Configure notifications in Cortex XSOAR - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-11-28
Category
Administrator Guide
Solution
On-prem

Cortex XSOAR can send out notifications and emails to users through the following:

  • By email using a mail sender

  • By a message notification such as Slack.

Mail Sender integrations

A mail integration enables Cortex XSOAR to send emails and can be used for system notifications and playbooks. For example, when adding users to Cortex XSOAR, an email invitation is sent to users to log in. When you use the mail integration for playbook tasks, you can pass arguments such as tosubjectbody, etc. to customize the contents of your email.

  1. Go to Marketplace.

  2. Search for and download a mail sender content pack (such as Microsoft Exchange On-Premise).

  3. Go to Settings & InfoIntegrationsInstances.

  4. Locate the mail sender integration (for example, EWS v2) and click Add Instance.

  5. Configure your mail sender integration and select Enable to enable your mail sender integration.

  6. If you configure multiple email integrations, select the Do not use in CLI by default option in the integration instances that should not be used to send emails. This ensures that the email will only be sent in the instance you are expecting when running the send-mail command from the CLI or within a playbook.

Multiple sender integrations

When there are multiple instances of a mail sender in Cortex XSOAR, you can choose which email sender should send the notification by configuring the server.notification.using.sendmail key in the advanced server configuration settings.

If you do not configure the advanced server setting, Cortex XSOAR uses the first email integration it finds to send the system notifications.

  1. Navigate to Settings & InfoSettingsServer SettingsServer ConfigurationAdd Server Configuration.

  2. Add the following key and enter the mail sender instance name:

    Key

    Value

    server.notification.using.send-mail

    The mail sender instance name.

Configure a messaging integration

If your organization uses a messaging service, such as Slack or Microsoft Teams, we recommend installing the relevant content pack.

The Slack content pack enables you to send messages and notifications to your Slack team and integrates with Slack's services to execute create, read, update, and delete operations for employee lifecycle processes. For more information, see Slack content pack. For more information about Microsoft Teams, see Microsoft Teams content pack.