This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

SMTP Template for ESA

Anonymous
Not applicable

‎2015-09-21 02:43 AM

Did anybody know how I can customize Default SMTP Template for ESA? I need exclude all meta keys and include only 4-5 meta keys for enduser. For example I wish to send end user only: source and destination ip's and also action key and username.

How customize this template?

3 REPLIES 3

Anonymous
Not applicable

‎2015-09-23 03:52 PM

to refer to any meta you could use this syntax....

 

<#list events as event>

<#if event_index=1>

  <li>user: ${event.user_dst}

  <li>outcome: ${event.ec_outcome}

</#if&gt;

 

And modify the xml according to your requirements.

Anonymous
Not applicable
In response to Anonymous

‎2015-09-28 03:57 AM

Could you share your template? I tried replicate your solution but this not gave result.

0 Likes

SalSanshez
Beginner
Beginner

‎2016-09-24 07:49 PM

Alex Fedorov‌ I had to use the following solution on a per alert basis to get the format requested by client...

 

 '000031690 - How to send customized subjects in an RSA Security Analytics ESA alert email' in RSA Link.

https://community.rsa.com/docs/DOC-45491 

 

Customer was very happy we were able to match the format of their previous SIEM alerts from Trustwave. 

© 2022 RSA Security LLC or its affiliates. All rights reserved.