AnsweredAssumed Answered

ESA and GeoIP

Question asked by James McSawley on Feb 19, 2015
Latest reply on Feb 20, 2015 by RSA Admin

Hi,

 

I have rule created in ESA to fire on specific criteria in Web logs.  I have added the GeoIP as an enrichmnet (lookup based on ip_src.  All this works just fine.  As part of the rule I want to fire off an e-mail alert, but I only want to include one element (region) of the GeoIP enrichment date not all the elements.  Does anyone know how I can reference just the one element in the e-mail template.  I have tried

----Snip----

<#list events as metadata>

---Snip---

${metadata.GeoIpLoookup.region

---snip--

but that does not appear to work.

 

Any suggestions would be greatly appreciated.

Thanks

James

Outcomes