0 Replies Latest reply on Feb 17, 2010 9:26 PM by Bestpractice

    IPS Automatic Response question.

      Just wondering if anyone else has problems with the "{sourceMAC}" variable not populating on email IPS alerts?  In fact i find many of the variables do not populate.

      My email alert contains the following information but I would also like it to contain the signature name which has been tripped.....can this be done?


      Threat Severity: {threatSeverity}
      Threat Name: {threatName}
      Event Desc: {setOfEventDesc}

      Source IP Addresses: {setOfSourceIPV4}
      Source MAC: {sourceMAC}

      System Location: {nodeTextPath}
      Target IP Addresses: {setOfTargetIPV4}
      Target Port: {targetPort}
      Source Process name: {setOfSourceProcessName}
      Received UTC: {setOfReceivedUTC}

      Threat Catagory: {threatCategory}