{
  "schemaVersion": "notify.rule@1",
  "ruleId": "rule-secops-critical",
  "tenantId": "tenant-01",
  "name": "Critical digests to SecOps",
  "description": "Escalate KEV-tagged findings to on-call feeds.",
  "enabled": true,
  "match": {
    "eventKinds": [
      "scanner.report.ready",
      "scheduler.rescan.delta"
    ],
    "namespaces": [
      "prod-*"
    ],
    "repositories": [],
    "digests": [],
    "labels": [],
    "componentPurls": [],
    "minSeverity": "high",
    "verdicts": [],
    "kevOnly": true,
    "vex": {
      "includeAcceptedJustifications": false,
      "includeRejectedJustifications": false,
      "includeUnknownJustifications": false,
      "justificationKinds": [
        "component-remediated",
        "not-affected"
      ]
    }
  },
  "actions": [
    {
      "actionId": "email-digest",
      "channel": "email:soc",
      "digest": "hourly",
      "template": "digest",
      "enabled": true,
      "metadata": {
        "locale": "en-us"
      }
    },
    {
      "actionId": "slack-oncall",
      "channel": "slack:sec-ops",
      "template": "concise",
      "throttle": "PT5M",
      "metadata": {},
      "enabled": true
    }
  ],
  "labels": {
    "team": "secops"
  },
  "metadata": {
    "source": "sprint-15"
  },
  "createdBy": "ops:zoya",
  "createdAt": "2025-10-19T04:12:27+00:00",
  "updatedBy": "ops:zoya",
  "updatedAt": "2025-10-19T04:45:03+00:00"
}