You configure notification templates in the Administration System view (Administration > System > Notifications > Templates tab). A notification template defines the format and message fields of the notifications. There are different template types for the notifications that you can configure:
- Audit Logging
- Event Stream Analysis
- Event Source Monitoring
- Health Alarms
You can use the available default templates or you can configure your own templates for Email, SNMP, Syslog, and Script, depending on the template type.
Global audit logging sends audit logs in the format specified in the Audit Logging template. You can use the default audit logging templates or you can define your own audit logging template. For more information on how to define an Audit Logging template, see Define a Template for Global Audit Logging.
Event Stream Analysis (ESA) sends notifications in the format specified in the Event Stream Analysis templates. The default Event Stream Analysis templates for email, SNMP, Syslog, and Script are available on installation. You can customize these templates as well as create new templates which you can use for the notifications. For more information on how to define ESA templates, see Define a Template for ESA Alert Notifications.
For more information on ESA alert configuration, see "Notification Methods" in the Alerting Using ESA Guide. You cannot delete templates associated with global audit log configurations.
Note: When upgrading from Security Analytics 10.4, all existing notification templates migrate to the Event Stream Analysis template type.
To learn how to define, delete, edit, duplicate, import, and export a notification template in Security Analytics, see: