截屏视频帮助

Add Date/Time of Incident to Response Emails

创建时间: 24 1 月 2013 | 6 条评论

Hello,

Looking for a way to be able to add the date and time of an incident to both a manual and auto response.  I am unable to locate a "canned" attribute to add this.  Currently working with manual responses for email policy violations and I have to copy and paste the date and time from the incident to the body of the notification.  Anything added recently to accomplish this?

ex:)

Dear $Manager First Name$,
On (?¿?DATE/TIME?¿?), your employee $First Name$ $Last Name$ ($SENDER$), sent a message (Subject: $SUBJECT$) that violates one or more policies.

Sincerely,
IT Security Office

Thanks,
Jeremy

评论 条评论跳转至最新评论

yang_zhang 的图片

There are no variables that can be used to insert into the notification email to show the datetime of the incident.

But, on the other hand, if we assign a response rule as send notification email to a policy, then, when an incident generated, the time of the email send will be the time of the incident.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
stumunro 的图片

yang is correct, i believe that manager notification is a manual process.

our workflow giys have developed a routing engine that automaticlly routes emails to managers.

so yes it is real time This way you do not have to worry about the time and date stamp...

Reigntrends 的图片

I understand the timestamp perspective for the auto notify messages as they happen in realtime or very close to realtime. We are at a point where we are not ready to do auto notify for all incidents and that requires sending manual manager notifications which dont occur in realtime.

stumunro 的图片

Reign,

the work flow we have done does this in real time as it is a reponse rule...

yang_zhang 的图片

yes, stumunro is right. It's best for you to implement a workflow solution for your scenario.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
Pavel B. 的图片

Hello,

I would also appreciate a possibility to include incident date+time into a manual notifications. Same prolem is with the names of attachments within the email.
Does that mean that the only possibility is to externalize the event processing from Enforce server? This does not sound good for me. Is thera a chance for Enhancement Request? (I do not know this process yet.)

Thx,

Pavel