Configure the following event notification to notify administrators when correlated incidents have been detected.
The Event Notifications screen appears.
A list of events appears.
The Correlated Incident Detections screen appears.
Settings |
Description |
---|---|
Attach logs in CSV format |
Select to send event notification recipients a *.csv file containing log data about the detections. |
The selected contact groups or user accounts appear in the Selected Users and Groups list.
Method |
Description |
---|---|
Email message |
To customize the email notification template, use supported token variables or modify the text in the Subject and Message fields. For more information, see Advanced Threat Activity Token Variables. Note:
The %hostIP% and %group% token variables are not applicable in email notifications because data is aggregated from multiple hosts. |