2 Replies Latest reply on Jan 29, 2014 7:16 PM by jspanitz

    How to Create E-mail Alerts for Blocked Sites

    theravan

      We have a few special blocked sites that i would like to recieve e-mail alerts for.

      I need to know the site name (URL)

      The user's name

      The PC they were on.

      It would also have an e-mail sent to the user also.

        • 1. Re: How to Create E-mail Alerts for Blocked Sites
          pbrickey

          Greetings,

           

          You need to define the text that you'd like to send, using an event on the rule, and then add an another event to send the email. Take a look at the rules found in the error handler that are pre-configured to send email alerts, such as the Handler License Incidents or Handle Update Incidents.

           

          -Patrick

          • 2. Re: How to Create E-mail Alerts for Blocked Sites
            jspanitz

            I've tried this multiple times and never had any luck.  A step by step guide with screenshots would be fantastic.

             

            Here's what we added to our log handler as an event:

             

            "Date: " + DateTime.ToWebReporterString + String.CRLF

            + "User: " + Authentication.UserName + String.CRLF

            + "Client.IP: " + IP.ToString (Client.IP) + String.CRLF

            + "URL: " + String.ReplaceAll (URL, "http", "hXXp") + String.CRLF

            + DateTime.ToWebReporterString

            + String.CRLF

            + "System.HostName: "

            + String.ReplaceIfEquals (System.HostName, "", "-")

            + String.CRLF

            + "Authentication.UserName: "

            + String.ReplaceIfEquals (Authentication.UserName, "", "-")

            + String.CRLF

            + "Client.IP: "

            + String.ReplaceIfEquals (IP.ToString (Client.IP), "", "-")

            + String.CRLF

            + "URL.Destination.IP: "

            + String.ReplaceIfEquals (IP.ToString (URL.Destination.IP), "", "-")

            + String.CRLF

            + "URL.Host: "

            + String.ReplaceIfEquals (URL.Host, "", "-")

            + String.CRLF

            + "Response.StatusCode: "

            + String.ReplaceIfEquals (Number.ToString (Response.StatusCode), "", "-")

            + String.CRLF

            + "MediaType.FromHeader: "

            + String.ReplaceIfEquals (MediaType.ToString (MediaType.FromHeader), "", "-")

            + String.CRLF

            + "BytesFromClient: "

            + String.ReplaceIfEquals (Number.ToString (BytesFromClient), "", "-")

            + String.CRLF

            + "BytesFromServer: "

            + String.ReplaceIfEquals (Number.ToString (BytesFromServer), "", "-")

            + String.CRLF

            + "Request.Header.FirstLine: "

            + String.ReplaceIfEquals (String.ReplaceAll (Request.Header.FirstLine, "http", "hxxp"), "", "-")

            + String.CRLF

            + "URL.Categories: "

            + String.ReplaceIfEquals (List.OfCategory.ToString (URL.Categories), "", "-")

            + String.CRLF

            + "URL.ReputationString: "

            + String.ReplaceIfEquals (URL.ReputationString, "", "-")

            + String.CRLF

            + "URL.Reputation: "

            + String.ReplaceIfEquals (Number.ToString (URL.Reputation), "", "-")

            + String.CRLF

            + "Rules.CurrentRuleSet.Name: "

            + String.ReplaceIfEquals (Rules.CurrentRuleSet.Name, "", "-")

            + String.CRLF

            + "Rules.CurrentRule.Name: "

            + String.ReplaceIfEquals (Rules.CurrentRule.Name, "", "-")

            + String.CRLF

            + "Block.ID: "

            + String.ReplaceIfEquals (Number.ToString (Block.ID), "", "-")

            + String.CRLF

            + "Block.Reason: "

            + String.ReplaceIfEquals (Block.Reason, "", "-")

            + String.CRLF

            + "Antimalware.Infected: "

            + String.ReplaceIfEquals (Boolean.ToString (Antimalware.Infected), "", "-")

            + String.CRLF

            + "Antimalware.VirusNames: "

            + String.ReplaceIfEquals (List.OfString.ToString (Antimalware.VirusNames), "", "-")

            + String.CRLF

            + "Body.Modified: "

            + String.ReplaceIfEquals (Boolean.ToString (Body.Modified), "", "-")

            + String.CRLF

            + "Application.Reputation: "

            + String.ReplaceIfEquals (Application.Reputation, "", "-")

            + String.CRLF

            + "Application.Name: "

            + String.ReplaceIfEquals (Application.ToString (Application.Name), "", "-")

            + String.CRLF

            + "Referer: "

            + String.ReplaceIfEquals (String.ReplaceAll (Header.Request.Get ("Referer"), "http", "hxxp"), "", "-")

            + String.CRLF

            + "User-Agent: "

            + String.ReplaceIfEquals (Header.Request.Get ("User-Agent"), "", "-")

            + String.CRLF

            + "------------------------------"

             

            Email.Send ("test@test.com", "Virus/Malware detected - Web Gateway", User-Defined.eventMessage)