
System configuration |
| Replacement messages | |
|
|
|
|
| Table 17: Alert email message sections |
| |
|
|
|
|
| NIDS event | Used for NIDS event alert email messages | |
|
|
|
|
| Section Start | <**NIDS_EVENT**> |
|
|
|
|
|
| Allowed Tags | %%NIDS_EVENT%% | The NIDS attack message. |
|
|
|
|
| Section End | <**/NIDS_EVENT**> |
|
|
|
|
|
|
|
| |
| Virus alert | Used for virus alert email messages | |
|
|
|
|
| Section Start | <**VIRUS_ALERT**> |
|
|
|
|
|
| Allowed Tags | %%VIRUS%% | The name of the virus. |
|
|
|
|
|
| %%PROTOCOL%% | The service for which the virus was detected. |
|
|
|
|
|
| %%SOURCE_IP%% | The IP address from which the virus was received. |
|
|
| For email this is the IP address of the email server |
|
|
| that sent the email containing the virus. For HTTP |
|
|
| this is the IP address of web page that sent the |
|
|
| virus. |
|
|
|
|
|
| %%DEST_IP%% | The IP address of the computer that would have |
|
|
| received the virus. For POP3 this is the IP address |
|
|
| of the user’s computer that attempted to download |
|
|
| the email containing the virus. |
|
|
|
|
|
| %%EMAIL_FROM%% | The email address of the sender of the message in |
|
|
| which the virus was found. |
|
|
|
|
|
| %%EMAIL_TO%% | The email address of the intended receiver of the |
|
|
| message in which the virus was found. |
|
|
|
|
| Section End | <**/VIRUS_ALERT**> |
|
|
|
| |
|
|
| |
| Block alert | Used for file block alert email messages | |
|
|
|
|
| Section Start | <**BLOCK_ALERT**> |
|
|
|
|
|
| Allowed Tags | %%FILE%% | The name of the file that was blocked. |
|
|
|
|
|
| %%PROTOCOL%% | The service for which the file was blocked. |
|
|
|
|
|
| %%SOURCE_IP%% | The IP address from which the block file was |
|
|
| received. For email this is the IP address of the |
|
|
| email server that sent the email containing the |
|
|
| blocked file. For HTTP this is the IP address of |
|
|
| web page that sent the blocked file. |
|
|
|
|
|
| %%DEST_IP%% | The IP address of the computer that would have |
|
|
| received the blocked file. For email this is the IP |
|
|
| address of the user’s computer that attempted to |
|
|
| download the message from which the file ware |
|
|
| removed. |
|
|
|
|
|
| %%EMAIL_FROM%% | The email address of the sender of the message |
|
|
| from which the file was removed. |
|
|
|
|
|
| %%EMAIL_TO%% | The email address of the intended receiver of the |
|
|
| message from which the file was removed. |
|
|
|
|
| Section End | <**/BLOCK_ALERT**> |
|
|
|
|
|
135 |