This article is intended to demonstrate the other event details that can be included in an Alert notification template where that notification can include sufficient values for a SOC team to raise a security incident.
There are two ways to modify the content in an alert notification.
Navigate to Reports > Manage > Alerts and then create a new alert with the desired output action where you can manually update the Alert notification.
Navigate to Reports > Manage > Alerts and then click on Template to include all the notification data inside that template. Then create an alert, select any desired notification method (SMTP, SNMP or Syslog) and then from the Body Template drop down menu select the template you just created. NOTE: The template will replace any existing values in the notification built-in body template.
The screenshots below depicts the steps of using the template with some of basic SNORT event-related values that will be presented in any alert notification method. Image description