lem123

I have watched that video and it now works! Thank you, that is everything I need to get emails firing with some information filled in. We already own licenses for this product. The Mac address of a firewall event email does not seem to be viewing correctly. As expected, I am also getting through a swamp of notifications…

Yeah sure.. The email template... The rule... The email...

Thanks for the info - that is helpful. I am just creating the rule now - I am new to LEM. Can you point me in the right direction with how to enable this? I have got the correlation in but I am unsure of how to specify our firewall which is being monitored. Many thanks

Hi Yes - it is the correct template. As you can see in the actual email that gets received, it doesn't include any of the parameters, such as "$DetectionTime" $EventInfo $Severity Detection time: $DetectionTime LEM has detected suspicious firewall traffic that can be indicative of port scanning

Thanks for the information. Yes it is a Cisco - I do not have access to our firewall and the network engineer is not here to query this with I am just looking at "All Firewall Events" in LEM - checking event info...any idea what the "event info" is for a shun? I can see "ACL Inside Access in Denied TCP Packet" - this could…