cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
sysec
sysec
Level 7
Report Inappropriate Content
Message 1 of 7
‎01-04-2012 12:34 AM

Email Body

Jump to solution

Hi All,

How can i change the body of the action email.send to have some meaningfull variables?

i can choose a single propeerty and it works but when i try to put variables like "URL" or $URL$ in the string value  i get the text and not the url link?

10x in advance for your advises

Shay

Message was edited by: sysec on 1/4/12 2:34:41 AM CST
0 Kudos
Reply
1 Solution

Accepted Solutions
eelsasser
eelsasser
Level 15
Report Inappropriate Content
Message 2 of 7
‎01-04-2012 07:13 AM

Re: Email Body

Jump to solution

Create a string that has the contents you want in it, like:

Name:
Malware Email Alert

Rule Criteria:
Antimalware.Infected<Gateway Anti-Malware> equals true

Action:
Continue

Events:
Set User-Defined.notificationMessage = "Date: "
+ DateTime.ToWebReporterString
+ String.CRLF
+ "User: "
+ Authentication.UserName
+ String.CRLF
+ "Client.IP: "
+ IP.ToString (Client.IP)
+ String.CRLF
+ "URL: "
+ String.ReplaceAll (URL, "http", "hXXp")
+ String.CRLF

Email.Send ("Security@MyDommain.com", String.Concat ("Virus Alert from: ", System.HostName), User-Defined.notificationMessage)<Default>

NOTE: I am replacing the http with hXXp in a URL that is sent via email. We typically do this to make it unclickable in the email. In the case of a virus alert like this, the URL is malicious and we don't want someone to blindly click it to try it out.

Reply
6 Replies
eelsasser
eelsasser
Level 15
Report Inappropriate Content
Message 2 of 7
‎01-04-2012 07:13 AM

Re: Email Body

Jump to solution

Create a string that has the contents you want in it, like:

Name:
Malware Email Alert

Rule Criteria:
Antimalware.Infected<Gateway Anti-Malware> equals true

Action:
Continue

Events:
Set User-Defined.notificationMessage = "Date: "
+ DateTime.ToWebReporterString
+ String.CRLF
+ "User: "
+ Authentication.UserName
+ String.CRLF
+ "Client.IP: "
+ IP.ToString (Client.IP)
+ String.CRLF
+ "URL: "
+ String.ReplaceAll (URL, "http", "hXXp")
+ String.CRLF

Email.Send ("Security@MyDommain.com", String.Concat ("Virus Alert from: ", System.HostName), User-Defined.notificationMessage)<Default>

NOTE: I am replacing the http with hXXp in a URL that is sent via email. We typically do this to make it unclickable in the email. In the case of a virus alert like this, the URL is malicious and we don't want someone to blindly click it to try it out.

Reply
sysec
sysec
Level 7
Report Inappropriate Content
Message 3 of 7
‎01-04-2012 01:44 PM

Re: Email Body

Jump to solution

10x eelsasser

it totally works 

0 Kudos
Reply
watarimono
watarimono
Level 9
Report Inappropriate Content
Message 4 of 7
‎09-26-2012 07:27 AM

Re: Email Body

Jump to solution

Hello and thank you for this post.  I have a very similar requirement to have emails sent after a rule has been triggered.  Using your previous guidance in this post, we have been able to get it working.  However we would like to add in the email the name of the system or host also if possible.

Does this functionality exist?  If so how should we proceed?

Thank you,

0 Kudos
Reply
dstraube
dstraube
Level 11
Report Inappropriate Content
Message 5 of 7
‎09-26-2012 08:10 AM

Re: Email Body

Jump to solution

Hello watarimono,

MWG has a property called System.HostName that contains the name of the system. If you include this in the notification message you should be good to go.

Regards,

Dirk

0 Kudos
Reply
watarimono
watarimono
Level 9
Report Inappropriate Content
Message 6 of 7
‎09-26-2012 08:34 AM

Re: Email Body

Jump to solution

Thank you Dirk,

We were playing around with the System.HostName but it just gives us the name of the Webgateway.  Are we missing something to have it pull the name of the workstation?

0 Kudos
Reply
Highlighted
jscholte
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 7 of 7
‎09-26-2012 11:49 AM

Re: Email Body

Jump to solution

Hi watarimono!

System.Hostname does what you found, it represents the name of the Web Gateway.

To get the client workstation name (which I dont like doing because it assumes a lot of your network and DNS servers) it is a bit tougher, but not by much.

You can use the property:

DNS.LookupReverse(Client.IP)

This will perform a reverse lookup of the client IP, WHICH MEANS YOU MUST HAVE DNS SETUP CORRECTLY OTHERWISE IT WILL NOT WORK.

I dont like using reverse lookups because often DNS servers are not configured correctly to do reverse properly.

Best Regards,

Jon

Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC