Alert Rules Engine
Create powerful If-Then automation rules to monitor domain conditions and trigger notifications. Set up custom alerts for SSL expiration, WHOIS changes, DNS modifications, security issues, and more.
๐ Table of Contents
๐ What are Alert Rules?
Alert Rules are conditional automation workflows that monitor your domains and trigger actions when specific conditions are met. Think of them as "smart watchers" that continuously evaluate your domain portfolio.
๐ก Example: "IF SSL certificate expires in less than 30 days THEN send email notification"
๐ Creating Your First Rule
Step 1: Navigate to Alert Rules
Go to Domain Tracker โ Portfolio dropdown โ Alert Rules
Step 2: Click "Create New Rule"
Click the blue "Create New Rule" button to open the rule builder
Step 3: Name Your Rule
Give it a descriptive name like "SSL Expiration Warning" or "WHOIS Contact Change Alert"
Step 4: Build Conditions
Add one or more conditions using the condition builder:
- Select a field (e.g., "SSL Days Until Expiry")
- Choose an operator (e.g., "less than")
- Enter a value (e.g., "30")
Step 5: Set Logic (AND/OR)
For multiple conditions, choose whether ALL conditions must match (AND) or ANY condition can match (OR)
Step 6: Configure Actions
Add one or more actions to execute when conditions match:
- Notification: In-app notification
- Email: Send to specific email addresses
- Webhook: POST data to external URL
Step 7: Enable & Save
Toggle the rule to Enabled and click Save Rule
๐ฏ Available Conditions
Rules can evaluate 11 different domain fields with 8 comparison operators:
Available Fields
| Field | Type | Example Values |
|---|---|---|
| sslDaysUntilExpiry | Number | 30, 45, 90 |
| healthScore | Number (0-100) | 85, 90, 95 |
| riskScore | Number (0-100) | 20, 50, 75 |
| registrarName | Text | "GoDaddy", "Namecheap" |
| domainType | Text | "owned", "competitor", "watchlist" |
| tags | Array | "production", "critical" |
| folder | Text | "Client Domains", "Personal" |
| parked | Boolean | true, false |
| hasPrivacyProtection | Boolean | true, false |
| blacklisted | Boolean | true, false |
| monitoringEnabled | Boolean | true, false |
Available Operators
equalsExact match
not_equalsNot equal to value
greater_thanNumber greater than
less_thanNumber less than
containsText contains substring
not_containsText doesn't contain
is_trueBoolean is true
is_falseBoolean is false
โก Alert Actions
๐ Notification
Sends an in-app notification to your ElasticDomain dashboard. Visible in the notifications dropdown (bell icon).
๐ง Email
Sends an email notification to specified recipients. Supports multiple email addresses (comma-separated).
๐ช Webhook
POSTs JSON data to your webhook URL. Ideal for integrating with Slack, Discord, PagerDuty, or custom systems.
View payload structure
{
"ruleName": "SSL Expiration Warning",
"domain": "example.com",
"triggeredAt": "2026-02-10T14:32:00Z",
"matchedConditions": [
{
"field": "sslDaysUntilExpiry",
"operator": "less_than",
"value": "30",
"actualValue": 25
}
]
}๐ Common Rule Examples
Example 1: SSL Certificate Expiring Soon
Condition: sslDaysUntilExpiry less_than 30
Action: Email โ [email protected]
Alerts 30 days before SSL certificates expire so you have time to renew
Example 2: Domain Health Degraded
Condition: healthScore less_than 70
Logic: AND
Condition: domainType equals "owned"
Action: Notification + Webhook (Slack)
Alerts when owned domains drop below acceptable health threshold
Example 3: Security Threat Detected
Condition: blacklisted is_true
Logic: OR
Condition: riskScore greater_than 80
Action: Email + Webhook (PagerDuty)
Immediate alert for blacklisted domains or high-risk security issues
Example 4: Production Domain Changes
Condition: tags contains "production"
Action: Email โ [email protected]
Monitors any changes to production-tagged domains (WHOIS, DNS, SSL)
Example 5: Parked Domain Activated
Condition: parked is_false
Logic: AND
Condition: folder equals "Watchlist"
Action: Notification
Tracks when previously parked domains become active (potential opportunities)
๐งช Testing Rules
Before enabling a rule in production, test it to verify correct behavior:
1. Use "Run All Rules" Button
In the Alert Rules page, click "Run All Rules" to evaluate all enabled rules against your current domain portfolio. Results show which domains would trigger each rule.
2. Review Match Results
The results panel displays matched domains with the specific condition values that triggered the rule. Verify these are the domains you expect.
3. Start with Notifications Only
For new rules, initially configure only Notification actions. After confirming correct behavior, add Email/Webhook actions to avoid spamming yourself during testing.
4. Check Activity Feed
View Activity Feed to see when rules fire and what actions were executed.
โ Best Practices
โ DO
- Use descriptive rule names that explain what they monitor
- Combine related conditions with AND/OR logic appropriately
- Set up redundant alerts (notification + email) for critical issues
- Test rules before enabling them production-wide
- Use tags and folders to scope rules to specific domain groups
- Review triggered alerts regularly to tune thresholds
- Document webhook integrations for your team
โ DON'T
- Create overly broad rules that fire too frequently (alert fatigue)
- Use public webhook URLs without authentication
- Set thresholds too aggressively (e.g., SSL < 1 day gives no time to act)
- Forget to disable/delete obsolete rules
- Rely solely on in-app notifications for critical alerts
- Use OR logic when you mean AND (test thoroughly!)