Email Action Security Policy
The Email Action Security Policies enables or disables the ability to email users in the event of a trigger through automation. You can configure:
Allow email actions enables or disables email actions. If disabled, email actions will not appear in the list of supported actions.
Enforce email allowlist limits the email addresses that any email action can send email to. To limit the range of email addresses, a glob pattern can be set. For example:
*@crowdstrike.com
Limits emails only to the
crowdstrike.com
domain.
Additional glob patterns can be added by clicking on the
button. Existing glob patterns can be deleted
by clicking the trash can button next to each pattern.
If an email allowlist has been configured, when creating an action, an error message will be generated noting the validation issue for the configured email. For example:
If you enforce an allow list after an action has been created, and the email address does not match the allowlist configuration, the action will be disabled. This will be flagged on the Actions page: