Skip to content

example_alert_templates.md

Latest commit

 

History

History
390 lines (312 loc) · 8.5 KB

example_alert_templates.md

File metadata and controls

390 lines (312 loc) · 8.5 KB

Alert object and field reference

HTML Explorer offline template

HTML Explorer reconnect template

HTML new asset template

HTML changed asset template

HTML offline asset template

HTML assets back online template

HTML asset query template

JSON asset query template

HTML service query template

JSON service query template

HTML template for Explorer offline

Subject

 Explorer {{event.agent_name}} is offline

Body

<h1>{{event.agent_name}}</h1>

<h2>Explorer Details</h2>
Internal IP: {{event.agent_internal_ip}}<br>
External IP: {{event.agent_external_ip}}<br>
Explorer OS: {{event.agent_os}}<br>
Host UUID: {{event.agent_host_id}}<br>
Explorer UUID: {{event.agent_id}}<br>
Explorer last seen (epoch time): {{event.agent_last_seen}}<br>
Exlorer Tags: {{event.agent_tags}}<br>
Explorer version: {{event.agent_version}}<br>
Explorer Organization: {{event.organization_name}}<br>
Explorer Organization UUID: {{event.organization_id}}<br>
Explorer Site: {{event.site_name}}<br>
Explorer Site UUID {{event.site_id}}<br>

HTML template for Explorer reconnect

Subject

 Explorer {{event.agent_name}} is back online

Body

<h1>{{event.agent_name}}</h1>

<h2>Explorer Details</h2>
Duration offline: {{event.agent_offline_time}}<br>
Internal IP: {{event.agent_internal_ip}}<br>
External IP: {{event.agent_external_ip}}<br>
Explorer OS: {{event.agent_os}}<br>
Host UUID: {{event.agent_host_id}}<br>
Explorer UUID: {{event.agent_id}}<br>
Explorer last seen (epoch time): {{event.agent_last_seen}}<br>
Exlorer Tags: {{event.agent_tags}}<br>
Explorer version: {{event.agent_version}}<br>
Explorer Organization: {{event.organization_name}}<br>
Explorer Organization UUID: {{event.organization_id}}<br>
Explorer Site: {{event.site_name}}<br>
Explorer Site UUID {{event.site_id}}<br>

HTML template for new asset alerts

Subject

{{rule.name}}: {{scan.assets_new}} new asset(s) found during the last scan of {{scan.name}}

Body

<h1>{{site.name}}</h1>

<h2>Scan Results</h2>
{{#scan}}
<ul>
<li>
  Scan Task: {{scan.name}}<br>
  {{assets_new}} new assets<br>
</li>
</ul>
{{/scan}}

<h2>New assets</h2>
<ul>
{{#report.new}}
<li>{{names}}<br>
    IP(s): {{addresses}}<br>
    OS: {{os}}<br>
    HW: {{hw}}<br>
    Type: {{type}}<br>
    Services: {{service_count}}<br>
    Site: {{site}}<br>
</li>
{{/report.new}}
{{^report.new}}
<li>No new assets were discovered.</li>
{{/report.new}}
</ul>

<p><a href="{{search.url}}">View assets in the console</a></p>
<p><a href="{{task.url}}">View the scan results</a></p>

HTML template for changed asset alerts

Subject

{{rule.name}}: {{scan.assets_changed}} asset(s) have changed since the last scan of {{scan.name}}

Body

<h1>{{site.name}}</h1>

<h2>Scan Results</h2>
{{#scan}}
<ul>
<li>
  Scan Task: {{scan.name}}<br>
  {{assets_changed}} changed assets<br>
</li>
</ul>
{{/scan}}

<h2>Changed assets</h2>
<ul>
{{#report.changed}}
<li>{{names}}<br>
    IP(s): {{addresses}}<br>
    OS: {{os}}<br>
    HW: {{hw}}<br>
    Type: {{type}}<br>
    Services: {{service_count}}<br>
    Site: {{site}}<br>
</li>
{{/report.changed}}
{{^report.changed}}
<li>No assets have changed configuration since the last scan.</li>
{{/report.changed}}
</ul>

<p><a href="{{search.url}}">View assets in the console</a></p>
<p><a href="{{task.url}}">View the scan results</a></p>

HTML template for offline asset alerts

Subject

{{rule.name}}: {{scan.assets_offline}} asset(s) were offline during the last scan of {{scan.name}}

Body

<h1>{{site.name}}</h1>

<h2>Scan Results</h2>
{{#scan}}
<ul>
<li>
  Scan Task: {{scan.name}}<br>
  {{assets_offline}} offline assets<br>
</li>
</ul>
{{/scan}}

<h2>assets offline</h2>
<ul>
{{#report.offline}}
<li>{{names}}<br>
    IP(s): {{addresses}}<br>
    OS: {{os}}<br>
    HW: {{hw}}<br>
    Type: {{type}}<br>
    Services: {{service_count}}<br>
    Site: {{site}}<br>
</li>
{{/report.offline}}
{{^report.offline}}
<li>No previously seen assets were offline at the time of the last scan.</li>
{{/report.offline}}
</ul>

<p><a href="{{search.url}}">View offline assets in the console</a></p>
<p><a href="{{task.url}}">View the scan results</a></p>

HTML alert template for assets that are back online

Subject

{{rule.name}}: {{scan.assets_online}} asset(s) were online during the last scan of {{scan.name}}

Body

<h1>{{site.name}}</h1>


<h2>Scan Results</h2>
{{#scan}}
<ul>
<li>
  Scan Task: {{scan.name}}<br>
  {{assets_online}} online assets<br>
</li>
</ul>
{{/scan}}


<h2>assets online</h2>
<ul>
{{#report.online}}
<li>{{names}}<br>
    IP(s): {{addresses}}<br>
    OS: {{os}}<br>
    HW: {{hw}}<br>
    Type: {{type}}<br>
    Services: {{service_count}}<br>
    Site: {{site}}<br>
</li>
{{/report.online}}
{{^report.online}}
<li>No offline devices have come online since the last scan.</li>
{{/report.online}}
</ul>

<p><a href="{{search.url}}">View online assets in the console</a></p>
<p><a href="{{task.url}}">View the scan results</a></p>

HTML template for asset query alerts

subject

{{search.found}} assets match {{rule.name}}

Body

<h1>{{organization.name}}</h1>
<h1>{{site.name}}</h1>

<h2>Detected assets</h2>
<ul>
{{#query.assets}}
<li>Asset ID: {{id}}<br>
    Hostname: {{names}}<br>
    IP: {{address}}<br>
    OS: {{os}}<br>
    HW: {{hw}}<br>
    Type: {{type}}<br>
    Service count: {{service_count}}<br>
    Site: {{site}}<br>
</li>
{{/query.assets}}
</ul>

<p><a href="{{search.url}}">View assets in console</a></p>
<p><a href="{{task.url}}">View the scan results</a></p>

JSON template for asset query alerts and webhooks

body

{
  "organization": {
    "name": "{{organization.name}}",
    "id": "{{organization.id}}"
  },
  "site": {
    "name": "{{site.name}}",
    "id": "{{site.id}}"
  },
  "rule": {
    "action": "{{rule.action}}",
    "event": "{{rule.event}}",
    "id": "{{rule.id}}",
    "name": "{{rule.name}}"
  },
  "query": {
    "count": "{{query.count}}",
    "assets": "{{query.assets}}"
  }
  "search": {
    "url": "{{search.url}}",
    "found": "{{search.found}}"
  }
}

HTML template for service query alerts

subject

{{search.found}} services match {{rule.name}}

Body

<h1>{{organization.name}}</h1>
<h1>{{site.name}}</h1>

<h2>Detected assets and services</h2>
<ul>
{{#query.services}}
<li>Asset ID: {{id}}<br>
    Hostname: {{names}}<br>
    IP: {{address}}<br>
    VHost: {{vhost}}<br>
    Port: {{port}}<br>
    Transport: {{transport}}<br>
    Protocol: {{protocol}}<br>
    Summary: {{summary}}<br>
    OS: {{os}}<br>
    HW: {{hw}}<br>
    Type: {{type}}<br>
    Site: {{site}}<br>
    </li>
{{/query.services}}
</ul>

<p><a href="{{search.url}}">View services in console</a></p>
<p><a href="{{task.url}}">View the scan results</a></p>

JSON template for service query alerts and webhooks

Body

{
  "organization": {
    "name": "{{organization.name}}",
    "id": "{{organization.id}}"
  },
  "site": {
    "name": "{{site.name}}",
    "id": "{{site.id}}"
  },
  "rule": {
    "action": "{{rule.action}}",
    "event": "{{rule.event}}",
    "id": "{{rule.id}}",
    "name": "{{rule.name}}"
  },
  "query": {
    "count": "{{query.count}}",
    "services": "{{query.services}}"
  }
  "search": {
    "url": "{{search.url}}",
    "found": "{{search.found}}"
  }
}