IBM Security Guardium

 View Only

  • 1.  Changing Subject Messages for Alert

    Posted Tue March 28, 2023 07:19 AM

    Hi Team,

    Below is the sample alert got it from the collector. But my customer wanted to change the Subject for each rule.

    how is it possible? Please help.

    ----------------------------------------------------

    Subject: (NM-CLOUD-COLLECTOR.nm.local) SQLGUARD ALERT Alert based on rule ID AWS_DDL_Commands
    Category: Access Classification: Severity HIGH
    Rule # 20040 [AWS_DDL_Commands ]
    Request Info: [ Session start: 2021-02-26 11:02:11 Server Type: MYSQL Client: 10.0.0.189 () Server: 10.0.1.179 (10.0.0.150) Client PORT: 40164 Server Port: 3306 Service Name: 10.0.1.179:8.0.20 Database Name: Net Protocol: TCP DB Protocol: MYSQL DB Protocol Version: 10.0.0 DB User: ADMIN
    Application User Name:
    Source Program: MYSQL Authorization Code: 0 Request Type: SQL_LANG Last Error:
    SQL: INSERT INTO Persons (PersonID, LastName, FirstName, Address, City ) VALUES ('1', 'Erichsan', 'Skajen', 'Scavanger', 'Norway') SQL Status:
    To add to baseline:

    ----------------------------------

    Thanks,

    Panendar Rao.C



    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: Changing Subject Messages for Alert

    Posted Wed March 29, 2023 01:05 AM

    Hi,

    Any update on this?

    Thanks,

    Panendar rao.C



    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------

    Original Message


  • 3.  RE: Changing Subject Messages for Alert

    IBM Champion
    Posted Wed March 29, 2023 08:46 AM

    Hi @PHANENDRA RAO CHAVANA

    It looks like you have an alert action in your policy with a notification type of Mail and it is using the Default Message Template. Something like pictured below:

    You can edit or create custom message templates from the 'Global Profile'. The Default template is displayed, but you can select 'Named Template' to create custom ones.

    You will need a 'Real Time Alert' message type and the Subject variable is available, though as I recall it may still populate some default values. Here's al ink to all the variables that you can use in a 'Real Time Alert' message template:  https://www.ibm.com/docs/en/guardium/11.4?topic=profile-alert-message-template.

    Reference the %%Subject [] variable. Here's an example of it being configured to populate some text along with the Severity and Alert Name: 

    %%Subject[Guardium Alert. Severity: (%%severity), Alert Name: %%alertName]



    ------------------------------
    Wendy
    Converge Technology Solutions
    Formerly Information Insights
    ------------------------------

    Original Message