Email notifications
Send email notifications to admins when cases are created or changed.
We send notifications to admins as follows:
- When there's a new case, we email admins you've added to the mailing list.
- When the admins assigned to a case change, by default we email the admins who are newly assigned or removed.
We send notifications for both automatically and manually created cases.
Note
MDR customers don't get notifications for automatically created cases.
You can see examples of these emails or change the settings in the Threat Analysis Center preferences.
The email notifications page still refers to cases as "investigations".
New cases
To set up or change notifications about new cases, do as follows:
- Go to Threat Analysis Center > Preferences.
-
On the Email notifications tab, select the Investigation creation template.
The emails include details of the detections in the case, their risk level, and the number of devices affected.
-
Edit the settings.
- In When to send, the default is When an investigation is created. Only select Never if you want to stop the emails.
- In Who to send this to, add or remove recipients.
Newly assigned admins
To change notifications about the admins assigned to a case, do as follows:
- Go to Threat Analysis Center > Preferences.
-
On the Email notifications tab, select the Assigning analysts to investigation template.
The emails include a summary of the case and a list of all the people assigned to it.
-
In When to send, the default is When people change, send only to people who changed. You can choose one of the following instead:
- Send to all people assigned to the investigation.
- Never. Select this if you want to stop the emails.