Notifications
How WatchTower routes alerts, assignments, mentions, and status changes to the right people and channels.
In-app and email
Notify users about assignments, mentions, status changes, and high-severity events.
Team channels
Route critical operational events to shared channels with event and severity controls.
Delivery audit
Review sent, skipped, failed, and retried deliveries when troubleshooting operations.
Why notifications matter
Risk teams are not always logged into WatchTower. Notifications make important operational events visible through the in-app inbox and configured delivery channels so analysts, risk leads, and admins can respond quickly.
Notifications are tied to case and alert workflows. They are not a replacement for investigation records; they are the delivery layer that brings the right person back into the right workflow.
Common notification triggers
WatchTower can notify teams when
- a high-severity alert is created
- a case is assigned to a user
- a user is mentioned in a case note
- a case status changes
- a case approaches or breaches SLA
- a configured channel fails or is paused
- an important delivery is skipped or retried
Delivery channels
WatchTower separates the event from the delivery channel. The same alert or case event can appear in the in-app notification inbox, be sent by email, or be routed to an organization channel such as Slack-style team destinations or webhook destinations where enabled.
Supported delivery concepts
- in-app notification inbox for logged-in users
- email notifications for user-specific events
- organization channels for team visibility
- channel subscriptions by event type or severity
- delivery records for audit and troubleshooting
External channels should be configured by an admin or risk lead. Keep channel credentials and webhook secrets out of notes, tickets, frontend code, and public documentation.
User preferences and organization routing
Notification behavior has two layers. User preferences control what an individual receives. Organization routing controls which shared channels should receive specific event types or severities.
User-level preferences
- case assignment notifications
- mentions in notes or comments
- case status updates
- email versus in-app delivery where available
Organization-level routing
- channel name and type
- active or paused status
- minimum severity
- allowed event types
- subscriptions for roles or users
- delivery health and retry visibility
Delivery audit and health
WatchTower records notification deliveries so teams can understand whether an event was sent, skipped, failed, or retried. This helps operations teams distinguish between a missed alert and a channel configuration issue.
Recommended operating model
- keep in-app notifications enabled for all operators
- enable email for assignments and mentions
- route critical alerts to a shared risk channel
- set minimum severity to avoid noisy team channels
- review failed or skipped deliveries during operational checks
- test routing after adding new channels or changing subscriptions
Start with a small number of high-signal notifications. Once analysts trust the routing, expand coverage to more event types and shared channels.