This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
areebasad
Beginner
Beginner
‎2013-03-14 04:43 AM

Alerts

Dears,

    

        I am creating a new correlation rule, it fires if no events comes within 3 hours depending on the username in multithreading , then i connect this alert with email output action, the problem when it is fired the email does not have the information like the username, address... etc.

 

Regards

0 Likes
Reply
4 Replies
mrbeanus
Beginner
Beginner
‎2013-03-19 09:36 AM

Try to change Maximum lenght from (default 1024) to 8000 (not 8192) in

Alerts->Alert Configuration->Output Actions->Manage Output Action Templates and use Shoft or Long format/Most Common Fields depending what you want.

0 Likes
Reply
areebasad
Beginner
Beginner
In response to mrbeanus
‎2013-03-20 01:55 AM

The problem is that the alert fires when no event comes, so there is no information to display in the email, i have five user names i want to check if no event comes according to this user name in 3 minutes, so i want to display in the email which user name that does not create the event, but the email comes empty or just the subject and the bode i wrote in the output action, what could i do ?

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to areebasad
‎2013-04-01 06:42 PM

Hi there... I wish I was replying with something positive, but in my experience with enVision output actions, customization is a myth.  I've created my own templates and been very specific about what should be in the email, but enVision either puts everything or not enough.  I've had two cases open about it, and "engineering" was never able to give me a solution.  Because I work in a compliance context, and certain information my not be transmitted over the internet, my email alerts have very little in them and are just a message to check task triage or the Alert History. 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
‎2013-04-24 11:12 AM

Hi Areeb,

 

When a correlation rule fires, we have the information about the event message that satisfies the rule will be displayed with details in the CSV file..

 

But, here the rule itself is for "No events in 3 hours". That means you will not have any event message in the .CSV file when your alert triggers.

 

Hope this helps!!!!!

 

Regards,

John Peter

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.