For users that have deployed the ContraForce SIEM module, users have the ability to customize notifications.
Overview
When the ContraForce XDR + SIEM module is deployed, users can customize their notification preferences per customer. By default, notifications for all severities are included. Users can un-select notifications per severity, shown in the screenshot below.
An example email notification is shown below. The "View Incident" button will direct the user back to the ContraForce Portal. The incident ID, severity, and a brief description of the incident are also included.
Distribution Group Email Notifications
A common use case for ContraForce notifications is to send the email notification to an email address associated with a distribution group. If you are interested in using this method of notifications, please provide the ContraForce team with the email address during the onboarding process and the ContraForce Engineering team can complete the setup process.
XDR Module Notifications
Email notifications will not be generated by ContraForce for new incidents in the Defender XDR Module. Email notifications will be sent for Gamebook runs in ContraForce. Deployment of ContraForce will not interrupt the existing Defender notification configuration.