[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Email alert but data fields are all joined togethe r - Real Secure Network Sensor 7.0 with 6.7 WGM.



Title: RE: [ISSForum] Email alert but data fields are all joined together - Real Secure Network Sensor 7.0 with 6.7 WGM.

In 7.0 you can configure the body of the alert as well. Something like this is close to what 6.x did...

'<AlertName> - <AlertType>' event detected by '<SensorName>'\n\n    Source: <SourceIPAddress> - <SourcePort> (<SourcePortName>) \nDestnation: <DestinationIPAddress> - <DestinationPort> (<DestinationPortName>)\n      Time: <AlertDateTime> \n  Protocol: <ProtocolName> (<Protocol>) \n\nEvent Specific Information: \n<OtherParameters>

This needs to be pasted as all one line into Body Format under EMAIL in Global Responses. Possibly in the Reponses policy as well if you use them.

-----Original Message-----
From: ISSQuestion [mailto:issquestion@xxxxxxxxxxx]
Sent: Monday, June 16, 2003 5:26 AM
To: issforum@xxxxxxx
Subject: [ISSForum] Email alert but data fields are all joined together
- Real Secure Network Sensor 7.0 with 6.7 WGM.


Hi,
recently, I configured a Real Secure Network Sensor, and also the responses
alerts for email.

However, when conducting tests of this alerting responses,  the email send
back includes only the
Subject: SuspiciousTCP HTTP_IIS_Percent_Evasion Importance: High which in a
readable format, the rest of the data fields are all in a straight line
format, unreadable.

I have checked with ISS asia-support, however, after their testing, they
concluded that it is true that the data field is all joined together.

I remember in my last installation of Real Secure 6.5 WGM, I was also able
to select the fields that I wanted to appear, and the fields will appear as
headers or labels.

Please advise.

Attached below is a sample of the email alert.

Thanks!

-----Original Message-----
From: RealSecure
Sent: Sunday, June 15, 2003 2:42 PM
To: asia-support@xxxxxxx
Subject: SuspiciousTCP HTTP_IIS_Percent_Evasion


2003-06-15 06:42:02 203.218.149.119 4542 N/A xxx.xx.xx.xx.xx 80 N/A
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo