": "mrkdwn",
                    "text": "*Medium:*\n{incident_findings_medium_count}"
                },
                {
                    "type": "mrkdwn",
                    "text": "*Low:*\n{incident_findings_low_count}"
                }
            ]
        },
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": "<{incident_link}|View Incident>"
            }
        }
    ]
}

Need help?

Contact FireTail support

Previous (Integrations)
Integrations overview
Next (Integrations)
Create an Auth provider