Notifications & Triggers

📡 CFM Notifications System

Overview

The CFM Notifications System monitors the availability of network agents and provides customizable alerting when agents go offline or recover. It also integrates with user-triggered unblock request monitoring, helping administrators stay informed about potential abuse or false positives in blocking behavior.

The system is composed of four coordinated components:

1. Agent Uptime Monitoring Controller

2. Notifier Configuration Resource

3. Trigger Mechanism Resource

4. Unblock Request Monitoring

These components work together to detect agent status changes, define notification methods, and execute appropriate alerting workflows.

1. 🧭 Agent Uptime Monitoring

Component: AgentNotificationController

This controller is responsible for continuously checking the status of registered agents. It does so by comparing each agent's last heartbeat timestamp (last_seen_at) against the current time. If an agent hasn't communicated within a predefined time window (e.g., 60 seconds), it is considered offline.

Key Behaviors

• Recovery Detection: If an agent previously marked as offline starts reporting again, the system logs a restoration event.

• Outage Detection: Agents not seen in the defined window are marked as down.

• Notification Throttling: Notifications are suppressed if a recent alert was already sent (e.g., within the past hour), avoiding redundant notifications.

2. 📣 Notifier Configuration

Component: NotifierResource

This resource allows administrators to configure various notification channels, which define how alerts are sent.

Supported Notifier Types (examples):

• Email

• Slack

• Webhook

• Custom API callouts

Each notifier contains:

• A unique name.

• A target configuration (e.g., email address or webhook URL).

• A type identifier (used to trigger the appropriate method).

• Optionally, a list of tags or filters to determine relevance to specific agents.

3. 🎯 Trigger Mechanism

Component: TriggerResource

This module acts as the brain of the notification system, determining when and which notifications should be triggered based on agent status changes.

Core Features

• Linkage between triggers and notifiers (one-to-many).

• Conditions: Triggers can be configured to react only to specific types of status changes (e.g., only on downtime, or both up/down events).

• Tag Matching: Allows targeting subsets of agents based on metadata.

• Last Notified Tracking: Stores timestamps of previous alerts per trigger-agent pair to control re-alerting frequency.

4. 🔓 Unblock Request Monitoring

Integration Point: UnblockController (external module)

This integration captures and processes unblock requests submitted by end users who are temporarily blocked by the system (e.g., via CSF or custom firewall logic).

Features

• Alerting on Unblock Attempts: Notifies admins when a user requests to be unblocked.

• Request Outcome Visibility: Indicates if the user:

  • Was indeed blocked and unblocked.

  • Was never blocked.

  • Has requested unblocking too frequently (possible abuse).

• Escalation Signals: Excessive or suspicious unblock activity can flag issues for deeper inspection.

This feature provides security teams with real-time context on potentially malicious or misbehaving clients.

🔐 Security Considerations

To protect system integrity and minimize attack surface:

• Internal logic is abstracted and modularized to reduce exposure.

• Logging is selectively enabled and avoids sensitive data leakage.

• Time-based checks and cooldown intervals prevent alert spam or abuse.

• All external interactions (e.g., sending to Slack or webhooks) should be validated and rate-limited.

• All external outbound notifications should be validated and rate-limited.

• Unblock request alerts help detect misuse or false positive blocks.

⚙️ Workflow Summary

1. The Agent Uptime Controller routinely checks agent heartbeat timestamps.

2. If a status change is detected (up or down), it invokes the Trigger Mechanism.

3. The Trigger Mechanism determines if and which notifications should be sent, based on tag matching and cooldown logic.

4. Matched Notifiers are executed asynchronously or in queue, depending on system setup.

5. If a user requests unblocking, an internal event is logged and optionally notifies admins based on thresholds or flags.