Hi, 
Does anyone know if it's possible to create Message Template in CEF Format for Threshold alerts? 

Thanks, 
Eden.

------------------------------
Eden Amsalem
------------------------------

Hi Eden,

It is possible to create a custom template via the global profile for CEF format

Setup --> Tools and Views --> Global Profile

Select Edit Named Template and choose the add button. Ensure you change the template type to THRESHOLD_ALERT

Using this will help you map the CEF template to your requirements.
https://www.ibm.com/support/knowledgecenter/SSMPHH_11.1.0/com.ibm.guardium.doc.admin/integrate/cef_mapping.html

------------------------------
Aaron Kinchen
------------------------------

Original Message:
Sent: Sun March 29, 2020 05:14 AM
From: Eden Amsalem
Subject: CEF Formt to Threshold Alerts

Hi, 
Does anyone know if it's possible to create Message Template in CEF Format for Threshold alerts? 

Thanks, 
Eden.

------------------------------
Eden Amsalem
------------------------------

Hi Aaron,

Thanks for your answer. 
I know this page you sent but all the parameters on this page are for real-time alert (data access) and I want to build CEF message template that has self-monitoring parameters. for example, Failed Logins to Guardium alert.

Thanks,
Eden.

------------------------------
Eden Amsalem
------------------------------

Original Message:
Sent: Mon March 30, 2020 04:35 AM
From: Aaron Kinchen
Subject: CEF Formt to Threshold Alerts

Hi Eden,

It is possible to create a custom template via the global profile for CEF format

Setup --> Tools and Views --> Global Profile

Select Edit Named Template and choose the add button. Ensure you change the template type to THRESHOLD_ALERT

Using this will help you map the CEF template to your requirements.
https://www.ibm.com/support/knowledgecenter/SSMPHH_11.1.0/com.ibm.guardium.doc.admin/integrate/cef_mapping.html

------------------------------
Aaron Kinchen

Original Message:
Sent: Sun March 29, 2020 05:14 AM
From: Eden Amsalem
Subject: CEF Formt to Threshold Alerts

Hi, 
Does anyone know if it's possible to create Message Template in CEF Format for Threshold alerts? 

Thanks, 
Eden.

------------------------------
Eden Amsalem
------------------------------

Hi Eden,

Yes you can do that here.

Attachment1
Click the Add (plus symbol) button, and select THRESHOLD_ALERT. This will allow you to create a new one


------------------------------
Aaron Kinchen
------------------------------

Original Message:
Sent: Tue March 31, 2020 03:46 AM
From: Eden Amsalem
Subject: CEF Formt to Threshold Alerts

Hi Aaron,

Thanks for your answer. 
I know this page you sent but all the parameters on this page are for real-time alert (data access) and I want to build CEF message template that has self-monitoring parameters. for example, Failed Logins to Guardium alert.

Thanks,
Eden.

------------------------------
Eden Amsalem

Original Message:
Sent: Mon March 30, 2020 04:35 AM
From: Aaron Kinchen
Subject: CEF Formt to Threshold Alerts

Hi Eden,

It is possible to create a custom template via the global profile for CEF format

Setup --> Tools and Views --> Global Profile

Select Edit Named Template and choose the add button. Ensure you change the template type to THRESHOLD_ALERT

Using this will help you map the CEF template to your requirements.
https://www.ibm.com/support/knowledgecenter/SSMPHH_11.1.0/com.ibm.guardium.doc.admin/integrate/cef_mapping.html

------------------------------
Aaron Kinchen

Original Message:
Sent: Sun March 29, 2020 05:14 AM
From: Eden Amsalem
Subject: CEF Formt to Threshold Alerts

Hi, 
Does anyone know if it's possible to create Message Template in CEF Format for Threshold alerts? 

Thanks, 
Eden.

------------------------------
Eden Amsalem
------------------------------

Hi Aaron, 
This flow I know but the values unmatch to the CEF parameters. Also, I just found out that IBM wrote it's not possible to use it in the way I wanted, for Self-Monitoring domains :/

Thanks,
Eden.

------------------------------
Eden Amsalem
------------------------------

Original Message:
Sent: Wed April 01, 2020 11:20 AM
From: Aaron Kinchen
Subject: CEF Formt to Threshold Alerts

Hi Eden,

Yes you can do that here.

Attachment1
Click the Add (plus symbol) button, and select THRESHOLD_ALERT. This will allow you to create a new one

Attachment2
On the edit message template screen, you can filter on threshold message templates

Attachment3
Once created you can add this to a pre existing self monitoring alert

------------------------------
Aaron Kinchen

Original Message:
Sent: Tue March 31, 2020 03:46 AM
From: Eden Amsalem
Subject: CEF Formt to Threshold Alerts

Hi Aaron,

Thanks for your answer. 
I know this page you sent but all the parameters on this page are for real-time alert (data access) and I want to build CEF message template that has self-monitoring parameters. for example, Failed Logins to Guardium alert.

Thanks,
Eden.

------------------------------
Eden Amsalem

Original Message:
Sent: Mon March 30, 2020 04:35 AM
From: Aaron Kinchen
Subject: CEF Formt to Threshold Alerts

Hi Eden,

It is possible to create a custom template via the global profile for CEF format

Setup --> Tools and Views --> Global Profile

Select Edit Named Template and choose the add button. Ensure you change the template type to THRESHOLD_ALERT

Using this will help you map the CEF template to your requirements.
https://www.ibm.com/support/knowledgecenter/SSMPHH_11.1.0/com.ibm.guardium.doc.admin/integrate/cef_mapping.html

------------------------------
Aaron Kinchen

Original Message:
Sent: Sun March 29, 2020 05:14 AM
From: Eden Amsalem
Subject: CEF Formt to Threshold Alerts

Hi, 
Does anyone know if it's possible to create Message Template in CEF Format for Threshold alerts? 

Thanks, 
Eden.

------------------------------
Eden Amsalem
------------------------------