Incident Management: Configure Notification Settings

Document created by RSA Information Design and Development on Jun 26, 2017Last modified by RSA Information Design and Development on Jul 27, 2017
Version 2Show Document
  • View in full screen mode
  

Configuring notification settings enables notification mechanism for various operations performed during the Incident Management workflow. 

To configure notification settings:

  1. In the Security Analytics menu, select Incidents > Configure.
  2. Click Notifications.

    The Notifications Settings view is displayed.

    Notification_settings.png

  3. Provide the following information to configure various notification settings.

                                    
    ParameterDescription
    Email Server

    Select the Email server address from the drop-down list to be configured to send out mail notification when the notification settings are enabled.

    If there is no email server address configured you will not see an email server listed in the drop-down list. You have to configure an email server before you can proceed with this procedure. You can configure the email server by clicking Configure email or distribution list and providing the required details. Refer to the Configure Email Server and Notification Account in the System Configuration guide on how to configure an email server.

    SOC ManagersType the SOC Manager email addresses to which a notification mail is sent for the selected operations.
    Incident Assignee?Select if you want a mail notification to be sent, to whom the incident is assigned, for the corresponding workflow whenever an incident is assigned.
    SOC Manager?Select if you want a mail notification to be sent to the group of SOC managers for the corresponding workflow. This corresponds to the manager email addresses provided under SOC Managers.
    Additional AddressesType in additional addresses to which you want mail notifications to be sent for the corresponding workflow.
  4. (Optional) In the Template column, click Icon-Edit-text.png to modify the template for any workflow.
    The following figure shows you an incident created template in the edit mode.
    incident template edit
  5. The following figure shows you the remediation task updated template in the edit mode.

    remediation task template edit

    Note: You can edit the incident created template or remediation task updated template to include variables in the Subject field.
    In case of an incident created template, you can use the following variables: id (String), assigneeName (String), priority (String), categories (Array).
    In case of a remediation task updated template, you can use the following variables: id (String), assignee (String), priority (String), lastUpdated (Date).
    This is intended for the user to get a quick context of the incident or remediation task. Also, you can include array, date-time, custom-defined, and null type variables provided you use an appropriate free marker syntax to handle them.

  6. Click Apply to save the Notification settings.
You are here
Table of Contents > Automate the Incident Management Process > Configure Notification Settings

Attachments

    Outcomes