Discord Integration
Receive security alerts in Discord channels. Perfect for development teams, gaming communities running websites, or anyone preferring Discord over Slack.
Features
- 🔔 Rich Embeds - Color-coded alerts with severity indicators
- 🎯 Role Mentions - Tag
@DevOpsor@Securityautomatically - 📊 Inline Images - CVSS scores, vulnerability charts
- 🔗 Quick Links - Jump to Fence dashboard with one click
- 📈 Scan Summaries - Daily/weekly digests
Setup
1. Create Discord Webhook
- Open your Discord server
- Right-click the channel you want alerts in (e.g.,
#security-alerts) - Click Edit Channel → Integrations
- Click Create Webhook
- Configure:
- Name: "Fence Security Bot"
- Avatar: Upload Fence logo (optional)
- Click Copy Webhook URL
- Click Save
2. Add to Fence
- Log in to Fence
- Navigate to Settings → Notifications
- Click Add Channel → Discord
- Configure:
- Name: "Security Alerts"
- Webhook URL: Paste from step 1
- Alert Types: Choose notifications to receive
- Click Test Integration (sends test message to Discord)
- Click Save
Alert Examples
Critical Vulnerability
🚨 **Critical Vulnerability Detected**
**Domain:** example.com
**Severity:** CRITICAL (CVSS 9.8)
**Title:** SQL Injection in login form
**CVE:** CVE-2024-12345
**OWASP:** A03:2021 - Injection
**Affected URL:** https://example.com/login
**Impact:** Attacker can bypass authentication and access database
🔗 [View Details](https://fence.dev/issues/uuid) | [Remediation Guide](https://fence.dev/issues/uuid/fix)
Embed color: Red (#FF0000)
Thumbnail: CVSS score badge
High Severity Vulnerability
⚠️ **High Severity Vulnerability**
**Domain:** api.example.com
**Severity:** HIGH (CVSS 7.5)
**Title:** Weak TLS Configuration
**Issue:** Server accepts RC4 and 3DES ciphers
**Impact:** Susceptible to downgrade attacks
**Fix:**
1. Update `ssl_ciphers` in Nginx config
2. Disable TLS 1.0/1.1
3. Restart web server
🔗 [View Details](https://fence.dev/issues/uuid)
Embed color: Orange (#FFA500)
Certificate Expiring
⏰ **SSL Certificate Expiring Soon**
**Domain:** example.com
**Expires:** February 3, 2025 (14 days remaining)
**Issuer:** Let's Encrypt
**SANs:**
• example.com
• www.example.com
• api.example.com
**Action Required:** Renew certificate before expiration to avoid downtime
🔗 [Renewal Guide](https://fence.dev/docs/ssl-renewal)
Embed color: Yellow (#FFFF00) for <30 days, Red for <7 days
Scan Completed
✅ **Security Scan Completed**
**Domain:** example.com
**Scan Type:** Full Scan
**Duration:** 4 minutes 32 seconds
**Results:**
🔴 Critical: 0
🟠 High: 2
🟡 Medium: 7
🔵 Low: 4
⚪ Info: 1
**Grade:** B
🔗 [Full Report](https://fence.dev/scans/uuid) | [Download PDF](https://fence.dev/scans/uuid/pdf)
Embed color: Green (#00FF00) if grade A/A+, Yellow if B/C, Red if D/F
Alert Filters
By Severity
Notify for:
☑️ Critical
☑️ High
☐ Medium
☐ Low
☐ Info
By Role Mention
Tag Discord roles when alerts are posted:
| Severity | Mention |
|---|---|
| Critical | @Security + @DevOps |
| High | @DevOps |
| Medium | None |
| Low | None |
Setup role mentions:
1. Get role ID: Right-click role → Copy ID (requires Developer Mode)
2. In Fence: Settings → Discord → Role Mentions
3. Add: Critical: <@&123456789012345678>
By Domain
Only alert for specific domains:
Alert for:
☑️ production.example.com
☑️ api.example.com
☐ staging.example.com
Multiple Channels
Route different alert types to different channels:
| Alert Type | Channel | Color |
|---|---|---|
| Critical vulnerabilities | #critical-alerts |
Red |
| High vulnerabilities | #security-alerts |
Orange |
| Certificate expiring | #ssl-certificates |
Yellow |
| Scan completed | #scan-reports |
Green |
| Daily digest | #security-summary |
Blue |
Rich Embeds
Discord embeds support:
Fields
{
"embeds": [{
"title": "Critical Vulnerability",
"color": 16711680,
"fields": [
{"name": "Domain", "value": "example.com", "inline": true},
{"name": "Severity", "value": "CRITICAL", "inline": true},
{"name": "CVSS", "value": "9.8", "inline": true}
]
}]
}
Images
{
"embeds": [{
"title": "Vulnerability Trend",
"image": {
"url": "https://fence.dev/api/charts/trend.png"
}
}]
}
Thumbnails
{
"embeds": [{
"title": "SQL Injection Detected",
"thumbnail": {
"url": "https://fence.dev/static/badges/cvss-9.8.png"
}
}]
}
Troubleshooting
Messages Not Appearing
Check:
1. Webhook URL is correct (starts with https://discord.com/api/webhooks/)
2. Channel wasn't deleted
3. Bot has permission to post in channel
4. Discord server isn't at message rate limit (30 messages/minute)
Test webhook:
curl -X POST https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN \
-H 'Content-Type: application/json' \
-d '{"content": "Test from Fence"}'
Webhook Deleted
If webhook was deleted in Discord:
1. Create new webhook (see Setup section)
2. Update in Fence: Settings → Notifications → Edit Discord channel
3. Save new webhook URL
Rate Limiting
Discord limits webhooks to:
- 30 messages per minute
- 5 requests per second
If rate limited:
- Use digest mode instead of real-time
- Split alerts across multiple webhooks
- Reduce notification frequency
Role Mentions Not Working
Common issues:
1. Role ID is wrong (get from: Right-click role → Copy ID)
2. Developer Mode not enabled (Settings → Advanced → Developer Mode)
3. Role mention format wrong (use <@&ROLE_ID>, not @role-name)
Correct format:
Critical: <@&123456789012345678>
High: <@&234567890123456789>
Security Considerations
Webhook URL Security
- ✅ Don't share webhook URL publicly (anyone can post to it)
- ✅ Rotate webhook if leaked
- ✅ Use private channels for sensitive alerts
- ❌ Don't commit webhook URLs to Git
If compromised:
1. Delete webhook in Discord (Channel Settings → Integrations)
2. Create new webhook
3. Update in Fence
Data Sensitivity
Discord alerts contain:
- Domain names
- Vulnerability descriptions
- CVE IDs
- Affected URLs
For sensitive data:
- Use private Discord servers
- Limit channel access (role permissions)
- Enable 2FA for all admins
- Consider self-hosted alternative (Matrix, Mattermost)
Compliance
- HIPAA: Discord not HIPAA-compliant (use Slack Business+ or Enterprise)
- GDPR: Data stored in US (Discord servers)
- SOC 2: Discord has SOC 2 Type II certification
Advanced Features
Custom Embeds (Enterprise)
Customize embed appearance:
{
"username": "Fence Security",
"avatar_url": "https://fence.dev/logo.png",
"embeds": [{
"title": "{{ title }}",
"description": "{{ description }}",
"color": {{ color }},
"author": {
"name": "Fence",
"url": "https://fence.dev",
"icon_url": "https://fence.dev/icon.png"
},
"footer": {
"text": "Powered by Fence",
"icon_url": "https://fence.dev/icon-small.png"
},
"timestamp": "{{ timestamp }}"
}]
}
Thread Alerts
Post alerts as threads to keep channels organized:
#security-alerts
├─ 🚨 Critical: SQL Injection in example.com
│ └─ Remediation steps (threaded reply)
├─ ⚠️ High: Weak TLS in api.example.com
│ └─ Fix applied ✓ (threaded reply)
└─ ✅ Scan completed for www.example.com
Setup:
1. Fence Settings → Discord → Enable Threading
2. New alerts create threads automatically
3. Follow-up messages posted as thread replies
Buttons (Coming Soon)
Interactive buttons in Discord embeds:
[View Details] [Mark as False Positive] [Snooze 24h]
Note: Requires Discord's Message Components API (Enterprise tier)
Comparison: Discord vs. Slack
| Feature | Discord | Slack |
|---|---|---|
| Free tier | ✅ Unlimited | ✅ Limited to 10k messages |
| Rich embeds | ✅ Native | ⚠️ Via attachments |
| Role mentions | ✅ Yes | ✅ Yes (user groups) |
| Threading | ✅ Yes | ✅ Yes |
| Search | ⚠️ Basic | ✅ Advanced |
| Mobile app | ✅ Yes | ✅ Yes |
| Enterprise features | ⚠️ Limited | ✅ Extensive |
| HIPAA compliance | ❌ No | ✅ Yes (Business+) |
| Best for | Developer teams, gaming communities | Enterprise, regulated industries |
Daily Digest
Receive a daily summary instead of real-time alerts:
📊 **Fence Security Daily Digest** - January 20, 2025
**Scans:** 47 completed
**Domains:** 12 scanned
**New Vulnerabilities:** 8 detected
**Top Issues:**
1. 🔴 SQL Injection in example.com (CVSS 9.8)
2. 🟠 Weak TLS Ciphers in api.example.com (CVSS 7.5)
3. 🟠 Missing HSTS in www.example.com (CVSS 6.5)
**Certificates Expiring:**
⚠️ example.com - 14 days remaining
⚠️ api.example.com - 7 days remaining
🔗 [View Dashboard](https://fence.dev/dashboard)
Schedule:
- Daily at 9:00 AM (your timezone)
- Weekly on Monday at 9:00 AM
- Monthly on 1st at 9:00 AM
- Custom schedule (Cron expression)
Best Practices
Channel Organization
#security-critical → Critical vulnerabilities (@Security @DevOps)
#security-high → High severity (@DevOps)
#security-alerts → Medium/Low severity (no mentions)
#ssl-certificates → Certificate expiring
#security-digest → Daily summaries
Reduce Noise
- Start with critical/high only
- Use daily digest for low-priority items
- Mute known false positives
- Set up webhooks for each severity level
Mobile Notifications
Configure Discord mobile app:
1. Settings → Notifications
2. Enable push notifications for #security-critical
3. Mute #security-digest (check manually)
4. Custom notification sound for critical alerts
Migration from Slack
Already using Slack? Add Discord as secondary channel:
Why both?
- Development team on Discord
- Management team on Slack
- Route critical → both, medium → Discord only
Setup:
1. Keep existing Slack integration
2. Add Discord for development team
3. Configure different alert types per platform
Pricing
| Tier | Discord Channels | Features |
|---|---|---|
| Hobby | 0 | Not available |
| Startup | 5 channels | Real-time alerts, embeds |
| Enterprise | 20 channels | Custom embeds, threading |
| Custom | Unlimited | White-label bot, custom branding |