I am not getting the right answer. I am not asking about the signeture but I am asking how to include the action taken by the IPS into the alarm email sent to us, so we know what action was taken by the IPS regarding this signeture. Currently , the IPS send the following email :
Time= 22:44:13 Arab Standard Time
SIGNAME= WWW WinNT cmd.exe Access
Which does not contail the ACTION.