AlienVault® USM Anywhere™

Notification Rule for Investigations

Role Availability Read-Only Analyst Manager

USM Anywhere creates a default notification rule that sends an email notification when there is a change to an investigation.

This is a system rule, and the allowed actions are Enable, Disable, and Edit. If you try to delete it, the rule is restored during the next system update. Go to Settings > Rules to view this notification rule.

Note: By default, this rule is disabled.

To enable the notification rule for investigations

  1. Go to Settings > Rules.
  2. Locate the USM Anywhere Investigations Notification rule and click the icon. This turns the icon green. To disable the rule, toggle the icon to its original status
  3. Click an investigation to display its details.

To edit the notification rule for investigations

  1. Go to Settings > Rules.
  2. Locate the USM Anywhere Investigations Notification rule and click the icon.
  3. Edit the notification rule for investigations

  4. Make the changes as needed and click Save Rule.
  5. Note: The destination email field includes the emails of the users created in the environment as the role of Managers.