Video Screencast Help

Use Notification name as the Subject of notification emails

Created: 20 Aug 2012 | 2 comments
ShadowsPapa's picture
7 Agree
0 Disagree
+7 7 Votes
Login to vote

Monitors, notifications, notification conditions. Create a Notification, choose type, conditions, actions, etc. and give it a Notification name.

However, the notification name is not used anywhere - and the email you receive is simply given the subject of "Security Alert Notification" which could fit an attack, a software control issue, a device control issue, or a firewall rule triggered. Since the name you chose for the notification is not used, and the subject is simply generically security alert notification - you have no idea as to the severity or your need to investigate further.

My suggestion - use the Notification Name as the subject of the email sent to the admin - etc.

This way, as an example, if I wanted to receive an alert that a firewall rule was triggered, the email could be filtered or even simply noticed and recognized immediately as "firewall rule xxxxx triggered" and deal with it, where less important or critical alerts could be taken care of later.

I set up a notification condition so I can receive alerts when certain things happen, however, I must actually open and read each email as the subject is the same for each.

A system variable could be used in SEPM - use the Notification name as the subject line content for emails, and this would also put same in the logs, so we'd know while looking in the logs WHAT notification it was that triggered the log entry. It would be invaliable when going through logs with thousands of entries, or dozens of emails, to pick out ones we need to pay attention to right away.

Example alert/notification names ->

Use those names as the subject here as the email subject which alert is for device and which for other? can you tell?->

Comments 2 CommentsJump to latest comment

dsmith1954's picture

This would be very helpful!!

Login to vote