Domain Monitoring
Set up continuous monitoring for your most important domains. ComplianceLayer automatically runs scheduled scans and alerts you when security posture changes or critical issues are detected.
Adding a Domain
Add a domain to your monitoring list with a scan frequency and alert threshold:
curl -X POST "https://api.compliancelayer.net/v1/domains" \
-H "Authorization: Bearer cl_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"domain": "example.com",
"scan_frequency": "daily",
"alert_threshold": 10,
"alert_on_critical": true
}'Scan Frequencies
| Frequency | Description | Best For |
|---|---|---|
hourly | Every hour | Critical production systems, compliance requirements |
daily | Once per day | Most domains, balanced monitoring |
weekly | Once per week | Low-priority domains, budget-conscious monitoring |
Alert Configuration
Score Drop Alerts
Get notified when a domain's score drops by more than the threshold:
alert_threshold: 10— Alert on 10+ point dropalert_threshold: 20— Alert on major changes onlyalert_threshold: 5— Very sensitive monitoring
Critical Finding Alerts
When alert_on_critical: true, you'll receive immediate alerts for:
- Expired SSL certificates
- Missing DMARC records
- Exposed dangerous ports (RDP, SMB, etc.)
- Severely weak TLS configuration
- Known data breaches
Listing Monitored Domains
curl "https://api.compliancelayer.net/v1/domains" \
-H "Authorization: Bearer cl_YOUR_API_KEY"Triggering Manual Scans
Trigger an immediate scan outside of the regular schedule:
curl -X POST "https://api.compliancelayer.net/v1/domains/123/scan" \
-H "Authorization: Bearer cl_YOUR_API_KEY"Viewing Alerts
curl "https://api.compliancelayer.net/v1/domains/alerts" \
-H "Authorization: Bearer cl_YOUR_API_KEY"Removing a Domain
Stop monitoring a domain:
curl -X DELETE "https://api.compliancelayer.net/v1/domains/123" \
-H "Authorization: Bearer cl_YOUR_API_KEY"Plan Limits
The number of domains you can monitor depends on your subscription plan:
| Plan | Domains | Min Frequency |
|---|---|---|
| Free | 1 | Daily |
| Starter | 10 | Daily |
| Professional | 50 | Hourly |
| Enterprise | 200 | Hourly |
| Custom | Unlimited | Hourly |
Best Practices
1. Prioritize Critical Domains
Use hourly scanning for:
- Production customer-facing applications
- Payment processing systems
- Domains handling sensitive data
- High-value targets
2. Set Appropriate Thresholds
- Threshold 5: Very sensitive, may generate false positives
- Threshold 10: Balanced, catches most important changes
- Threshold 20: Only major security degradations
3. Combine with Webhooks
Configure webhooks to receive real-time notifications when alerts are created. This enables automated responses like:
- Creating tickets in your issue tracker
- Posting to Slack/Teams channels
- Triggering remediation workflows
- Updating dashboards
4. Review Historical Data
Track score trends over time to identify:
- Gradual security drift
- Impact of security improvements
- Seasonal patterns
- Correlation with deployments