SA Cfg: Configure Global Notification Templates

Document created by RSA Information Design and Development on Nov 10, 2016Last modified by RSA Information Design and Development on Feb 6, 2017
Version 6Show Document
  • View in full screen mode
  

This topic provides instructions for adding, editing, duplicating, and deleting global notifications templates.

You can use the available default templates or you can configure your own templates for Email, SNMP, Syslog, and Script, depending on the template type.

Global audit logging sends audit logs in the format specified in the Audit Logging template. You can use the default audit logging templates or you can define your own audit logging template. For more information on how to define an Audit Logging template, see "Define a Template for Global Audit Logging."

Event Stream Analysis (ESA) sends notifications in the format specified in the Event Stream Analysis templates. The default Event Stream Analysis templates for email, SNMP, Syslog, and Script are available on installation. You can customize these templates as well as create new templates which you can use for the notifications. For more information on how to define ESA templates, see Define a Template for ESA Alert Notifications.

When upgrading from Security Analytics 10.4, all existing notification templates migrate to the Event Stream Analysis template type.

Add a Template

You can use the default templates provided or you can configure your own templates. Follow this procedure to configure your own template. 

  1. In the Security Analytics menu, select Administration > System.
  2. In the options panel, select Global Notifications.
  3. Click the Templates tab.
  4. Click  to configure a template.
  5. In the Define Template dialog, provide the following information:
    1. In the Name field, type the name for the template.
    2. In the Template Type field, select the type of template you want to create. For example, if you are creating a template for global audit logging, select the Audit Logging template type.
    3. In the Description field, type a brief description for the template.
    4. In the Template field, specify the format for the template.
    5. Click Save to save the template.

    Duplicate a Template

    You can make a copy of an existing default or user-defined template. To duplicate a template:

    1. In the Security Analytics menu, select Administration > System.
    2. In the options panel, select Global Notifications.
    3. Click the Templates tab.
    4. Select the template that you want to duplicate and click .
      The Duplicate Alert Template dialog is displayed.
    5. Type the name for the duplicate template.
    6. Click OK.

    You can modify a default or user-defined template. When you edit a template, the changes are reflected only when the alert is triggered.

    Edit a Template

    1. In the Security Analytics menu, select Administration > System.
    2. In the options panel, select Global Notifications.
    3. Click the Templates tab.
    4. Select a template and click .
    5. In the Define Template dialog, modify the NameTemplate TypeDescription, and Template fields as required.
    6. Click Save to save the template.

    Delete a Template

    You can delete a user-defined template. When you delete a template that is used in an ESA rule, the Event Stream Analysis default template is used for alerts. You cannot delete templates associated with global audit logging configurations.

    1. In the Security Analytics menu, select Administration > System.
    2. In the options panel, select Global Notifications.
    3. Click the Templates tab.
    4. Select one or more templates and click .
      A confirmation dialog is displayed.
    5. Click Yes.
      The selected template is deleted.
You are here
Table of Contents > Standard Procedures > Configure Templates for Notifications > Configure Global Notification Templates

Attachments

    Outcomes