SMTP Output-- Additional Fields
enVision has around 50 pre-defined fields in their templates. Is there any way that we can include any additional fields?
My client wishes to alert when specific "important" files are modified. They are using BSM to do this. The current solution they are using sends the file name in the alert. enVision does not have a specific field for File Name in any of the templates that I can see. I realize that the message text would probably contain this information, but for the sake of brevity, and the sanity of the SOC operators, I'd like to just include the file name instead of forcing them to manually parse the information from the message text.
Thanks in advance.
ksaunders, do you have an RFE for this?
Matt, that may be the best way under the current field limitations but to be able to include exactly the right amount of details in an SMTP alert saves time when sorting through a large number of alerts which most network security administrators have limited amount of.
I've run into the same issue myself. For failed login events I would like to have the username in the message, but since that isnt available I have to use the whole message. I have gotten really good at spotting usernames in a long string of text!!
This would be a really nice thing for a future Envision version. I would also add the ability to use variables in the subject line!