2 of 2 people found this helpful
You can use the variable insertion button to the right of the subject field in the email template to insert the available variables into your email. This should have a list of available varaibles including the ones you need. I've also included a list below of common fields and their variable names.
Standard event Fields Field Name Variable Average Severity [$Average Severity] Device Name [$Device Name] Device Type [$Device Type] Event Count [$Event Count] Event ID [$Event ID] Event Subtype [$Event Subtype] First Time [$First Time] Last Time [$Last Time] Normalized ID [$Normalized ID] Normailzed Rule [$Normalized Rule] Rule Message [$Rule Message] Signature ID [$Signature ID] Custom Types Application [$%AppID] Application Protocol [$%Application_Protocol] Count [$%Count] Destination User [$%UserIDDst] Direction [$%Direction] Destination Filename [$%Destination_Filename] Destination Zone [$%Destination_Zone] Device IP [$%Device_IP] Domain [$%DomainID] Host [$%HostID] Logon Type [$%Logon_Type] Message ID [$%Message_ID] Message Text [$%Message_Text] NAT Detials [$%NAT_Details] Object Class [$%ObjectID] Object Type [$%Object_Type] Rule Name [$%RuleName] Source User [$%UserIDSrc] Source Zone [$%Source_Zone] URL [$%URL] URL Category [$%URL_Category] Network Fields ASN Destination [$ASN Destination] ASN Destination ID [$ASN Destination ID] ASN Source [$ASN Source] ASN Source ID [$ASN Source ID] Destination GUID [$Destination GUID] Destination IP [$Destination IP] Destination MAC [$Destination MAC] Destination Port [$Destination Port] Destination Zone [$Destination Zone] Geolocation Destination [$Geolocation Destination] Geolocation Source [$Geolocation Source] Protocol [$Protocol] Source GUID [$Source GUID] Source IP [$Source IP] Source MAC [$Source MAC] Source Port [$Source Port] Source Zone [$Source Zone] VLAN Data [$VLAN Data] Alarm Fields Alarm Name [$Alarm Name] Alarm Asssignee [$Alarm Assignee] Case Name [$Case Name] Condition Type [$Condition Type] Alarm Note [$Alarm Note] Escalated Assignee [$Escalated Assignee] Escalated Severity [$Escalated Severity] Escalation Date [$Escalation Date] Escalation Enabled [$Escalation Enabled] Scheduled Escalation [$Scheduled Escalation] Alarm Severity [$Alarm Severity] Alarm Status [$Alarm Status] Alarm Summary [$Alarm Summary] Trigger Date [$Trigger Date]
Thanks Mike! Brilliant!
This was very useful for alarm email template modification where the KB's and the Product Guide were not (at least not visibly to google).
Thanks for the question and the very useful answer. If you know of a place where this is documented a pointer would be grand otherwise I"ll bookmark this page.