We need to send emails with the opening of a incident.
For now we can only receive an template like this:
But with this we dont get any useful information. Is it possible to edit the template and receive something like this:
Anyone have done it?
I haven't been able to figure out a workaround for modifying the "Incident Created/Updated” email templates.
I'll keep looking into it, but in the meantime would an ESA Alert output email with the alert data meet your requirements?
The thing is that in want to to some correlation and its a little bit easier ( for someone who does not know EPL very well ) to do it.
For example if an IP could be in Alert for DDoS Attack with one request and have another in a SQLI for example. We want an incident that can look for the IP and correlate both alerts. With Incidents we can choose both ESA alerts.