About default notification rules
Trust Protection Platform provides several default Notification Rule templates. You can implement these Notification Rules
Stores the criteria the [%=_Variables-Generic.CompanyName_Simple% ] Log Server uses to select system events and provide responses to them. or use them as a guide to create your own Notification Rule objects. To learn about customizing the default download notification, see .
IMPORTANT The Notification Rule objects are not functional until you configure the associated Channel object. For example, you cannot receive certificate expiration notifications until you configure the associated Simple Mail Transfer Protocol (SMTP) server. For more information, see SMTP channel.
|
Notification Rule |
Description |
|
ACME certificate enrolled |
Alerts the owner that a certificate has been enrolled via ACME. |
|
Adaptable Script Modified |
Alerts the system administrator if any adaptable script has been modified, as this may represent an unauthorized change, which could potentially pose a security risk. |
|
Application Needs Restart |
If a Web server needs to be restarted after a certificate or private key is installed, the application driver generates an event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the corresponding Application object. |
|
CA Authentication Failure |
If Trust Protection Platform cannot authenticate with a configured Certificate Authority, it generates an event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the corresponding CA Template object. |
|
CA Communications Failure |
If Trust Protection Platform cannot communicate with a configured Certificate Authority, it generates an event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the corresponding CA Template object. |
|
CA Manual Approval Pending |
If a Certificate Authority is configured to require manual approval for submitted CSRs, the administrator must log in to the CA to manually approve renewing certificates. When the CA requires approval for a certificate renewal, Trust Protection Platform generates an event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the corresponding CA Template object. |
|
Certificate Escalation Expiring in <X> Days |
Trust Protection Platform generates escalated certificate expiration events according to the time parameters configured in the TLS Protect object (Monitoring tab) in the Platform tree. When a certificate triggers the configured expiration escalation threshold, the Certificate Monitor module generates an escalated certificate expiration event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the corresponding Certificate object, the Contact identities assigned to the applications that consume the certificate, and the local master administrator. |
|
Certificate Expired |
When a certificate expires, the Certificate Monitor module generates an event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channels send an email notification message to the Contact identities assigned to the corresponding Certificate object, the Contact identities assigned to the applications that consume the certificate, and the local master administrator. |
|
Certificate Expiring |
Trust Protection Platform generates certificate expiration events according to the parameters configured in one of the following locations:
Certificate expiration notices may be triggered at 90, 45, 30, 15, 10, 5, and 1 day to expiration. NOTE The default certificate expiration notification period is 30 days. When a certificate triggers the configured expiration threshold, the Certificate Monitor module generates a certificate expiration event. When the Venafi Log server logs the event, the event triggers the corresponding Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the corresponding Certificate object and the applications that consume the certificate. NOTE The 5-day Notification Rule sends the email notification message also to the local master administrator. |
|
Certificate in Error |
The certificate is in an error state. A problem was encountered during certificate processing. |
|
Certificate Installed |
When an application driver installs a certificate on the consumer application—stage 800 of the certificate lifecycle—it generates a certificate installation event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the Application object. |
|
Certificate Ready to Download |
Certificate processing is complete and the certificate is ready to download. |
|
Certificate Renewal Started |
When the TLS Protect module initiates stage 0 of the certificate lifecycle, it generates a certificate renewal event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the corresponding Certificate object and the applications that consume the certificate. |
|
Certificate Renewed Not Installed |
When TLS Protect has renewed a certificate, but the application owner hasn't installed it on any servers, this notification rule template can trigger an email to the certificate owner. |
|
Certificate Revoked |
The certificate was revoked. |
|
Certificate Signing Request (CSR) Needed |
A CSR is needed before certificate processing can begin. |
|
Device Communication Failure |
If Trust Protection Platform cannot connect to a server where a certificate is installed, it generates a communication failure event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the corresponding Device object. |
|
Discovery Completed |
When the Discovery Manager module completes a discovery survey, it generates a discovery event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the Discovery object in the Discovery tree. |
|
Discovery Started |
When the Discovery Manager module begins a discovery survey, it generates a discovery event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the Discovery object in the Discovery tree. |
|
Triggers anytime a user attempts to log in to Venafi Platform but fails. This may be due to an incorrect password, or another authentication issue. This notification goes to the user whose login was used in the login attempt, and includes the IP address of the user attempting to log in. If a user receives a notification and they weren't the ones who triggered the failure, this alerts them that somebody is attempting to access their Venafi Platform account. For additional information and configuration details, see Configuring your system for login notifications. |
|
|
Triggers anytime a user successfully logs in to Venafi Platform from an unknown location (as determined by IP address). This notification goes to the user who successfully logged in, and includes information about the login, including the IP address of the user who successfully logged in. This notification is important because it helps users monitor logins from remote locations. If a user doesn't recognize a location, their account information may be compromised. For additional information and configuration details, see Configuring your system for login notifications. |
|
|
Expired CRL (Certificate Revocation List) |
The current Certificate Revocation List has expired and needs to be updated. |
|
Notification Channel Failure |
If Trust Protection Platform cannot connect to a server where a certificate is installed, it generates a communication failure event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the local master administrator. |
|
SSH |
The set of agentless discovery, key, keyset and certificate notifications for SSH.
|
|
System Errors |
If errors occur while events are expiring, the Log server event triggers this Notification rule. |
|
Validation Failure |
If the Validation Manager cannot complete a Network or Onboard validation, it generates a validation error event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the Contact identities assigned to the Application or Certificate object that the Validation was conducted on. |
|
Workflow Approval Pending |
When Trust Protection Platform issues a workflow ticket for a certificate approval or workflow injection command, it generates a workflow ticket event. When the Venafi Log server logs the event, the event triggers this Notification Rule so the target channel sends an email notification message to the ticket approver. |
|
Workflow Ticket Rejected |
The Notification Rule that manages events from rejected Workflow tickets. |