Create and Manage Rules
You can define the conditions, significant findings, or events that should trigger the rules and send you alerts. The alert is generated based on the Rules Query, and you are notified when the query criteria are matched.
For example, you can set an alert for certificates that are detected with low-grade summary like C or D or you can set an alert for certificates expiring in 30 days to ensure timely certificate renewal.
You can provide a Rule Query while creating an alert you get the notification every time the query criteria are matched.
When you use the Expiry token as your Rule Query, the alert feature will only notify you once when a rule query is matched, regardless of how many scans are performed. Alert for Expiry token is not dependent on scans you perform on the assets.
Let us consider a case where you want alerts for expiring certificates frequently. To make sure you receive timely notifications for upcoming certificate expiration, you can create multiple rules with specific search criteria. This ensures that no renewal deadlines are missed, and allows for easy management at a time convenient for you.
To receive alerts for certificates that will expire in 30, 15, or 5 days, you can create multiple rules with queries like certificate(expiryGroup: "In 30 days"), certificate(expiryGroup: "In 15 days"), certificate(expiryGroup: "In 5 days"). This will ensure you receive timely notifications.
Here is an example of how to set up a rule for certificates that will expire in 30 days. You can also create rules for certificates that will expire in 15 days, 5 days, or any other timeframe you prefer.
Create a Rule
Navigate to Responses > Rule Manager > New Rule.
Provide the required details in the respective sections to create a new rule:
-
In the Rule Information section, provide a name and description of the new rule.
-
In the Rule Query section, specify a query for the rule. The system uses this query to search for events. Use the Test Query to test your query.
Click Sample Queries to select from predefined queries.
-
In the Action Settings section, choose the actions that you want the system to perform when an alert is triggered.
You can also customize the message text by inserting tokens to the alert message.
For customizing message certificate:(expiryGroup is not applicable in the Insert token field, use certificate:(validTo token to view the certificate to view expiration date of the certificates.
Manage Rules
View all the rules created in the Rule Manager tab with details such as trigger criteria selected for the rule, action chosen for the rule, state of the rule, whether the rule is enabled or disabled, etc. Use the Actions menu or Quick Actions menu to perform quick actions on rules, such as, view, edit, delete rule, enable, disable, delete and save an existing rule along with its configurations to create a new rule. Use the search bar to search for rules using the search tokens.