Configure Incident Email Notification Settings

Incident email notification settings enable email notifications to be sent to SOC Managers and the Analyst assigned to an incident when an incident is created or updated.

  1. Go to netwitness_configureicon_24x21.png (Configure) > Incident Notifications.
    The Incident Email Notification Settings view is displayed.
    Incident Email Notification Settings view
  2. In the Email Server section, select the email server from the drop-down list that will send out email notifications when the notification settings are enabled.
    If there is no email server configured, you do not see an email server listed in the drop-down list. You have to configure an email server before you can continue with this procedure. To configure an email server, click the Email Server Settings link and go to the Servers tab. For more information, click the help icon or refer to the System Configuration Guide. Go to the Master Table of Contents to find all RSA NetWitness Platform 11.x documents.
  3. In the SOC Manager Email Addresses section, add the email addresses of the SOC Managers that you want to receive email notifications. To add an SOC Manager email address to the list, type it in the field that shows Enter an email address to add and click Add. To remove an SOC Manager email address from the list, click Delete icon next to the email address to be removed.
  4. In the Notification Types section, select who should receive an email notification when an incident is created and when an incident is updated.
    • Send to Assignee: An email is sent to the Analyst assigned to the incident.
    • Send to SOC Manager: An email is sent to all of the addresses listed in the SOC Manager Email Addresses list.
  5. Click Apply. Changes take effect immediately.

Note: If user email address information is updated in the netwitness_adminicon_25x22.png (Admin) > Security > Users tab, it can take up to two minutes for the new email changes to take effect. Any incident creation or incident update email notifications sent during this time go to the old email address.

Migration Considerations

Notification Settings do not migrate from NetWitness Platform version 10.6.x to 11.1 and later. The Incident Management Notification Settings in 10.6.x are different from the Incident Email Notification settings available in 11.1 and later. You will need to manually update the incident notification settings in version 11.1 and later.

Notification Servers from 10.6.x are not displayed in the Email Server drop-down list. The email servers settings must be added to the Global Notification Servers ( netwitness_adminicon_25x22.png (Admin) > System > Global Notifications > Server tab).

Custom Incident Management notification templates cannot be migrated to 11.1 and later. No custom templates are supported in 11.1 and later.