Skip to content

Templates Configuration

The software uses email templates to send notifications, generating both the subject line and body of the emails. These templates support basic HTML, allowing designers to craft their own customized designs. Notifications are associated with templates by their names, and when choosing a template for a particular action, the software selects the first enabled template in alphabetical order. Designers can enable or disable individual templates to test different options and refine their designs.

The software supports the following templates:

  • mail-mfa - the software uses this template to send an MFA verification code in the Mail-MFA workflow.

  • mail-test - the software uses this template to send test emails when testing a SMTP configuration.

  • notify-connection - the software uses this template to send notification emails related to Connection type events. Connection type events are those that are detected on an asset endpoint.

  • notify-event - the software uses this template to send notification emails related to entries captured in the Events Report. Event type notification are those that send notification emails for events that are contained within the Events report.

Mail Placeholders

The software also supports placeholders in the templates. The software replaces placeholders with the actual values at the time of sending email notifications.

Template authors can use the following placeholders in the email subject or body in the form ${placeholder.name}:

For mail-mfa and mail-test templates:

  • user.name - Destination user login
  • user.firstName - Destination user first name
  • user.lastName - Destination user last name
  • configuration.name - SMTP configuration name used to send this email

Notify Placeholders

The software also supports placeholders in the templates. The software replaces placeholders with the actual values at the time of sending email notifications.

Template authors can use the following placeholders in the email subject or body in the form ${placeholder.name}.

For notify-connection templates:

  • connection.address.foreign - Foreign network address of the connection.
  • connection.address.local - Local network address of the connection.
  • connection.asset.name - Asset from which the data is collected.
  • connection.created - The date of data collection from the endpoint.
  • connection.port.foreign - Foreign port of the connection.
  • connection.port.local - Local device port of the connection.
  • connection.process - OS Process on the local device with the established connection.
  • connection.protocol - Protocol of the established connection.
  • connection.user - Owner of the OS Process on the local device with the established connection.
  • connection.violation - The indicator (with the description) that the connection would violate current published policy configuration for the asset if the policies would be enforced on the asset endpoint.

For notify-event templates:

  • event.category - Event category for events classification. A category indicates the area that originated the event.
  • event.created - Event time stamp.
  • event.entity.class - The inject class of the object.
  • event.entity.name - Object associated with the event.
  • event.level - Event severity level for classification.
  • event.message - Message is an additional information about the event. Often, message includes data related to the event, event object or event user.
  • event.name - Name is a characteristic title of the event.
  • event.source - A source that originated the event. Typically, a source is a system node or any other indicator of a physical location of the system module like P address or a host name.
  • event.tenant - The tenant where the event originated.
  • event.user - User originating the event.