Using Customized Email Notifications for Rules

Notification Policies can be set up to send notifications via customized emails. These customized email notifications allow you to send as many notifications as needed to multiple defined users with your specified text.

This feature is available for Endpoint ITM detection rules and CASB rules. You create the notification policy and then select it from the Detection rule or CASB rule. When an alert is triggered, the custom email is sent.

For suggested CASB email templates, see Applying Notification Policies for CASB.

(See Notification Policies.)

Adding Customized Emails

Customized emails are managed in Integrations > Notification Policies.

The customized email is created from a template. You define the Recipients, Subject and Body of the email.

1. From the Administration app, select Integrations > Notification Policies to access the Notification Policies. Click New Notification.

2. Select For Rules from the New Notification options, click Create.

3. Provide a name for the email notification and in the Email area, click Set up Email.

   

4. Complete the message template.

Message Template

The message template lets you define the email you want to send.

Customized Email Body

By default, a body template is provided. You can sent emails using this or modify the template to customize as you want.

You can tailor the email body to a specific alert by including fields such as the alert name, time of the alert, and alert severity. As you design your email, you can preview it in the Message Preview window on the right.

Select Edit Template of Switch to Handlebars to customize the body of the template.

Email Body Modification with Handlebars

When you switch to Handlebars, you can use the Handlebar templating language in the template. For more information about Handlebars, see Handlebars documentation.

You can use expressions and change the text.

In the example, the text What is the source of this alert? and the expression{{event.feed.product}} were added to the email.

Email Notification Alert Validation

You can use the JSON from an existing alert to identify the expressions you need for the handlebar template.

Copy the JSON of the triggered alert to the Notification template. The fields are automatically replaced.

1. From Analytics > Alerts, select the alert you want from the Alerts view. The details for the alert display.

   

2. From the Activity dropdown, select View Activity JSON.

   

3. Select and copy the JSON file.

   

4. From Administration > Integrations > Notification Policies > For Rules, in Message Preview of the email template, click Edit JSON.

5. Replace the preview with the JSON file and click Save.

6. The fields are parsed and used in the template. An email that validates the specific rule is now available.

   

Email Body Modification with Template Editor

The template editor lets you modify the text and use the available variables. The variables are included in the template and displayed at the bottom of the template for your use.

Currently the following variables are available: Event, Fqld, Incident, Incident Name, Number of Reason, List of Rule Triggered, End of List, Reason Severity, Reason Name and Reason Description.

Template Styling

You can add styling to the template. This includes formatting, images and links to other urls. The table describes the available styles.

Use Case	Headers
Bold	<b>Your Text</b>
Italic	<i>Your Text</i>
Underline	<u>Your Text</u>
Link	<a><href=https:\\yoururl.com>Link Text</a>
Color	<font color='blue'>Your Text </font>
Embedded Image	<img src="data:image/png;base64,{image-content-base-64} ">

Customized Recipients

In the Recipient area, define who you want to receive the email. You can define a static or dynamic recipients list.

• Static recipient: Use this option when you want to send the email to recipients who will always receive the email when the alert is triggered. If you want to change the user, you will need to modify the list.

  1. In the Recipient area of the email template, click Add.

     

  2. Select the users you want from the list of Observed Values.

     

     When the alert triggers, the email is sent to the selected users.

• Dynamic recipient: You can configure the recipient field to be dynamic, allowing it to change based on the data rather than using a fixed list of recipients. For example, if you want to send an email to any user who triggers a specific alert, you can use the field {{event.user.email}} in the Recipient area. Each time the alert is triggered, an email is sent to the relevant user.

  You can identify which fields you want to use by looking at the Alert JSON file.