Where should I put Incident Status Update in my response action flow?
Incident Status Update should only be used as the last in a series of response actions. When the status is changed to Dismissed or Resolved no further actions are taken and thus the workflow would end.
##Notify Admin by Email
Send an email to the administrator(s) specified in the response action settings. The notification can be sent to multiple email addresses and can be sent immediately after the incident occurs (within the hour) or in the daily digest of incidents.
The daily digests are configured per policy, and the time of delivery will vary per policy. Each day the policy is violated and incidents are created a digest will be sent. The daily digest is delivered at the same time every day according to when the first notification for the policy was sent. For example, if a policy was created and an email notification was sent at 11 am for an incident, all daily digests going forward will deliver at 11 am.
##Notify End User by Email
Send an email to the end-user who triggered the incident. The notification can also be sent to specific email addresses listed. A template of the notification can be customized with a company logo or header and a specific message regarding the incident. The footer gives the option to enable the end-user to reply to the email address regarding the incident as well.
If the notification is set to notify immediately, and several incidents occur for the same policy before the next hourly notification, all notification for that policy's incidents will consolidate to one email.
Updated over 1 year ago