Depends on what exactly is your use case and what exactly you mean by "dynamic notification"...

For example you could say have your soc shift scheduled stored in an activelist, by day of the week and hour of the day 1-24. You can manually set whose name is in what slot aka your shift schedule. From there you have a local variable that can get the analyst based on the time GetHour, GetDayOfWeek. Do an activelist lookup, pull your analyst and have a set of rules that would send the notification to your analyst. Its kinda clunky but it should work, just mapping it out on paper here.

But if you mean based on an eventfield have a value string1, using a single rule send notifcation1, if the eventfield had a value of string2, the same rule would send to notification2 all in the same rule. I don't think there is a way to do that, at least up to 6.5c, I have requested that feature though in the past.

so the recipient can not be a variable that can be set by the rule sending the notification

Hi Mag,

For ur reference since the Dynamic is not feasible via ArcSight Rule Notification:

And even rule with On first event notify group one, on every event notify group 2,...

Or create an external script with sendmail utility. Once ur rule triggers it will send u the dynamic field eg. User1 and have the script get this user field via script and send out an mail based on it (Upto u)

And have u thought about the notification escalation options.(Other least option)

Was Balahasan's answer helpful? If so, mark as correct. Thanks!