Configuring notifications templates

After you configure the connection to an SMTP server, you can configure templates for email notifications about events occurring in Kaspersky Next XDR Expert.

To edit notifications templates, you must have one of the following XDR roles: Main administrator, Tenant administrator, or SOC administrator.

When you deploy Kaspersky Next XDR Expert, you have the templates for email notifications in the Root tenant. If you create a child tenant, it automatically copies the settings from the parent tenant. Since child and parent settings are not related, the changes you make in a child tenant settings do not affect the settings in the parent tenant, and vice versa.

To configure email notifications templates:

  1. In the main menu, go to SettingsTenants.

    The list of tenants is displayed.

  2. Click the name of the required tenant.

    The tenant's properties window opens.

  3. Go to the Settings tab, and then in the Detection and response section, click Email templates.

    The table of the event types for which you can configure notifications templates is displayed.

  4. If at step 2 you selected the Root tenant, in the Enter server name field, enter the address to be used in links to alerts and incidents in the email messages.
  5. In the Event type column of the table, click the name of the notification template that you want to edit: Creating a new alert, Assigning an alert to an operator, Automatic creation of a new incident, Assigning an incident to an operator.
  6. In the Edit email template window that opens, do the following:
    • If you want to enable email notifications for the selected event type, move the toggle button to the Enabled position in the Status field.

      By default, email notifications are disabled. You can enable email notifications from the table of the event types by moving the toggle button to the Enabled position.

    • In the Subject field, specify the subject of the email notification.

      You can access the alert fields, incident fields, and KUMA normalized event fields, for example, New incident in OSMP: {{ .InternalID }}, {{ .Name }}.

    • In the Template field, write the email notification message.

      Example of the email notification message.

      You can access the alert fields, incident fields, and KUMA normalized event fields, and use HTML tags.

      When writing a template, you can use the following functions:

      • date—Defines date and time format. The function takes the time in milliseconds (UNIX time) as the first parameter. The second parameter can be used to pass the time in the RFC standard format. The time zone cannot be changed.
      • limit—Limits the number of objects returned by the range function.
      • link_alert—Generates a link to the alert, with the URL specified in the Enter server name field.
      • link_incident—Generates a link to the incident, with the URL specified in the Enter server name field.
      • link—Takes the form of a link that the user can open when he/she receives the notification email.
    • In the Recipients field, specify one or several email address for sending notifications.
    • If necessary, in the Description field, write a description of notification template.
  7. Click the Confirm button.

    The Edit email template window is closed.

  8. Click the Save button to save the changes.

The template for email notifications is edited and configured. When the selected types of events occur in Kaspersky Next XDR Expert, the template notifications are sent to the email addresses that you specified.

Page top