Creating custom Email Templates & Correlation of Fields

I am trying to create a custom template to alert me on failed authentication on the firewalls. I get the notice but it does not have any information in the email, just "at"

What am I missing?

Find more posts tagged with

email_templates

Accepted answers

All comments

FormerMember

Looks like you should use the UserLogonFailure fields (what's in your "Correlations" box) instead of the FailedAuthentication fields. That should fix it.

curtisi

https://www.youtube.com/watch?v=9Naf1sG3WuQ

cscoengineer

Is this is trick question?

Look like you are using UserLogonFailure in the correlation, but FailedAuthentication to populate the email message.

The fields in the email must appear in the correlation.

thanks

Amit

Loop1 Systems

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Help
Best Of