7 Replies Latest reply on Mar 15, 2016 11:48 AM by curtisi

    Email template and rules

    lem123

      Hi,

       

      I have created an email template (clone a preconfigured one):

       

      $EventInfo $Severity
      Detection time: $DetectionTime

      LEM has detected suspicious firewall traffic that can be indicative of port scanning

      $Protocol, $Interface

      Source MAC address: $SourceMACAddress
      Destination Address: $DestinationMACaddress

       

       

       

      But the email comes through without the required details:

       

      Detection time:

       

      LEM has detected suspicious firewall traffic that can be indicative of port scanning

       

      ,

       

      Source MAC address:

      Destination Address: $DestinationMACaddress

       

       

       

       

      Any idea what is going wrong?

       

      Thanks

        • Re: Email template and rules
          jhynds

          Hey,

           

          Can you confirm that you have selected the correct template as part of the correlation rule?

           

          Also - did you click 'Activate Rules' on the Rules page after making the change to the template? It sounds like you mightn't have Activated the rule & it's still using the old email template.