cancel
Showing results for 
Search instead for 
Did you mean: 

Getting Source Events In An Email

Hey All,

I am trying to get the "Rule Message" for the source events of a correlated event into our email alerts so the analysts have more information at initial triage.

There is an option within the email templates for a "Source Event Block" which I thought would do the trick as shown below. But this just adds the correlated event title.

[$SOURCE_EVENTS_START]

Event Description = [$Rule Message]

[$SOURCE_EVENTS_END]

Has anyone had success in getting the source events for a correlated event into an email?

2 Replies
xded
Level 12
Report Inappropriate Content
Message 2 of 3

Re: Getting Source Events In An Email

Hi,

try this one

[$SOURCE_EVENTS_START]

Event Description = [$%Message_Text]

[$SOURCE_EVENTS_END]

gretings

Re: Getting Source Events In An Email

Using the following;

[$SOURCE_EVENTS_START]

-----------------------

SOURCE EVENT INFORMATION

Event Description = [$%Message_Text]

[$SOURCE_EVENTS_END]

-----------------------

Results in the following section within the email;

-----------------------

SOURCE EVENT INFORMATION

Event Description =

-----------------------

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community