Video Screencast Help

Variables in Network Prevent for Email Response Rule

Created: 25 Mar 2013 • Updated: 25 Mar 2013 | 2 comments
jjesse's picture
This issue has been solved. See solution.

Working on setting up a Network Prevent for Email response rule and running into a question.

Can you add variables ($POLICY, $SEVERITY, $MATCH, etc)  into a Network Prevent: Block SMTP Message?  I don't see the Insert Variable helper text  like I do for the rest of the response rules so just wondering.


Operating Systems:

Comments 2 CommentsJump to latest comment

DLP Solutions2's picture

Yes you can..

The best way for an SMTP message to be sent back to the user using the send Email Notification response. When you turn on the SMTP blocking that is typically a bounce back message to the SMTP server and not directly to the email sender, it is more of a SMTP system message and not for the USER.

Depending on the implemenatation of the Email Prevent a user may or may not get the SMTP bounce back message. So ALWAYS send an email notification to the sender.

I typically configure the SMTP block response to also redirect to the block messgae to another email address, and then also send the Email Notification Message to the user. This will then have the email user to ONLY get 1 message and not 2. This can eliminate some confusion.

Here is a list of the Variables you can use..

Variables can be used to include the file name, policy name, recipients, and sender in both the subject and the body of the email message. For example, to include the policy and rules violated, you would insert the following variables.

A message has violated the following rules in $POLICY$: $RULES$

Data Owner
Data Owner Email
Device Instance ID
Endpoint Machine
File Full Path
File Name
File Parent Directory Path
Incident ID
Incident Snapshot
Match Count
Policy Name
Policy Rules
Protocol / Device Type / Target Type
Quarantine Parent Directory Path
Scan Date

If this answeres your question, please marked as solved


Please make sure to mark this as a solution

to your problem, when possible.

jjesse's picture

That's what I thought

Jonathan Jesse Practice Principal ITS Partners