Video Screencast Help

Add Date/Time of Incident to Response Emails

Created: 24 Jan 2013 | 6 comments


Looking for a way to be able to add the date and time of an incident to both a manual and auto response.  I am unable to locate a "canned" attribute to add this.  Currently working with manual responses for email policy violations and I have to copy and paste the date and time from the incident to the body of the notification.  Anything added recently to accomplish this?


Dear $Manager First Name$,
On (?¿?DATE/TIME?¿?), your employee $First Name$ $Last Name$ ($SENDER$), sent a message (Subject: $SUBJECT$) that violates one or more policies.

IT Security Office


Comments 6 CommentsJump to latest comment

yang_zhang's picture

There are no variables that can be used to insert into the notification email to show the datetime of the incident.

But, on the other hand, if we assign a response rule as send notification email to a policy, then, when an incident generated, the time of the email send will be the time of the incident.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
stumunro's picture

yang is correct, i believe that manager notification is a manual process.

our workflow giys have developed a routing engine that automaticlly routes emails to managers.

so yes it is real time This way you do not have to worry about the time and date stamp...

Reigntrends's picture

I understand the timestamp perspective for the auto notify messages as they happen in realtime or very close to realtime. We are at a point where we are not ready to do auto notify for all incidents and that requires sending manual manager notifications which dont occur in realtime.

stumunro's picture


the work flow we have done does this in real time as it is a reponse rule...

yang_zhang's picture

yes, stumunro is right. It's best for you to implement a workflow solution for your scenario.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
Pavel B.'s picture


I would also appreciate a possibility to include incident date+time into a manual notifications. Same prolem is with the names of attachments within the email.
Does that mean that the only possibility is to externalize the event processing from Enforce server? This does not sound good for me. Is thera a chance for Enhancement Request? (I do not know this process yet.)