Per-Environment Alert Recipients

Per-environment recipients allow you to route alerts to different people based on which environment generated the finding. This ensures the right team sees the right alerts without noise from unrelated sites.

Why Per-Environment Routing

In a multi-environment organization, different teams are responsible for different sites:

• The water plant operations team manages the water treatment plant.
• The electrical engineering team manages substations.
• The IT security team manages the corporate network.
• The manufacturing team manages the factory floor.

Sending every alert to every team creates noise. The water plant team does not need substation alerts, and the network team does not need PLC firmware notifications. Per-environment routing solves this.

Configuring Per-Environment Email Recipients

1. Navigate to Integrations > Email Alerts > By Environment tab.
2. Select an environment from the dropdown.
3. Click Add Recipient.
4. Enter the email address.
5. Repeat for each recipient who should receive alerts from this environment.
6. Click Save.

Repeat for each environment.

Example Configuration

When a new KEV entry matches an asset in Water Plant Alpha, only [email protected] and [email protected] receive the alert. The substation and IT teams are not notified.

Org-Wide vs Per-Environment

Org-wide recipients (configured under Integrations > Email Alerts > Additional Recipients) receive alerts from all environments. Use for:

• The CISO or security manager who needs visibility across all sites.
• A shared security inbox that monitors all environments.
• An MSSP triage email that receives all client alerts.

Per-environment recipients receive alerts only from their assigned environment. Use for:

• Site-specific operations teams.
• Vendor contacts who need alerts only for their equipment.
• On-call engineers responsible for specific facilities.

Both can coexist. An org-wide recipient and per-environment recipients can both receive the same alert.

Per-Environment with Teams and Slack

For Teams and Slack, per-environment routing is achieved through alert rules rather than the recipient configuration:

1. Create a separate Teams or Slack connection for each channel.
2. Create alert rules that specify both the environment and the destination connection.

Example:

• Rule 1: Environment = Water Plant Alpha, Destination = Slack #water-plant-alerts
• Rule 2: Environment = Substation Beta, Destination = Teams #substation-security
• Rule 3: Environment = All, Destination = Slack #security-all (org-wide)

MSSP Per-Client Routing

For managed security providers, per-environment recipients map naturally to per-client routing:

1. Each client has their own environments.
2. Each client's contact email is added as a per-environment recipient for their environments.
3. Your internal MSSP triage email is added as an org-wide recipient.

Result: each client receives only their own alerts, and your MSSP team sees everything.

Managing Recipients

Navigate to Integrations > Email Alerts > By Environment to view and manage all per-environment recipients.

• Add: Enter a new email address for an environment.
• Remove: Click the X next to a recipient to remove them. Removal is immediate.
• Edit: There is no edit action. Remove the old address and add the new one.

Changes take effect immediately. The next alert that fires for that environment will use the updated recipient list.

Testing

After configuring recipients, test the alert delivery:

1. Navigate to Integrations > Alert Rules.
2. Find a rule that covers the environment you configured.
3. Click Test.
4. Verify that all per-environment recipients received the test notification.

If a recipient did not receive the test, check the email address for typos, verify their email system allows messages from [email protected], and check spam folders.