Configuring Notification in SSIM
Created: 27 Apr 2012 | Updated: 08 May 2012 | 5 comments
This issue has been solved. See solution.
How to configure the notification in SSIM 4.7.4 for below requirement
1. If any incident get created, SSIM should send notification to XYZ email ID
2. If any incident get created for firewall, then SSIM should send the notification to firewall Admin
I am new for SSIM, please provide the steps
Regards,
Sandeep Raut
Discussion Filed Under:
Comments 5 Comments • Jump to latest comment
In my opinion,
1a.You should go to the Action tab on Correlation Rules (Rules->Correlation Rules->System Rules) and choose those rules for which you want an email notification. Under Notification set XYZ email(s).
1b. Create User Rule (Rules->Correlation Rules->User Rules) in which under Conditions set the next Event Criteria:
- Event type == New Incident Created
- Product != Firewall.
2. Create User Rule (Rules->Correlation Rules->User Rules) in which under Conditions set the next Event Criteria:
- Event type == New Incident Created
- Product == Firewall.
Under Action tab set firewall Admin email(s).
I hope this help.
Hi,
Here is the helpful article to configure notifications...
How to setup email Notifications in Symantec Security Information Manager v4.5 / v 4.6 / v4.7:
http://www.symantec.com/docs/TECH90473
Hope that helps you!!
Regards,
Avkash K
Dear Friends,
i have configured the exchange server ip and mail id in Manager component configuration, i have tried to send one test report on my mail ID, but it doesnt. Please find below notification log
2012-05-08 10:55:24,371 [Thread-5] WARN com.symantec.sim.notificationsvc.NotificationRequest - Status: Notice "test" from "Scheduled Reporting" has not been processed completely.
Number of Attempts: 1
Email message was not sent to all recipients successfully.
2012-05-08 10:59:02,288 [Thread-5] WARN com.symantec.sim.notificationsvc.NotificationRequest - unable to send email message: com.symantec.sim.notificationsvc.email.SIMEmailException: 550 5.7.1 Unable to relay
2012-05-08 10:59:02,289 [Thread-5] WARN com.symantec.sim.notificationsvc.NotificationRequest - Status: Notice "test" from "Scheduled Reporting" has not been processed completely.
Number of Attempts: 1
Email message was not sent to all recipients successfully.
2012-05-08 10:59:19,822 [Thread-5] WARN com.symantec.sim.notificationsvc.NotificationRequest - unable to send email message: com.symantec.sim.notificationsvc.email.SIMEmailException: 550 5.7.1 Unable to relay
Please give me the solution for this issue.
Regards,
Sandeep Raut
till date i have not added active directory with the SSIM 4.7.4 server
That is a response of the SMTP server the notification service is getting.
From RFC http://www.ietf.org/rfc/rfc4408.txt
A "Fail" result is an explicit statement that the client is not
authorized to use the domain in the given identity. The checking
software can choose to mark the mail based on this or to reject the
mail outright.
If the checking software chooses to reject the mail during the SMTP
transaction, then it SHOULD use an SMTP reply code of 550 (see
[RFC2821]) and, if supported, the 5.7.1 Delivery Status Notification
(DSN) code (see [RFC3464]), in addition to an appropriate reply text.
The check_host() function may return either a default explanation
string or one from the domain that published the SPF records (see
Section 6.2).
You should talk to the administartor of the Mailserver, to find out why the email is rejected by the SMTP server.
Would you like to reply?
Login or Register to post your comment.