There seem to be three initial default notice channels which we can use for breach alerts delivered through the user notification service. That forum will let us set up any specific access thresholds we want through the Artifact arrangements and then anything we set up as a custom CloudWatch log escalator. It has emails, mobile notifications for authenticated team members, and chat bots.
All the methods seem to rely on SES, and the only default chat integrations are Chime, Teams, or Slack (no Discord, unfortunately). I've seen a lot of problems with public Slack channels, so I don't think we should venture down that route either just because of this, especially with the Matrix work on the printer. That leaves us with the automated inbox -> issue workflow, which should probably run a quick AI scan to censor any potential PII, however minimal the risk is since actual data would not be included, presuming it's not including raw logs in the notice.
There seem to be three initial default notice channels which we can use for breach alerts delivered through the user notification service. That forum will let us set up any specific access thresholds we want through the Artifact arrangements and then anything we set up as a custom CloudWatch log escalator. It has emails, mobile notifications for authenticated team members, and chat bots.
All the methods seem to rely on SES, and the only default chat integrations are Chime, Teams, or Slack (no Discord, unfortunately). I've seen a lot of problems with public Slack channels, so I don't think we should venture down that route either just because of this, especially with the Matrix work on the printer. That leaves us with the automated inbox -> issue workflow, which should probably run a quick AI scan to censor any potential PII, however minimal the risk is since actual data would not be included, presuming it's not including raw logs in the notice.