6.22. Notification Policy Checks#
Detects whether the account has notification policies configured for the high-signal Cloudflare alert types: WAF anomalies, origin errors, SSL/TLS certificate events, and L7 DDoS attacks.
6.22.1. Check Summary#
Check ID |
Title |
Severity |
Compliance |
|---|---|---|---|
CFL-ALERT-001 |
WAF Anomaly Notification Policy |
medium |
SOC2, PCI, NIST |
CFL-ALERT-002 |
Origin Error Notification Policy |
medium |
SOC2, PCI, NIST |
CFL-ALERT-003 |
SSL/TLS Cert Notification Policy |
medium |
SOC2, PCI, NIST |
CFL-ALERT-004 |
L7 DDoS Notification Policy |
medium |
SOC2, PCI, NIST |
6.22.1.1. How recipes behave#
The notification policy recipes are operator-prompted: applying them via FlareInspect creates a new policy in disabled state with the alert type and your chosen email/webhook destinations. The operator must enable the policy in the Cloudflare dashboard after confirming the destination.
This is intentional — auto-enabling a notification policy could spam operators if the destination is misconfigured. The recipe stops short of enabling; the operator has the final say.
Remediation per check: Create a notification policy in Account → Notifications (or use the recipe) with the alert type listed in the check title and your preferred email/webhook destination.