3 Replies Latest reply on Nov 19, 2015 11:49 AM by Regis

    Email Template Generation

    el_lumenate

      Currently I'm trying to build several email templates that are generated based on certain alarms.  The following built in template is the most effective but I would like to include other variables.

       

      Alarm Name: [$Alarm Name]

       

      Summary: [$Alarm Summary]

      The following events were found

       

      [$REPEAT_START]----------

      EventID = [$Event ID]

      Source IP = [$Source IP]

      Destination IP = [$Destination IP]

      Source Port = [$Source Port]

      Destination Port = [$Destination Port]

      Source User = [$%UserIDSrc]

      Destination User = [$%UserIDDst]

      Eventcount = [$Event Count]

      Average Severity = [$Average Severity]

      Signature ID = [$Signature ID]

      Rule = [$Rule Message]

      [$REPEAT_END]

       

      I would like to include other fields like the Data Source, Receiver Name, ASN Geo Src & Dst, etc.  Is there a list of possible variables?  I am assuming it is based on the database, if so is there a place to get all of the possible variables in our ESM?  Any help would greatly appreciated.  Thanks!

        • 1. Re: Email Template Generation
          mepplin

          You can use the variable insertion button to the right of the subject field in the email template to insert the available variables into your email. This should have a list of available varaibles including the ones you need. I've also included a list below of common fields and their variable names.

           

          Standard  event Fields
          Field NameVariable
          Average Severity[$Average Severity]
          Device Name[$Device Name]
          Device Type[$Device Type]
          Event Count[$Event Count]
          Event ID[$Event ID]
          Event Subtype[$Event Subtype]
          First Time[$First Time]
          Last Time[$Last Time]
          Normalized ID[$Normalized ID]
          Normailzed Rule [$Normalized Rule]
          Rule Message [$Rule Message]
          Signature ID [$Signature ID]


          Custom Types
          Application[$%AppID]
          Application Protocol[$%Application_Protocol]
          Count[$%Count]
          Destination User[$%UserIDDst]
          Direction[$%Direction]
          Destination Filename[$%Destination_Filename]
          Destination Zone[$%Destination_Zone]
          Device IP[$%Device_IP]
          Domain[$%DomainID]
          Host[$%HostID]
          Logon Type[$%Logon_Type]
          Message ID[$%Message_ID]
          Message Text[$%Message_Text]
          NAT Detials[$%NAT_Details]
          Object Class[$%ObjectID]
          Object Type[$%Object_Type]
          Rule Name[$%RuleName]
          Source User[$%UserIDSrc]
          Source Zone[$%Source_Zone]
          URL[$%URL]
          URL Category[$%URL_Category]


          Network Fields
          ASN Destination[$ASN Destination]
          ASN Destination ID[$ASN Destination ID]
          ASN Source[$ASN Source]
          ASN Source ID[$ASN Source ID]
          Destination GUID[$Destination GUID]
          Destination IP[$Destination IP]
          Destination MAC[$Destination MAC]
          Destination Port[$Destination Port]
          Destination Zone[$Destination Zone]
          Geolocation Destination[$Geolocation Destination]
          Geolocation Source[$Geolocation Source]
          Protocol[$Protocol]
          Source GUID[$Source GUID]
          Source IP[$Source IP]
          Source MAC[$Source MAC]
          Source Port[$Source Port]
          Source Zone[$Source Zone]
          VLAN Data[$VLAN Data]


          Alarm Fields
          Alarm Name[$Alarm Name]
          Alarm Asssignee[$Alarm Assignee]
          Case Name[$Case Name]
          Condition Type[$Condition Type]
          Alarm Note[$Alarm Note]
          Escalated Assignee[$Escalated Assignee]
          Escalated Severity[$Escalated Severity]
          Escalation Date[$Escalation Date]
          Escalation Enabled[$Escalation Enabled]
          Scheduled Escalation[$Scheduled Escalation]
          Alarm Severity[$Alarm Severity]
          Alarm Status[$Alarm Status]
          Alarm Summary[$Alarm Summary]
          Trigger Date[$Trigger Date]
          2 of 2 people found this helpful
          • 2. Re: Email Template Generation
            el_lumenate

            Thanks Mike!  Brilliant!

            • 3. Re: Email Template Generation
              Regis

              This was very useful for alarm email template modification where the KB's and the Product Guide were not (at least not visibly to google).

               

              Thanks for the question and the very useful answer.   If you know of a place where this is documented a pointer would be grand otherwise I"ll bookmark this page.