NetWitness Community

As it is coming from an ESA then you could use a script to send out your alerts. That was you can adjust the time to the format that you need.

Here is a python script showing a custom email template:

I've attached it and you can import it under System -> Global Notifications -> Output as an ESA Script.

#!/usr/bin/env python
from smtplib import SMTP
import datetime
import json
import sys
 
 
def dispatch(alert):
    """
    The default dispatch just prints the 'last' alert to /tmp/esa_alert.json. Alert details
    are available in the Python hash passed to this method e.g. alert['id'], alert['severity'],
    alert['module_name'], alert['events'][0], etc.
    These can be used to implement the external integration required.
    """
    with open("/tmp/esa_alert.json", mode='w') as alert_file:
        alert_file.write(json.dumps(alert, indent=True))
 
 
 
 
def read():
 
 
    #Parameter
    sa_server = '192.168.123.4'
    brokerid = '35'
    smtp_server = 'smtp.waugh.local'
    smtp_port = '25'
    smtp_user = ''
    smtp_pass = ''
    from_addr = "RSA Security Analytics <RSA@SecurityAnalytics.com>"
    to_addr = 'securityanalytics@waugh.local'
 
 
 
 
    # Get data from JSON
    esa_alert = json.loads(open('/tmp/esa_alert.json').read())
    #Extract Variables (Add as required)
    try:
        module_name = str(esa_alert["module_name"])
    except KeyError:
        module_name = "null"
 
 
    try:
        ip_src = str(esa_alert["events"][0]["ip_src"])
    except KeyError:
        ip_src = "null"
 
 
    try:
        ip_dst = str(esa_alert["events"][0]["ip_dst"])
    except KeyError:
        ip_dst = "null"
    try:
        country_src = str(esa_alert["events"][0]["coutry_src"])
    except KeyError:
        country_src = "null"
 
 
    try:
        ip_dstport = str(esa_alert["events"][0]["ip_dstport"])
    except KeyError:
        ip_dstport = "null"
 
 
    try:
        user_dst = str(esa_alert["events"][0]["user_dst"])
    except KeyError:
        user_dst = "null"
 
 
    # Sends Email
    smtp = SMTP()
    smtp.set_debuglevel(0)
    smtp.connect(smtp_server,smtp_port)
    #smtp.login(smtp_user,smtp_pass)
 
 
 
 
 
 
    date = datetime.datetime.now().strftime( "%d/%m/%Y %H:%M" )
    subj = ( module_name ) + " :: " + ( date ) + " From " + ( ip_src ) + " To " + ( ip_dst ) + ":" + ( ip_dstport )
 
 
    message_text = ("Alert Name: \t\t%s\n" % ( module_name )+
        "Date/Time: \t\t%s\n" % ( date  ) +
        "Destination Port: \t\t%s\n" % ( ip_dstport ) +
        "Source IP: \t\t%s\n" % ( ip_src ) +
        "Destination IP: \t\t%s\n" % ( ip_dst ) +
        "User: \t%s\n" % ( user_dst ) +
        "Source Country: \t\t%s\n" % ( country_src )
 
 
    )
 
 
 
 
    msg = "From: %s\nTo: %s\nSubject: %s\nDate: %s\n\n%s\n" % ( from_addr, to_addr, subj, date, message_text )
 
 
    smtp.sendmail(from_addr, to_addr, msg)
    smtp.quit()
 
 
 
 
if __name__ == "__main__":
        dispatch(json.loads(sys.argv[1]))
        read()
        sys.exit(0)

You can manipulate the date in python and then output as you wish.

Take a look at Python strftime reference and modify line 85 above to get the date in the format your want.