Email Action Security Policy

The Email Action Security Policies enables or disables the ability to email users in the event of a trigger through automation. You can configure:

Allow email actions enables or disables email actions. If disabled, email actions will not appear in the list of supported actions.
Enforce email allowlist limits the email addresses that any email action can send email to. To limit the range of email addresses, a glob pattern can be set. For example:

ini

*@crowdstrike.com

Limits emails only to the crowdstrike.com domain. Additional glob patterns can be added by clicking on the + button. Existing glob patterns can be deleted by clicking the trash can button next to each pattern.

If an email allowlist has been configured, when creating an action, an error message will be generated noting the validation issue for the configured email. For example:

If you enforce an allow list after an action has been created, and the email address does not match the allowlist configuration, the action will be disabled. This will be flagged on the Actions page:

Self-Hosted Overview

Installing LogScale

Instance Administration

Organization Essentials

Configuring Security

Authentication & Identity Providers

Users & permissions

Cluster Management

Configuration Settings

Ingesting Data

LogScale Configuration Parameters

LogScale URLs & Endpoints

Limits & Standards

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

Email Action Security Policy

Enter search term