Configure notifications in Cortex XSOAR - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-11-28
Category
Administrator Guide
Solution
Cloud
Abstract

Use the built-in mail sender integration or set up a different mail integration for your Cortex XSOAR tenant. Configure all your notifications such as system, incidents, engines, and content packs.

Cortex XSOAR can send out notifications and emails to users through the following:

  • By email using a mail sender

  • By a message notification such as Slack

Mail Sender integration

Cortex XSOAR comes out-of-the-box with the Mail Sender integration, which enables the tenant to send notification emails to users about updates in the system, incidents, playbooks, tasks, etc. When you use the mail integration for playbook tasks, you can pass arguments such as to, subject, and body to customize the contents of your email. You do not need to set up an SMTP server or provide any credentials. The default mail sender is enabled by default. Emails sent via the built-in mail sender integration have a watermark that specifies the FQDN and mentions that the mail was sent via Cortex XSOAR.

xsoar-mail-notification.png
Configure an email sender integration

If you want to use a different email sender, download and install a mail sender content pack, such as Microsoft Exchange On-Premise, Gmail, etc., and configure the integration. When configuring your mail sender integration, select Enable to enable your mail sender integration and deselect the Enable option for the built-in mail sender.

Multiple sender integrations

If you configure multiple email integrations, select the Do not use in CLI by default option in the integration instances that should not be used to send emails. This ensures that the email will only be sent in the instance you are expecting when running the send-mail command from the CLI or within a playbook.

When there are multiple instances of a mail sender in Cortex XSOAR, you can choose which email sender should send the notification by configuring the server.notification.using.sendmail key in the advanced server configuration settings.

If you do not configure the advanced server setting, Cortex XSOAR uses the first email integration it finds to send the system notifications.

  1. Navigate to Settings & InfoSettingsServer SettingsServer ConfigurationAdd Server Configuration.

  2. Add the following key and enter the mail sender instance name:

    Key

    Value

    server.notification.using.send-mail

    The mail sender instance name.

Configure a messaging integration

If your organization uses a messaging service, such as Slack or Microsoft Teams, we recommend installing the relevant content pack.

The Slack content pack enables you to send messages and notifications to your Slack team and integrates with Slack's services to execute create, read, update, and delete operations for employee lifecycle processes. For more information, see Slack content pack. For more information about Microsoft Teams, see Microsoft Teams content pack.