Is possible modify smtp output message body with all events information of correlation Rule?.
I want to create a output action in a correlation rule to send a e-mail after 15 event from different IP. I want to attach 15 event in message body to see all IPs, because e-mail recipients will not have access to the console envision. I review smtp output action but I couldn't see option.
I decided to create a script to extract the information with LSdata. Has anyone done something similar or have an example?
Thank you in advance