Email Action Security Policy

The Email Action Security Policies enables or disables the ability to email users in the event of a trigger through automation. You can configure:

  • Allow email actions enables or disables email actions. If disabled, email actions will not appear in the list of supported actions.

  • Enforce email allowlist limits the email addresses that any email action can send email to. To limit the range of email addresses, a glob pattern can be set. For example:

ini
*@crowdstrike.com

Limits emails only to the crowdstrike.com domain. Additional glob patterns can be added by clicking on the + button. Existing glob patterns can be deleted by clicking the trash can button next to each pattern.

If an email allowlist has been configured, when creating an action, an error message will be generated noting the validation issue for the configured email. For example:

If you enforce an allow list after an action has been created, and the email address does not match the allowlist configuration, the action will be disabled. This will be flagged on the Actions page: