Creating admin notifications in the Defend console allows admins to carry out an investigation proactively. Multiple event notifications can be configured to send notifications when specific actions below are triggered.

The actions that can be notified are:

• Dangerous email received
• The response made to a dangerous email
• The link clicked in a dangerous email
• Phish reported
• Not phish reported
• A new submission to the Abuse Mailbox email address
• Abuse Mailbox Reanalysis updated to Dangerous
• Abuse Mailbox Reanalysis updated to Benign
• Abuse Mailbox Reanalysis updated to inconclusive

To create an event notification, follow the steps below:

1. Log in to the Defend console.
2. Navigate to Event Notifications > New.
3. Enter a name and description for the notification.
4. Use the drop-down menu to assign the severity of the notification.
5. Use the drop-down menu to select the notification trigger.
6. Select the Recipients Email Addresses field and use the Add Item button to add the notification recipients.
7. Select Save.
   

The severity is included in the subject line of the notification email to the administrator and can be used to quickly determine which events need immediate action.