Issue
When setting up automated notifications for external alerts using variables to customize the message, rather than pulling data for $Event and $Endpoint variables, the variable names are displayed.
Resolution
Not all email variables are available in all contexts where an email notification can be configured. This is especially true for External Alerts, since these are presented from external sources. Some standard Red Canary variables such as $Endpoint.* and $Event.* are not available for external alerts.
The following custom variables are available for External Alerts:
ExternalAlert
$ExternalAlert.analysis_team
$ExternalAlert.external_alert_source_alert_identifier
$ExternalAlert.external_alert_source_alert_url
$ExternalAlert.native_email_raw
$ExternalAlert.native_json_raw(supports JSON interpolation)
$ExternalAlert.reported_classification
$ExternalAlert.reported_severity
$ExternalAlert.risk_score
$ExternalAlert.status_and_state
$ExternalAlert.url
ExternalAlertSource
$ExternalAlertSource.display_category
$ExternalAlertSource.name
ExternalAlertSourcePlatform
$ExternalAlertSourcePlatform.display_category
$ExternalAlertSourcePlatform.display_name
Comments
0 comments
Please sign in to leave a comment.