I am trying to get the "Rule Message" for the source events of a correlated event into our email alerts so the analysts have more information at initial triage.
There is an option within the email templates for a "Source Event Block" which I thought would do the trick as shown below. But this just adds the correlated event title.
Event Description = [$Rule Message]
Has anyone had success in getting the source events for a correlated event into an email?
try this one
Event Description = [$%Message_Text]
Using the following;
SOURCE EVENT INFORMATION
Results in the following section within the email;
Event Description =
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC