This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
KentSaunders
Beginner
Beginner
‎2011-04-15 11:52 AM

SMTP Output-- Additional Fields

enVision has around 50 pre-defined fields in their templates.  Is there any way that we can include any additional fields? 

 

My client wishes to alert when specific "important" files are modified.  They are using BSM to do this.  The current solution they are using sends the file name in the alert. enVision does not have a specific field for File Name in any of the templates that I can see.  I realize that the message text would probably contain this information, but for the sake of brevity, and the sanity of the SOC operators, I'd like to just include the file name instead of forcing them to manually parse the information from the message text.

 


Thanks in advance.

 

 

 

0 Likes
Reply
7 Replies
RSAAdmin
Beginner
Beginner
‎2011-04-20 11:04 PM

Alas, the template field selection can't be modified.

 

The best way to get it is using exactly the method you're trying to avoid - send the payload of the event in the alert.

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2011-08-05 09:40 AM

ksaunders, do you have an RFE for this?

Matt, that may be the best way under the current field limitations but to be able to include exactly the right amount of details in an SMTP alert saves time when sorting through a large number of alerts which most network security administrators have limited amount of.

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2011-12-01 03:52 PM

I've run into the same issue myself. For failed login events I would like to have the username in the message, but since that isnt available I have to use the whole message. I have gotten really good at spotting usernames in a long string of text!!

This would be a really nice thing for a future Envision version. I would also add the ability to use variables in the subject line!

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2011-12-02 12:01 AM

Future enVision version is indeed coming with support for variables in subject line.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2011-12-02 10:30 AM

Thats good to hear Sreejith! One of our departments doesn't want to use Envision because of this issue and is using another SEM product that does allow variables in subject lines.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2012-04-13 03:37 PM

Any updates on this? I am getting a lot of pressure from various internal people asking why Envision alerts look so terrible. I almost always have to include the payload to get the right info in any given alert and people HATE having to sift through that to get to the right info.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2012-04-17 01:34 PM

I agree. The standard output is not good. We've had to pick essential fields and tie the full message in at the end. It just looks very amatuer.
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.