# Telegram

[Telegram](https://telegram.org/) is a cloud-based instant messaging platform and social media application. You can set up Wallarm to send scheduled reports and instant notifications to Telegram.

Scheduled reports can be sent on a daily, weekly, or monthly basis. Reports include detailed information about vulnerabilities, attacks, and incidents detected in your system over the selected period. Notifications include brief details of triggered events.

## Setting up integration

1. Open the **Integrations** section.
1. Click the **Telegram** block or click the **Add integration** button and choose **Telegram**.
1. Add [@WallarmUSBot](https://t.me/WallarmUSBot) (if you are using the Wallarm US Cloud) or [@WallarmBot](https://t.me/WallarmBot) (if you are using the Wallarm EU Cloud) to the Telegram group receiving Wallarm notifications and follow the authentication link.
1. After redirection to Wallarm UI, authenticate the bot.
1. Enter an integration name.
1. Choose the frequency of sending security reports. If the frequency is not chosen, then reports will not be sent.
1. Choose event types to trigger notifications.

    ![Telegram integration](https://docs.wallarm.com/images/user-guides/settings/integrations/add-telegram-integration.png)

    Details on available events:

    * System related:
        * [User](https://docs.wallarm.com/user-guides/settings/users.md) changes (newly created, deleted, role change)
        * [Integration](https://docs.wallarm.com/user-guides/settings/integrations/integrations-intro.md) changes (disabled, deleted)
        * [Application](https://docs.wallarm.com/user-guides/settings/applications.md) changes (newly created, deleted, name change)
        * Errors during regular update of specifications used for [rogue API detection](https://docs.wallarm.com/api-discovery/rogue-api.md) or [API specification enforcement](https://docs.wallarm.com/api-specification-enforcement/setup.md#step-1-upload-specification)
    * [Rules](https://docs.wallarm.com/user-guides/rules/rules.md) and [triggers](https://docs.wallarm.com/user-guides/triggers/triggers.md) changed (creating, updating, or deleting the rule or trigger)
    * [Security issues](https://docs.wallarm.com/user-guides/vulnerabilities.md) detected by [all methods](https://docs.wallarm.com/about-wallarm/detecting-vulnerabilities.md#detection-methods), all or only for the selected risk level(s):
        * Critical risk
        * High risk
        * Medium risk
        * Low risk
        * Info risk
    The integration with Telegram can be tested only if this integration is already created.

1. Click **Add integration**.
1. Re-open the created integration card.
1. Click **Test integration** to check configuration correctness, availability of the target system, and the notification format.

    This will send the test notifications with the prefix `[Test message]`:

    ```
    [Test message] [Test partner] Network perimeter has changed

    Notification type: new_scope_object_ips

    New IP addresses were discovered in the network perimeter:
    8.8.8.8

    Client: TestCompany
    Cloud: EU
    ```

You can also start the chat with [@WallarmUSBot](https://t.me/WallarmUSBot) or [@WallarmBot](https://t.me/WallarmBot) directly. The bot will send reports and notifications as well.

## Setting up additional alerts

Besides the notifications you have already set up through the integration card, Wallarm triggers allow you to select additional events for notifications:

* Number of [attacks](https://docs.wallarm.com/glossary-en.md#attack), [hits](https://docs.wallarm.com/glossary-en.md#hit) or incidents per time interval (day, hour, etc.) exceeds the set number

    !!! info "What is not counted"
        * For attacks: 
            * The experimental attacks based on the [custom regular expressions](https://docs.wallarm.com/user-guides/rules/regex-rule.md).
        * For hits:
            * The experimental hits based on the [custom regular expressions](https://docs.wallarm.com/user-guides/rules/regex-rule.md).
            * Hits not saved in the [sample](https://docs.wallarm.com/user-guides/events/grouping-sampling.md#sampling-of-hits).

* [Changes in API](https://docs.wallarm.com/api-discovery/track-changes.md) took place
* New [rogue API](https://docs.wallarm.com/api-discovery/rogue-api.md) (shadow, zombie) was detected
* New user was added to the company account

For condition detailing, you can add one or more filters. As soon, as condition and filters are set, select the integration through which the selected alert should be sent. You can select several integrations simultaneously.

![Choosing an integration](https://docs.wallarm.com/images/user-guides/triggers/select-integration.png)
## Disabling and deleting an integration

You can delete or temporarily disable the integration. While deleting stops sending notifications and completely deletes all configuration, disabling just stops sending notifications which you can at any moment re-enable with the same settings.

If for the integration the **System related** events are selected to trigger notifications, Wallarm will notify about both of these actions.
## System unavailability and incorrect integration parameters

Notifications to the system are sent via requests. If the system is unavailable or integration parameters are configured incorrectly, the error code is returned in the response to the request.

If the system responds to Wallarm request with any code other than `2xx`, Wallarm resends the request with the interval until the `2xx` code is received:

* The first cycle intervals: 1, 3, 5, 10, 10 seconds
* The second cycle intervals: 0, 1, 3, 5, 30 seconds
* The third cycle intervals:  1, 1, 3, 5, 10, 30 minutes

If the percentage of unsuccessful requests reaches 60% in 12 hours, the integration is automatically disabled. If you receive system notifications, you will get a message about automatically disabled integration.