Re: MARS email alert notifications

randytoni · ‎09-14-2006

hi

when a rule fires on MARS, and the incident triggers an email alert, the contents of that email contain the incident #, the name of the rule that fired, and the respective links to the incident details.

Is there any way to customize the email alerts (e.g. add some other incident-specific parameters to the message)?

thanks

-randy

a.kiprawih · ‎09-14-2006

Hi,

Based on the v4.2 doc, the alert notifications cannot be customized. Maybe they should have that feature available too.

http://www.cisco.com/en/US/partner/products/ps6241/products_user_guide_chapter09186a00806b614c.html

Rgds,

AK

randytoni · ‎09-15-2006

thanks for the info - yes it would be a nice feature.

-randy

curt · ‎09-16-2006

Thanks for the reference.

Is there an improvement???

I haven't received a notification recently, but is the rule that is triggered listed in the e-mail/SMS? I don't recall seeing this on prior alarm messages, which listed an incident number only (Useless until logging onto Mars).

Someone please correct me if I'm wrong.

randytoni · ‎09-18-2006

I see something like this:

The following incident occured:

Start time: Wed Sep 13 16:22:13 2006

End time: Wed Sep 13 16:22:13 2006

Fired Rule Id: 183333

Fired Rule: System Rule: DoS: Network - Attempt

Incident Id: 593670234

For more details about this incident, please go to:

etc....

-randy

curt · ‎09-21-2006

I stand corrected ... it is the SMS messages that don't show any details of significance.

randytoni · ‎09-22-2006

wasn't aware of that - I guess the ability to customize any alert type would be nice (not just email)