Video Screencast Help

Questions about SSIM

Created: 15 Jan 2013 | 3 comments

Hi all,

I'm a newbie on SSIM and are more or less than 3 months that I'm trying to move inside features and capabilities that this product offers.
The first task I want to accomplish is made integration between SSIM and the package that my company uses for managing ICT incidents.
The simple way I have found in order to do this, is to send an opportunely formatted mail message to a mailbox.
On this mailbox, an email parser is used for interpreting informations contained into each message generated and posted by SSIM correlation rules.
Fields extracted and forwarded by SSIM are used to automatically populate our incidents database.
Very quickly.
I know that this may appear a very stupid issue but let me say that I'm encountering not few problems in extracting the reference ID related to each SSIM incident.
To be more clear, I'm not able to put the reference ID, field I can see in clear text using the SSIM console, also into body of the message I send via mail.
I'm tried with the "Unique Event ID" field but it contains data that are like the following : "7f71:20130114164212:698d96", datas that nothing seem to have in common with what mentioned before.
Can someone help me ?

Thanks in advance and sorry for the disturb.

Comments 3 CommentsJump to latest comment

mathell's picture

 I don't have the SSIM in front of me at the moment, but that reference ID is already in the subject of the e-mail's I believe...so you don't need to add it just pull it from there.

Denis-SE's picture

Hi Mathell,

You're right and what you say is true.
To be more precise, another issue we have, let me say, is that the parser embedded in our incident management system is like a black box.
Is old, is out support and last but not least, is not managed directly by us.
Is what we have found and until someone does not approve the budget for changing it that is all we have.
At this moment, is not possible for me extracting from the subject of the message the info I needs.

mathell's picture

I just took a look.  I couldn't find any way to include that in the action description either.  One option would be to have the e-mail sent to another system first and have a custom script pull the subject into the body and then forward to the incident management system.  Any moderately skilled programmer could help you with this.