Glossary¶
Core Concepts
Quick definitions for technical terms used throughout the NOB.center documentation.
- CAA (Certification Authority Authorization)
- A DNS record type that specifies which certificate authorities (CAs) are permitted to issue certificates for a domain. NOB.center's CT-Log module checks CAA records when a new certificate is observed and reports whether the issuer was authorized.
- CEL (Common Expression Language)
- A lightweight, safe expression language used to write alert rule conditions. CEL expressions evaluate to
trueorfalseagainst a structured data context. They support string operations, list membership, numeric comparisons, and logical operators. See Alerting Model → CEL expressions. - Certificate Transparency (CT)
- A system of public, append-only logs that record every TLS certificate issued by a participating certificate authority. Browsers require that certificates be logged before trusting them. CT logs make certificate issuance auditable — anyone can search the logs to find certificates issued for a domain.
- CT log
- One of many independently operated log servers that accept and store submitted TLS certificates. Examples include Google's "Xenon" logs and Let's Encrypt's "Oak" logs. NOB.center's
ct-tailerservice continuously follows these logs. - DNS monitor
- A DNS domain and a set of specific records that NOB.center watches for changes. Adding a domain with auto-discover enabled causes the system to probe for common record types and suggest which ones to track.
- Domain filter
- A pattern (e.g.,
*.example.comorexample.com) that NOB.center matches against the domain names in newly-observed CT certificates. When a certificate's Subject Alternative Name matches a filter, the certificate appears in your CT-Log feed. See CT Monitoring. - Exact match
- A filter match type that only matches the specific domain name entered.
example.commatchesexample.combut notsub.example.com. - Filter feed
- An optional setting on a CT-Log filter that routes matching domain names to other modules for automatic discovery. Enabling Feed into DNS Watcher will auto-add newly-seen subdomains to DNS monitoring. Enabling Feed into Cert Watcher will suggest them for certificate deployment monitoring.
- Grace period
- When a subscription is cancelled, the organization retains access to the platform for 14 days (the grace period) to allow data export or re-subscription. After the grace period expires, resources above the free tier limits are disabled.
- Module
- A logical feature area within NOB.center. The four monitoring modules are CT-Log, DNS Watcher, RDAP, and Certificate Watcher. Each module has its own data, quota, permissions, and alert rules.
- Organization
- The top-level multi-tenant container. All resources (domains, filters, users, alerts) belong to exactly one organization. See Organizations.
- Precertificate
- A special form of a certificate submitted to CT logs before the final certificate is issued. It is structurally similar to a certificate but contains a "poison" extension. The final certificate (with SCTs embedded) is submitted afterwards. NOB.center shows both and distinguishes them with the
is_precertfield. - RDAP (Registration Data Access Protocol)
- The modern JSON-based successor to WHOIS. RDAP servers provide structured data about domain registrations: registrar, registrant, nameservers, status flags, expiry dates, and more. RDAP is standardized by IANA and most registries have deployed it. Some high-privacy registries (such as DENIC for
.de) provide minimal information. See RDAP/WHOIS Monitoring. - Role
- A named set of permissions assigned to a user within a specific module. See Roles & Permissions.
- Rule
- An alert rule — a CEL expression that is evaluated against each incoming event from a monitoring module. When the expression returns
true, the associated alert template is triggered. - SCT (Signed Certificate Timestamp)
- A cryptographic token issued by a CT log to prove that a certificate was submitted and accepted. Modern TLS connections embed one or more SCTs to prove CT compliance. NOB.center displays SCT data for each certificate match.
- Slot
- An internal scheduling index (0–23) used to distribute monitoring work across time. Domains assigned to different slots are checked in different clock hours, preventing thundering herd effects. Slot assignment is automatic.
- Snapshot
- A point-in-time record of a domain's current state — for DNS, a complete zone picture; for RDAP, the full registration record. NOB.center stores snapshots in InfluxDB and uses them to compute diffs when changes occur.
- Subscription tier
- The billing plan for an organization: Free, Pro, or Enterprise. The tier determines quota limits for all resource types. See Quotas & Limits.
- Template
- An alert template — the delivery configuration for an alert. It specifies where to send alerts (email or webhook), how frequently (immediate or batch), and the content format. One template can be used by many rules. See Alerting Model → Templates.
- TLD (Top-Level Domain)
- The last segment of a domain name — for example,
com,org, orde. NOB.center uses TLD grouping to schedule DNS and RDAP monitoring efficiently. - WHOIS
- The older, plain-text predecessor to RDAP. Many registries still support WHOIS alongside RDAP. NOB.center uses RDAP exclusively as the primary data source, but the terms WHOIS and RDAP are often used interchangeably in the UI when referring to domain registration data.
- Wide match
- A filter match type that matches the domain and all its subdomains.
example.comin wide mode matchesexample.com,sub.example.com,deep.sub.example.com, etc.