Probe types

Polls a URL on any HTTP method (GET, POST, PUT, PATCH, DELETE, HEAD) and validates the response: status code (single or list — 200;204), latency, and optional body-contains string.

• Custom request headers — bearer tokens, API keys, tenant routing, content negotiation.
• Request payload body — send JSON, XML, or form data with POST/PUT/PATCH so health endpoints behind auth or with required input still get checked.
• Body-contains assertion — fails the check if the response is missing a sentinel string even when the status code is 200.

Inspects the TLS handshake every 6 hours and exposes everything the certificate reveals: issuer, subject, every Subject Alternative Name, signature algorithm, public key algorithm + size, negotiated TLS version, serial, and the exact not-after date.

• Two-tier expiry alerts — configurable amber warning + red critical thresholds in days, plus a hard alert on actual expiry.
• Renewal detection — serial-number changes between checks reveal silent rotations and CA swaps.
• Weak-crypto visibility — flags SHA-1 / MD5 signatures, RSA < 2048, and servers still allowing TLS 1.0 / 1.1.

Sends ICMP echo requests to a host and measures round-trip time + packet loss. The right tool when you care about whether the box is reachable at all — routers, bare-metal servers, IoT gateways — without caring about an application on top.

• Latency + loss thresholds — Degraded on elevated RTT or partial loss, Down on total loss.
• IPv4 + IPv6 — explicit address-family selection per probe.

Opens a TCP connection to host:port and verifies the socket accepts the handshake. Ideal for non-HTTP services — databases, SMTP, FTP, Redis, RabbitMQ, custom binary protocols — anywhere "the port is listening" is the real signal.

• Connect-time threshold — Degraded when the handshake takes longer than the configured budget.
• Banner-grab assertion (optional) — read the first bytes the server sends and require a match string.

Resolves a name against authoritative or public resolvers and asserts the value. Catches DNS hijacks, half-finished propagations, and broken nameservers before they cascade into an HTTP outage downstream.

• Record types — A, AAAA, CNAME, MX, TXT, NS, CAA.
• Expected-value assertion — exact match or contains, against the full record set.
• Resolver pinning — query a specific resolver (Cloudflare 1.1.1.1, Google 8.8.8.8, your authoritative server) per probe.

The customer's job pings a unique URL every N minutes; StatusPulse alerts when the ping is missing. Different paradigm from every other probe — built for cron jobs, batch pipelines, scheduled backups, and ETL runs.

• Schedule + grace period — minute-level expectation with a configurable grace window before a missed beat fires.
• Optional payload capture — POST exit codes or short log snippets so the incident triage view has the failed run's output.
• Silent-failure detection — the only probe type that can tell you a job didn't run, not just that it failed.

Polls registry data for the domain's registration expiry. Pairs naturally with SSL — same "days remaining" UX, same two-tier alert thresholds — but catches a completely different and equally embarrassing class of outage.

• RDAP-first with WHOIS fallback — uses the modern protocol where registries support it, falls back automatically.
• Two-tier alerts — configurable warning + critical days thresholds, plus a hard alert on actual expiry.
• Registrar drift detection — flags unexpected registrar / nameserver changes between polls.

Calls the standard grpc.health.v1.Health/Check RPC and inspects the serving status. The right probe for service-mesh and microservice deployments where HTTP sidecar checks lie about the underlying gRPC server.

• Per-service probing — query an individual service inside a multi-service gRPC server, not just the root.
• mTLS support — bring your own client certificate for zero-trust meshes that require mutual auth.
• Streaming watch (optional) — subscribe via the Watch RPC for instantaneous status changes instead of polling.

Opens a WebSocket connection, completes the upgrade, and exchanges ping/pong frames to confirm the channel is live. Critical for chat, collaboration, trading dashboards, and any product where load-balancer-level HTTP checks miss socket-layer breakage.

• Connect + handshake thresholds — separate budgets for TCP, TLS, and the HTTP-to-WS upgrade so slow phases are diagnosable.
• Ping/pong RTT — measures application-layer round-trip beyond just the connect.
• Subprotocol + headers — negotiate Sec-WebSocket-Protocol and send custom auth headers on the upgrade.

Connects to your database, runs a probe query, and validates the result. Goes beyond TCP-port checks: a database can accept connections while replication is broken or the disk is full — only a real query catches that.

• Engines — Postgres, MySQL, SQL Server, MongoDB, Redis, with engine-specific safe defaults.
• Custom probe query — go beyond SELECT 1 to assert replica lag, queue depth, or any single-row health metric.
• Encrypted credentials at rest — secrets are vault-sealed; the worker decrypts only at check time.

Sends a test message through your SMTP server, then polls a target IMAP mailbox until the message arrives. Measures total delivery latency and proves the entire mail path — not just that port 587 answers — is healthy.

• Per-step thresholds — separate budgets for SMTP submission and IMAP retrieval so slow phases are diagnosable.
• SPF / DKIM / DMARC verification — inspects the received headers to confirm alignment passes, not just that the message arrived.
• Greylisting tolerance — configurable retry window so transient deferrals don't fire false alerts.