cancel
Showing results for 
Search instead for 
Did you mean: 

Getting Source Events In An Email

Hey All,

I am trying to get the "Rule Message" for the source events of a correlated event into our email alerts so the analysts have more information at initial triage.

There is an option within the email templates for a "Source Event Block" which I thought would do the trick as shown below. But this just adds the correlated event title.

[$SOURCE_EVENTS_START]

Event Description = [$Rule Message]

[$SOURCE_EVENTS_END]

Has anyone had success in getting the source events for a correlated event into an email?

2 Replies
xded
Level 12
Report Inappropriate Content
Message 2 of 3

Re: Getting Source Events In An Email

Hi,

try this one

[$SOURCE_EVENTS_START]

Event Description = [$%Message_Text]

[$SOURCE_EVENTS_END]

gretings

Re: Getting Source Events In An Email

Using the following;

[$SOURCE_EVENTS_START]

-----------------------

SOURCE EVENT INFORMATION

Event Description = [$%Message_Text]

[$SOURCE_EVENTS_END]

-----------------------

Results in the following section within the email;

-----------------------

SOURCE EVENT INFORMATION

Event Description =

-----------------------

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator