Skip to content

Email notifications

Send email notifications to admins when cases are created or changed.

We send notifications to admins as follows:

  • When there's a new case, we email admins you've added to the mailing list.
  • When the admins assigned to a case change, by default we email the admins who are newly assigned or removed.

We send notifications for both automatically and manually created cases.

Note

MDR customers don't get notifications for automatically created cases.

You can see examples of these emails or change the settings in the Threat Analysis Center preferences.

The email notifications page still refers to cases as "investigations".

New cases

To set up or change notifications about new cases, do as follows:

  1. Go to Threat Analysis Center > Preferences.
  2. On the Email notifications tab, select the Investigation creation template.

    The emails include details of the detections in the case, their risk level, and the number of devices affected.

    Email template selected.

  3. Edit the settings.

    1. In When to send, the default is When an investigation is created. Only select Never if you want to stop the emails.
    2. In Who to send this to, add or remove recipients.

    "When to send" options.

Newly assigned admins

To change notifications about the admins assigned to a case, do as follows:

  1. Go to Threat Analysis Center > Preferences.
  2. On the Email notifications tab, select the Assigning analysts to investigation template.

    The emails include a summary of the case and a list of all the people assigned to it.

    Email template selected.

  3. In When to send, the default is When people change, send only to people who changed. You can choose one of the following instead:

    • Send to all people assigned to the investigation.
    • Never. Select this if you want to stop the emails.

    "When to send" options.