We use the OEC engine to send a short email to alert Group Email box (Cyberteam Ctry X) when they become member of an incident.

Because the email is sent to a user,  not existing in Resilient , we opted for sending out Outbound emails triggered by a change in members of an incident, to notify,instead of in-product notifications.

However, the advantage is that for in-product notifications-> The user gets only ONE notification, when he becomes member.   When other members are added, the notification will NOT be sent to the current members???   

1. Can anybody comment how we can replicated this function via Standard rules.  Our rule-> if Members are changed + Country team is member (or becomes member)-> send a OEC email notification.
   We don't see an option to make the rule as specific to tell-> "member NEWLY" added to the incident.
   As in our case, the member can only be added for example after some days (so not only for newly created incidents)
   
   
2. Anybody from engineering who can tell how the standard notification is handling this-> prevent that you get a notification twice??
    
   our Rule
   
   

------------------------------
--------------------------------
Kris Caron
---------------------------------
------------------------------

Unfortunately it is not possible to exactly replicate the capability in the Notification definition in a Rule as you have found.

The way it works for the standard notification is that it looks at the set of emails being sent to a user and the subject of all of those notifications. If the user is getting two emails with the same subject then they are coalesed into a single email.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Mon May 11, 2020 11:56 AM
From: Kris Caron
Subject: Can we replicated Notifications via Rules: "you have been assigned to an incident - avoid DOUBLE notifications

We use the OEC engine to send a short email to alert Group Email box (Cyberteam Ctry X) when they become member of an incident.

Because the email is sent to a user,  not existing in Resilient , we opted for sending out Outbound emails triggered by a change in members of an incident, to notify,instead of in-product notifications.

However, the advantage is that for in-product notifications-> The user gets only ONE notification, when he becomes member.   When other members are added, the notification will NOT be sent to the current members???   

1. Can anybody comment how we can replicated this function via Standard rules.  Our rule-> if Members are changed + Country team is member (or becomes member)-> send a OEC email notification.
   We don't see an option to make the rule as specific to tell-> "member NEWLY" added to the incident.
   As in our case, the member can only be added for example after some days (so not only for newly created incidents)
   
   
2. Anybody from engineering who can tell how the standard notification is handling this-> prevent that you get a notification twice??
    
   our Rule
   
   

------------------------------
--------------------------------
Kris Caron
---------------------------------
------------------------------

Is there a possibility to get some more insight in the logic.
Reading your reply, it's indeed the case that a user gets not 3 notifications at once, nor does he get a notification himself when doing the change himself.

However, our challenge is to replicate via Rules that today.
* Today you get an email alert to your SOC mailbox that the team(Group) has been added as member to an incident.
* Tomorrow, when another group is added as member however, we don't get a new notification HOWEVER, triggered based on Rules, we get a second email to tell we are assigned as Group to the case..  and maybe next week a 3rd time when the members are changed...     
So exactly this logic to avoid this we want to get more insight in..

------------------------------
--------------------------------
Kris Caron
---------------------------------
------------------------------

Original Message:
Sent: Tue May 12, 2020 10:41 AM
From: Ben Lurie
Subject: Can we replicated Notifications via Rules: "you have been assigned to an incident - avoid DOUBLE notifications

Unfortunately it is not possible to exactly replicate the capability in the Notification definition in a Rule as you have found.

The way it works for the standard notification is that it looks at the set of emails being sent to a user and the subject of all of those notifications. If the user is getting two emails with the same subject then they are coalesed into a single email.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Mon May 11, 2020 11:56 AM
From: Kris Caron
Subject: Can we replicated Notifications via Rules: "you have been assigned to an incident - avoid DOUBLE notifications

We use the OEC engine to send a short email to alert Group Email box (Cyberteam Ctry X) when they become member of an incident.

Because the email is sent to a user,  not existing in Resilient , we opted for sending out Outbound emails triggered by a change in members of an incident, to notify,instead of in-product notifications.

However, the advantage is that for in-product notifications-> The user gets only ONE notification, when he becomes member.   When other members are added, the notification will NOT be sent to the current members???   

1. Can anybody comment how we can replicated this function via Standard rules.  Our rule-> if Members are changed + Country team is member (or becomes member)-> send a OEC email notification.
   We don't see an option to make the rule as specific to tell-> "member NEWLY" added to the incident.
   As in our case, the member can only be added for example after some days (so not only for newly created incidents)
   
   
2. Anybody from engineering who can tell how the standard notification is handling this-> prevent that you get a notification twice??
    
   our Rule
   
   

------------------------------
--------------------------------
Kris Caron
---------------------------------
------------------------------

Notifications sent by the system are independent of Rules. Notifications run any time the incident is created/update. Whether or not a notification is sent depends on the conditions on the notification and which users are configured to receive those notifications.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Thu May 14, 2020 11:56 AM
From: Kris Caron
Subject: Can we replicated Notifications via Rules: "you have been assigned to an incident - avoid DOUBLE notifications

Is there a possibility to get some more insight in the logic.
Reading your reply, it's indeed the case that a user gets not 3 notifications at once, nor does he get a notification himself when doing the change himself.

However, our challenge is to replicate via Rules that today.
* Today you get an email alert to your SOC mailbox that the team(Group) has been added as member to an incident.
* Tomorrow, when another group is added as member however, we don't get a new notification HOWEVER, triggered based on Rules, we get a second email to tell we are assigned as Group to the case..  and maybe next week a 3rd time when the members are changed...     
So exactly this logic to avoid this we want to get more insight in..

------------------------------
--------------------------------
Kris Caron
---------------------------------

Original Message:
Sent: Tue May 12, 2020 10:41 AM
From: Ben Lurie
Subject: Can we replicated Notifications via Rules: "you have been assigned to an incident - avoid DOUBLE notifications

Unfortunately it is not possible to exactly replicate the capability in the Notification definition in a Rule as you have found.

The way it works for the standard notification is that it looks at the set of emails being sent to a user and the subject of all of those notifications. If the user is getting two emails with the same subject then they are coalesed into a single email.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Mon May 11, 2020 11:56 AM
From: Kris Caron
Subject: Can we replicated Notifications via Rules: "you have been assigned to an incident - avoid DOUBLE notifications

We use the OEC engine to send a short email to alert Group Email box (Cyberteam Ctry X) when they become member of an incident.

Because the email is sent to a user,  not existing in Resilient , we opted for sending out Outbound emails triggered by a change in members of an incident, to notify,instead of in-product notifications.

However, the advantage is that for in-product notifications-> The user gets only ONE notification, when he becomes member.   When other members are added, the notification will NOT be sent to the current members???   

1. Can anybody comment how we can replicated this function via Standard rules.  Our rule-> if Members are changed + Country team is member (or becomes member)-> send a OEC email notification.
   We don't see an option to make the rule as specific to tell-> "member NEWLY" added to the incident.
   As in our case, the member can only be added for example after some days (so not only for newly created incidents)
   
   
2. Anybody from engineering who can tell how the standard notification is handling this-> prevent that you get a notification twice??
    
   our Rule
   
   

------------------------------
--------------------------------
Kris Caron
---------------------------------
------------------------------