Skip to main content
Version: Next

Working with Event Notifications

Event notifications draw attention to particular system actions, events, or other occurrences that users should know about. Each event notification is tied to a specific event_type.

Event notifications can:

  • Utilize system and notification tags for a custom status and labelling system.
  • Have a priority.
  • Have an assigned user.
  • Issue an alert to the assigned user in Workstation when the event notification is updated.
  • Be archived or dismissed.

Event notifications also let users view and analyze the underlying events that trigger them.

Configuring Event Notifications

Required Permissions
Access to this capability requires the following permissions:
 View & Edit
Workstation
Notification Settings

Event notifications must be created and configured before they can be used.

Creating Event Notification Settings

Event notifications are triggered depending on the configurations set when a notification setting is created.

To create a notifications setting:

  1. From the top-right side of the Workstation homepage, click the Settings (cogwheel) icon.
  2. From the left drawer, select Notifications.
  3. Click + New Event Notification. A modal opens containing the settings for this event notification.
  4. Enter the Event Type to associate with the event notification, and select it from the list of available event types that match your entry.
  5. Select a Title from the list of available data fields from the event type. (Note: Titles can be edited later if needed.)
  6. Set the event notification's Visibility as either PRIVATE or PUBLIC.
  7. Optionally, in the Assign To field, choose whether there is a default user to receive any event notifications produced by this setting:
    • No One: No user receives event notifications triggered by this setting by default. You can assign unique notifications to users from the event notifications widget.
    • A specific user: The assigned user(s) receives a system notification.
  8. Establish a risk threshold using the Risk Range slider. Event notifications are issued when the risk score falls within the range defined. (Note: A more specific Risk Range helps avoid spam notifications and cut noise. Adjust the slider’s upper and lower values within the range of 0 to 100. Only notifications that meet those defined risk thresholds are triggered.)
  9. Assign a Notification Tag to be able to generate a notification setting, as well as filter for and color code specific event notifications.
  10. Optionally, select the Process notifications for events already ingested checkbox if you wish for event notifications to be created for the events that have already been ingested into Workstation. If unchecked, this notification setting only starts processing notifications for new events or updates to events from the time the notification setting is created. This option is unchecked by default.
  11. Click Create to create the event notification, or Cancel to discard the changes.
note

Any unique event notification can be reassigned regardless of whether its notification setting is public or private.

Setting Notification Visibility

A notification's visibility can be set to either public or private.

If the notification has a Visibility setting of public:

  • All users can see unique event notifications that a public setting triggers.
  • All users with write permissions for Workstation: Notification Settings can edit the setting.
  • All users with read permissions for Workstation: Notification Settings can view the setting.

If a notification has a Visibility setting of private:

  • Only the user who created the Notification Setting can view and edit it.
  • Other users can see event notifications produced by this setting if they are manually assigned to it.

Managing Event Notifications

The More menu () on the right side of any event notification contains options for working with the notification, including:

  • Updating the notification.
  • Deleting the notification.

Updating Event Notifications

Event notifications can be updated when changes are needed to any attributes.

To update an event notification:

  1. From the event notification settings screen, click the notification setting to edit any of the following fields:
    • Title
    • Visibility
    • Assigned to
    • Tag
  2. Click Update to save the adjusted settings, or Cancel to discard the changes.

System-Triggered Deletion of Single Event Notifications

It is possible for the system to automatically delete a single event notification under two scenarios:

  1. The event that triggered a notification has changed in risk score so that it no longer satisfies the notification setting risk threshold.
  2. The event tied to the event notification was designated to be deleted from an Authoring pattern.

Deleting Notifications Triggered from Notification Settings

Individual event notifications cannot be deleted by the user, although they can be archived or dismissed so that they do not appear on the notification-based widgets.

When a notification setting is deleted, any event notifications triggered by the setting are also deleted.

Notification settings can be deleted from the event notification settings page:

  1. Locate the event notification setting to be deleted.
  2. Click the More menu (), then click Delete.
  3. Click Delete to confirm deletion, or click Cancel to cancel deletion.
note

When users delete a notification setting, all associated event notifications are also deleted, but the underlying events are still viewable in Workstation via the Events Explorer widget.