Creating notification rule objects

Notification Rule objects store the criteria the Log server uses to select and respond to system events.

Trust Protection Platform provides several About default notification rules to create Notification Rule objects. You can implement these Notification Rules or use them as a guide to create your own Notification Rule objects. Additionally, you can refer to Creating Heartbeat trigger objects to view a sample Notification Rule configuration.

To define Notification Rules, you must be familiar with the Managing event structure and log schema. When you define a Notification Rule, you specify a value for a given event field. To narrow the results, you can define values for multiple event fields using standard AND, OR, and NOT operators.

After you define the selection criteria, you must select the object notification channel. Notification channels are simply the Channel objects the logging server uses to provide event responses. For example, if you want to email designated events to your mailbox, you must select an Simple Mail Transfer Protocol (SMTP) Channel object that is configured to relay events to your email address. Similarly, if you want to log specific events to a MS SQL database, you must select a MS SQL Channel object that is configured to write the events to the correct database and table. You can define multiple notification channels for any given Notification Rule.

The Log server looks for Notification Rule objects only in the Notification folder; therefore, Notification Rule objects can be created only within the Notification folder.

To create a Notification Rule object:

  1. From the Platform menu bar, click Policy Tree.

    NOTE  You must have the Create permission to the Notifications folder in the Logging tree.

  2. Select the Logging tree in the Tree drop-down menu.

  3. In the Logging tree, select the Notification Rules folder.

  4. Click Add > Notification Rule.

    You can also choose a pre-configured rule template from the Templates list.

  5. In the Create Notification Rule dialog, specify a name for the Notification Rule object, and then click Create.
  6. Complete the Notification Rule object configuration, and then click Apply.

The following table outlines the configuration settings for Notification Rule objects.

For sample Notification Rule object configurations, refer to the default Notification Rule objects in the Logging tree or refer to Creating Heartbeat trigger objects for a sample configuration.

Notification Rule Object Configuration Settings
Field Description

Settings

Disabled

Disables the current Notification Rule object.

Rule

Defines the Notification Rule criteria.

Event Field

Field where the logging server selects events.

For more information on the event fields, see Managing event structure and log schema.

Condition

Condition under which the logging server applies the value to the event field.

Depending on the event field, you can select one of the following conditions from the drop-down list box:

  • Matches: Event field matches the designated value.
  • Is less: Event field is less than the designated value.
  • Is more: Event field is more than the designated value.
  • Is between: Event field is between the two designated values.
  • Contains: Event field contains the designated value.
  • Has RegEx Match: Data in the event field matches the pattern in the designated regular expression query. For more information on regular expressions, see Using regular expressions in a notification rule.

Value

Value for the designated event field.

The Log server applies the value to the designated event field under the defined conditions. If an event matches the criteria, it is sent to the designated notification channel.

Operators

To narrow the selection results, you can define values for multiple event fields. Using standard AND, NOT, and OR operators.

The conditions are cumulative; that is, the Log server applies the first condition, then the second, then the third, etc., to progressively narrow the results.

Target Channels

Channel objects the Venafi Log server uses to provide event responses or log the events. You can select multiple notification channels for any given Notification Rule object.

Add

Adds new Channel objects for event notification.

Remove

Removes selected Channel objects from the Notification Rule.

General Tab

Permissions tab

On the Permissions tab, you select the users or groups to whom you want to grant permissions to the current object. Then, you select which permissions you want the users or groups to have. You can also manage object permissions via parent objects, including the root Platform object or the Trust Protection Platform server object (found in the Platforms tree).

If you configure Permissions in a parent object, those permissions are inherited by all subordinate objects.