Policy violation alerts and pre-configured alerts are sent directly from the sidecar to Slack or Teams and the Control Plane.
Port scans and authentication failures are collated and detected in the Control Plane and will show up in the Alerts page and will also be sent to Slack or Teams if those integrations are configured.
