Notifications, PSA, and external communications

Kaseya MDR provides multiple ways to deliver alerts and communicate security activity to external systems and stakeholders. These mechanisms control how alerts are sent and routed, not how alerts are detected, prioritized, or investigated.

Use this article when you need to configure:

  • PSA ticket creation

  • Email notifications

  • How alerts are delivered to external systems

  • How notification routing differs from detection, severity, and filtering logic

Settings surfaces

Notification and external communication settings in Kaseya MDR are surfaced at two levels:

  • Global settings (Settings > PSA & Email): Used to configure PSA integrations, global email recipients, and default alert delivery behavior across organizations

  • Organization‑level settings (Organizations > edit organization > Settings tab): Used to enable or disable PSA ticket creation and email notifications for a specific organization, and to define organization‑specific alert recipients

Global settings define how alerts can be delivered.

Organization‑level settings define whether delivery is enabled for a given organization.

Administrative configuration is centralized under Settings, while organization‑level controls determine how that configuration is applied per organization.

Organization‑level PSA and email settings

Each organization includes delivery controls under Organizations > edit organization > Settings tab that determine whether PSA tickets and email notifications are sent for alerts generated by that organization.

These settings do not configure PSA integrations or email delivery rules themselves; they control whether the global configuration is used for the selected organization.

For information on configuring PSA integrations and global email recipients, see PSA integrations and Email notifications below.

PSA & email

The PSA & email toggle enables or disables PSA ticket creation and email alerts for the selected organization.

This toggle is effective only if PSA integrations and/or email notifications are configured globally under Settings > PSA & Email.

When enabled:

  • Alerts generated for the organization may create PSA tickets.

  • Email notifications may be sent based on global and organization‑level recipients.

When disabled:

  • Alerts may still be generated and investigated

  • SOC workflows and response behavior are unaffected

  • PSA tickets and email notifications are not sent for this organization

This setting controls delivery only. It does not affect:

  • Alert detection

  • Alert severity

  • Investigation workflows

  • SOC authorization or response behavior

Additional alert recipients (organization level)

Organizations can specify additional email recipients to receive alert notifications.

Email recipients added at the organization level:

  • Apply only to the selected organization

  • Are used in addition to any global email recipients

  • Can be scoped by alert priority (for example, Medium and Critical)

Recipients configured here receive alert notifications generated for this organization only. Adding or removing organization‑level recipients does not affect global email configuration.

PSA integrations

Kaseya MDR can create tickets in supported Professional Services Automation (PSA) systems when alerts are generated.

From Settings > PSA & Email, you can:

  • Add a PSA integration

  • Provide authentication credentials

  • Map organizations and service parameters

  • Define how alerts are sent to the PSA

Supported PSA options include ConnectWise, Autotask, Kaseya BMS, Halo, and Syncro.

PSA integrations control where alerts are sent as tickets. They do not:

  • Change which alerts are generated

  • Alter alert severity

  • Suppress investigations

  • Affect SOC response behavior

Adding a PSA integration

Use the steps below to connect a supported PSA so alerts can be created as tickets.

  1. Open Settings > PSA & Email.

  2. In the PSA section, select + Add PSA.

  3. Choose the PSA you want to connect (ConnectWise, Autotask, Kaseya BMS, Halo, or Syncro).
  4. Enter the required authentication details for the selected PSA.
  5. Complete any organization, service, or contract mapping required by that PSA.
  6. Save the configuration to enable ticket creation.

Once configured, alerts generated in Kaseya MDR can be sent to the connected PSA as tickets.

NOTE  Required fields and mapping options vary by PSA. For detailed information about integrating each of these PSA systems, see Integrations and data sources.

Pausing a PSA connection

You can temporarily pause a PSA integration without removing the PSA configuration.

From Settings > PSA & Email, each configured PSA includes a Status control. The PSA status control is independent of email notification settings and Respond/IOC event detail toggles.

To pause a PSA connection:

  1. Locate the PSA in the PSA section.

  2. Change the Status from Active to Paused.

  3. Confirm the action when prompted.

When a PSA connection is paused:

  • Alert tickets are not created in the PSA

  • Existing PSA configuration remains intact

  • Alert detection and investigations continue normally

Pausing a PSA connection is useful during:

  • PSA maintenance windows

  • Credential changes

  • Testing or troubleshooting ticket creation

NOTE  While a PSA connection is paused, alerts will not generate PSA tickets until the connection is reactivated.

Email notifications

Email notifications provide a simple way to send alerts to designated recipients.

From Settings > PSA & Email, you can:

  • Add one or more email addresses

  • Associate those addresses with alert delivery

  • Manage recipients centrally

Email notifications control who receives alert notifications. They do not:

  • Influence alert detection

  • Modify alert severity

  • Filter alerts,

  • Replace investigation workflows in the platform

Adding email recipients for alert notifications

Use email notifications to send alerts directly to individuals or shared inboxes.

  1. Open Settings > PSA & Email.

  2. In the Email settings section, select + Add Email.

  3. Enter the email address that should receive alert notifications.

  4. Click Add to save the address.

After the address is saved, a confirmation message indicates that the email was added successfully. The address is now available to receive alert notifications based on your delivery configuration.

NOTE  The confirmation message confirms that the address was saved. It does not validate email delivery or confirm that alerts have been sent.

You can add multiple email addresses to support distribution lists or role‑based notifications.

Customizing email subjects and notification content

After adding an email address, you can control how alerts appear in email notifications.

From Settings > PSA & Email, the Email Settings area allows you to configure:

  • Default subject formats for organization‑specific email recipients: These settings apply to additional recipients added at the organization level.

  • Default subject formats for global email recipients: These settings apply to email recipients configured globally.

Because these scopes are independent, alerts sent to different recipients may use different subject formats even when triggered by the same rule.

Respond and IOC event detail behavior (where applicable)

Email notifications can include summary information only or additional underlying event details, depending on your configuration.

  • Respond Event Detail: When enabled, notification emails include the individual Respond events that triggered the alert. When disabled, emails contain only the summary‑level alert information.

  • IOC Event Detail: When enabled, notification emails include the individual IOC matches associated with the alert. When disabled, emails contain only summary‑level information.

These settings affect email verbosity and content only. They do not:

  • Change alert generation

  • Affect severity

  • Suppress investigations

  • Alter SOC behavior.

Alert delivery and routing behavior

Alert delivery mechanisms (PSA tickets and email notifications) operate after an alert is generated.

Important distinctions:

  • Detection logic determines whether an alert exists.

  • Severity settings determine how important an alert is classified.

  • Power Filters determine what is surfaced for investigation.

  • Notification and PSA settings determine where alerts are sent once they exist.

Because of this separation:

  • Disabling notifications does not stop alert generation

  • Changing email recipients does not change alert content

  • PSA routing does not suppress investigations or SOC review

Alert delivery can be enabled or disabled at the organization level under the Settings tab. For more information, see Managing organizations. Disabling delivery affects whether alerts are sent externally (email or PSA) but does not stop alert generation, investigation, or SOC handling.

Relationship to SOC workflows

Notifications and PSA integrations do not replace SOC workflows.

Depending on your configuration:

  • Investigations may still be created

  • Response actions may still be available based on authorization settings

Notification settings control communication, not response authority.

How notification delivery behaves

This section explains expected behavior and boundaries when configuring notifications in a new Kaseya MDR environment.

Expecting notifications to suppress alerts

Scenario: Disabling email notifications or PSA integration with the expectation that alerts will stop.

Why this happens: Notifications occur after alerts are generated.

Guidance: Use Power Filters or application configuration to manage alert visibility, not notification settings.

Using PSA tickets as a filtering mechanism

Scenario: Assuming that PSA ticket rules determine which alerts are generated.

Why this happens: Ticket creation is a delivery mechanism, not a detection control.

Guidance: Configure detection and filtering separately from PSA routing.

Assuming notification settings affect SOC behavior

Scenario: Expecting changes to email or PSA configuration to change SOC handling

Why this happens: SOC workflows are governed by service configuration and authorization settings, not notification routing

Guidance: Review SOC settings separately when SOC behavior needs to change

Governance guidance

To keep alert delivery predictable and support‑friendly:

  • Configure PSA integrations deliberately and test them after changes

  • Keep email recipient lists current and role‑appropriate

  • Treat notification settings as communication controls, not security controls

  • Document why specific routing or recipients are configured

  • Review delivery configuration periodically as organizations or workflows change

Related articles

  • Application Configurations: Learn how detection and integration behavior is defined. Application configuration determines which alerts exist, not where they are delivered

  • Power Filters and allowlisting logic: Refine which alerts are surfaced for investigation without changing detection logic or alert delivery behavior

  • Configuring SOC settings: Define SOC communication preferences, organization‑specific instructions, and authorization boundaries that govern how the SOC can respond