This table contains all the possible event and action combinations for user notifications. You can print this page and use it as a checklist to help you select notifications and confirm that you entered all the needed notifications in Workbench.

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

For this event...

and this action...

Incident

is created

Incident

is closed

Incident

is downgraded

Incident

is assigned to my org

Investigation

is created

Investigation

is closed

Investigation

has an alert added

Investigation

is assigned to my org

Comment

is created

Resilience recommendation

is created

Resilience recommendation

is updated

Investigative action

is assigned to my org

Investigative action

is assigned to me

Remediation action

is assigned to my org

Remediation action

is completed

Remediation action

is automated

Remediation action

is assigned to me

Security device

has a health status change

Assembler

has a health status change

Incident findings

are completed

Verify action

is assigned to my org

Verify action

is assigned to me

Notify action

is assigned to my org

User account

is activated

For more information about user notifications, see the User notifications article.