Highlighted
zargaran Honored Contributor.
Honored Contributor.
1021 views

How to Create notification template in ArcSight ESM ???

Jump to solution

Hi All

Is there anybody have an exprerience in creation notification template ?

please share your solution.

BR

Amir

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Honored Contributor.. brian.chong@hpe Honored Contributor..
Honored Contributor..

Re: How to Create notification template in ArcSight ESM ???

Jump to solution

Below is a sample email notification template.

 

## This is a velocity macro file...

## The following fields are defined in the velocity macro.

## event == the event which needs to be sent.

## WEBROOT == root of the myarcsight

## EVENT_URL == root of the event alert.

## NOTIFICATION_URL = root of the notification.

 

Event Name:                  $introspector.getDisplayValue($event,"name")

Event Start Time:            $introspector.getDisplayValue($event,"startTime")

Attacker Host Name:           $introspector.getDisplayValue($event,"attackerHostName")

Target Host Name:             $introspector.getDisplayValue($event,"targetHostName")

Target User Name:             $introspector.getDisplayValue($event,"targetUserName")

Device Vendor:               $introspector.getDisplayValue($event,"deviceVendor")

Device Product:              $introspector.getDisplayValue($event,"deviceProduct")

String4.Reason or Error Code: $introspector.getDisplayValue($event,"deviceCustomString4")

 

--------------------------------------------------------------------

How to Respond

--------------------------------------------------------------------

This message can be acknowledged in any of the following ways:

1) Reply to this email. Make sure that the notification ID listed

      in this message is present in your reply)

2) Login to the ArcSight Console and click on the notification button

      on the status bar

3) Login to myArcSight and go to the My Notifications Acknowledgment page

      at ${NOTIFICATION_URL}

 

To view the full alert please go to

      at ${EVENT_URL}

 

 

 

Brian Chong

2 Replies
Honored Contributor.. brian.chong@hpe Honored Contributor..
Honored Contributor..

Re: How to Create notification template in ArcSight ESM ???

Jump to solution

Hi,

The instructions on how to create notification template can be found on ESM Administrator's guide, page 153. I've attached the admin guide and example template.

Brian Chong

0 Likes
Honored Contributor.. brian.chong@hpe Honored Contributor..
Honored Contributor..

Re: How to Create notification template in ArcSight ESM ???

Jump to solution

Below is a sample email notification template.

 

## This is a velocity macro file...

## The following fields are defined in the velocity macro.

## event == the event which needs to be sent.

## WEBROOT == root of the myarcsight

## EVENT_URL == root of the event alert.

## NOTIFICATION_URL = root of the notification.

 

Event Name:                  $introspector.getDisplayValue($event,"name")

Event Start Time:            $introspector.getDisplayValue($event,"startTime")

Attacker Host Name:           $introspector.getDisplayValue($event,"attackerHostName")

Target Host Name:             $introspector.getDisplayValue($event,"targetHostName")

Target User Name:             $introspector.getDisplayValue($event,"targetUserName")

Device Vendor:               $introspector.getDisplayValue($event,"deviceVendor")

Device Product:              $introspector.getDisplayValue($event,"deviceProduct")

String4.Reason or Error Code: $introspector.getDisplayValue($event,"deviceCustomString4")

 

--------------------------------------------------------------------

How to Respond

--------------------------------------------------------------------

This message can be acknowledged in any of the following ways:

1) Reply to this email. Make sure that the notification ID listed

      in this message is present in your reply)

2) Login to the ArcSight Console and click on the notification button

      on the status bar

3) Login to myArcSight and go to the My Notifications Acknowledgment page

      at ${NOTIFICATION_URL}

 

To view the full alert please go to

      at ${EVENT_URL}

 

 

 

Brian Chong

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.