Respond Config: Configure Respond Email Notification Settings

Document created by RSA Information Design and Development on Mar 27, 2018
Version 1Show Document
  • View in full screen mode
 

NetWitness Respond notification settings enable email notifications to be sent to SOC Managers and the Analyst assigned to an incident when an incident is created or updated.

  1. Go to CONFIGURE > Respond Notifications.
    The Respond Notifications Settings view is displayed.
    Respond Notification Settings view
  2. In the Email Server section, select the email server from the drop-down list that will send out email notifications when the notification settings are enabled.
    If there is no email server configured, you will not see an email server listed in the drop-down list. You have to configure an email server before you can continue with this procedure. To configure an email server, click the Email Server Settings link. For more information, click the help icon or refer to the System Configuration Guide.
  3. In the SOC Manager Email Addresses section, add the email addresses of the SOC Managers that you want to receive email notifications. To add an SOC Manager email address to the list, type it in the field that shows Enter an email address to add and click Add. To remove an SOC Manager email address from the list, click Delete icon next to the email address to be removed.
  4. In the Notification Types section, select who should receive an email notification when an incident is created and when an incident is updated.
    • Send to Assignee: An email is sent to the Analyst assigned to the incident.
    • Send to SOC Manager: An email is sent to all of the addresses listed in the SOC Manager Email Addresses list.
  5. Click Apply. Changes take effect immediately.

Note: If user email address information is updated in the ADMIN > Security > Users tab, it can take up to two minutes for the new email changes to take effect. Any incident creation or incident update email notifications sent during this time will go to the old email address.

Migration Considerations

Notification Settings do not migrate from NetWitness Suite version 10.6.x to 11.1. The Incident Management Notification Settings in 10.6.x are different from the Respond notification settings available in 11.1. You will need to manually update the Respond Notification Settings in version 11.1.

Notification Servers from 10.6.x will not display in the Email Server drop-down list. The email servers settings must be added to the Global Notification Servers (ADMIN > System > Global Notifications > Server tab).

Custom Incident Management notification templates cannot be migrated to 11.1. No custom templates are supported in 11.1.

You are here
Table of Contents > Additional Procedures for Respond Configuration > Configure Respond Email Notification Settings

Attachments

    Outcomes