In 7.0 you can configure the body of the alert as well. Something like this is close to what 6.x did...
'<AlertName> - <AlertType>' event detected by '<SensorName>'\n\n Source: <SourceIPAddress> - <SourcePort> (<SourcePortName>) \nDestnation: <DestinationIPAddress> - <DestinationPort> (<DestinationPortName>)\n Time: <AlertDateTime> \n Protocol: <ProtocolName> (<Protocol>) \n\nEvent Specific Information: \n<OtherParameters>
This needs to be pasted as all one line into Body Format under EMAIL in Global Responses. Possibly in the Reponses policy as well if you use them.
From: ISSQuestion [mailto:issquestion@xxxxxxxxxxx]
Sent: Monday, June 16, 2003 5:26 AM
Subject: [ISSForum] Email alert but data fields are all joined together
- Real Secure Network Sensor 7.0 with 6.7 WGM.
recently, I configured a Real Secure Network Sensor, and also the responses
alerts for email.
However, when conducting tests of this alerting responses, the email send
back includes only the
Subject: SuspiciousTCP HTTP_IIS_Percent_Evasion Importance: High which in a
readable format, the rest of the data fields are all in a straight line
I have checked with ISS asia-support, however, after their testing, they
concluded that it is true that the data field is all joined together.
I remember in my last installation of Real Secure 6.5 WGM, I was also able
to select the fields that I wanted to appear, and the fields will appear as
headers or labels.
Attached below is a sample of the email alert.
Sent: Sunday, June 15, 2003 2:42 PM
Subject: SuspiciousTCP HTTP_IIS_Percent_Evasion
2003-06-15 06:42:02 188.8.131.52 4542 N/A xxx.xx.xx.xx.xx 80 N/A
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo