NetWitness ESA customers all over the globe are leveraging the power of multi-event correlation in order to streamline the processing of alerts from their NetWitness environment. Up until now, they have faced a major challenge, namely the lack of flexibility in subject lines of these alerts. The ability to configure subject lines is typically how massive numbers of these alerts can be sorted and acted upon in order of severity. Kensington Tech is pleased to share this version 0.2 update to our ESA Alert Tool.
The original 0.1 release required the prepending of the string 'vars.' to some variable names in the FreeMarker email template, due to a bug in the third-party FMPP software used by the solution. We've taken it upon ourselves to fix this bug in FMPP and are now bundling our own patched version of FMPP with the ESA Alert Tool package.
This was developed using Security Analytics 10.5, but it should work equally well with 10.6. Do let us know if there are any issues!
- No longer a need to prepend template variables with 'vars.'
- Use a Freemarker template to customize your subject line.
- No need to hard code subject in a custom script
- The ESA rule name has been added to the body of our alert email
- TLS and SSL support for SMTP