This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
RenatoGoncalves
Beginner
Beginner
‎2019-04-29 02:10 PM

Incident Template

We need to send emails with the opening of a incident.

 

For now we can only receive an template like this:

 

Incid1.png

 

But with this we dont get any useful information. Is it possible to edit the template and receive something like this:

 

Things.jpg

 

Anyone have done it?

Reply
2 Replies
JoshRandall
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2019-04-30 02:48 PM

Hi Renato,

  I haven't been able to figure out a workaround for modifying the "Incident Created/Updated” email templates.

 

  I'll keep looking into it, but in the meantime would an ESA Alert output email with the alert data meet your requirements?

Mr. Mongo
0 Likes
Reply
RenatoGoncalves
Beginner
Beginner
‎2019-05-07 10:37 AM

Hello Joshua,

 

The thing is that in want to to some correlation and its a little bit easier ( for someone who does not know EPL very well ) to do it.

 

For example if an IP could be in Alert for DDoS Attack with one request and have another in a SQLI for example. We want an incident that can look for the IP and correlate both alerts. With Incidents we can choose both ESA alerts.

0 Likes
Reply
Related Topics
Change Incident Template
© 2020 RSA Security LLC or its affiliates.
All rights reserved.