Hello Maria,
Thank you for the information provided earlier, it indeed proved to be a prompt solution.
Nevertheless, in a scenario like this, if an incident is generated in SOAR for a specific user and their user ID is recorded as their email ID as artifact, it is worth considering whether it is feasible to send an email notification to the user regarding the incident that has taken place under their name.
--------------------
SOC
--------------------
------------------------------
SOC Team
------------------------------
Original Message:
Sent: Tue May 28, 2024 06:38 AM
From: Maria Czapkowska
Subject: Incident Assignment Notification
If you go administrator settings -> notifications you should see different notification templates. There is a "Assigned Incident" template (screenshot below), make sure it's enabled and that all users have them enabled in My settings -> notifications. You can check if the notifications work by assigning an incident to yourself and seeing if you get an email.
When incidents are created how are they assigned to users? If they aren't and it says default group, then you need to make a rule that would assign them to someone.
------------------------------
Maria Czapkowska
Original Message:
Sent: Fri May 24, 2024 03:47 AM
From: Ahmad Hassan Tariq
Subject: Incident Assignment Notification
When an offense is sent from SIEM to SOAR and an incident is created, I want to send an email to the concerned user informing them that the incident has been assigned to them. Is there any way or workaround to achieve this?
------------------------------
Ahmad Hassan Tariq
------------------------------