IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Changing Subject Messages for Alert

    Posted Tue March 28, 2023 07:19 AM

    Hi Team,

    Below is the sample alert got it from the collector. But my customer wanted to change the Subject for each rule.

    how is it possible? Please help.

    ----------------------------------------------------

    Subject: (NM-CLOUD-COLLECTOR.nm.local) SQLGUARD ALERT Alert based on rule ID AWS_DDL_Commands
    Category: Access Classification: Severity HIGH
    Rule # 20040 [AWS_DDL_Commands ]
    Request Info: [ Session start: 2021-02-26 11:02:11 Server Type: MYSQL Client: 10.0.0.189 () Server: 10.0.1.179 (10.0.0.150) Client PORT: 40164 Server Port: 3306 Service Name: 10.0.1.179:8.0.20 Database Name: Net Protocol: TCP DB Protocol: MYSQL DB Protocol Version: 10.0.0 DB User: ADMIN
    Application User Name:
    Source Program: MYSQL Authorization Code: 0 Request Type: SQL_LANG Last Error:
    SQL: INSERT INTO Persons (PersonID, LastName, FirstName, Address, City ) VALUES ('1', 'Erichsan', 'Skajen', 'Scavanger', 'Norway') SQL Status:
    To add to baseline:

    ----------------------------------

    Thanks,

    Panendar Rao.C



    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: Changing Subject Messages for Alert

    Posted Wed March 29, 2023 01:05 AM

    Hi,

    Any update on this?

    Thanks,

    Panendar rao.C



    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------

    Original Message


  • 3.  RE: Changing Subject Messages for Alert

    Posted Wed March 29, 2023 08:46 AM

    Hi @PHANENDRA RAO CHAVANA

    It looks like you have an alert action in your policy with a notification type of Mail and it is using the Default Message Template. Something like pictured below:

    You can edit or create custom message templates from the 'Global Profile'. The Default template is displayed, but you can select 'Named Template' to create custom ones.

    You will need a 'Real Time Alert' message type and the Subject variable is available, though as I recall it may still populate some default values. Here's al ink to all the variables that you can use in a 'Real Time Alert' message template:  https://www.ibm.com/docs/en/guardium/11.4?topic=profile-alert-message-template.

    Reference the %%Subject [] variable. Here's an example of it being configured to populate some text along with the Severity and Alert Name: 

    %%Subject[Guardium Alert. Severity: (%%severity), Alert Name: %%alertName]



    ------------------------------
    Wendy
    Converge Technology Solutions
    Formerly Information Insights
    ------------------------------

    Original Message