This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2010-11-29 10:53 AM

SMTP customer output action

Hello,

 

Is possible modify smtp output message body with all events information of correlation Rule?.

 

I want to create a output action in a correlation rule to send a e-mail after 15 event from different IP. I want to attach 15 event in message body to see all IPs, because e-mail recipients will not have access to the console envision. I review smtp output action but I couldn't see option.

 

I decided to create a script to extract the information with LSdata. Has anyone done something similar or have an example?

 

Thank you in advance

 

Jesús

0 Likes
Reply
1 Reply
RSAAdmin
Beginner
Beginner
‎2011-03-31 02:00 AM

You can select "Event List Filename" field in the template being used in the SMTP OA. Addition of this field in the template will cause an  event file to the attached to the email and will also give a link in the email body to the file which contain all the events which participated in the alert.

 

 

Hope this helps

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.