Custom Email Templates
333 views
Skip to first unread message
Martin Stoyanov
Nov 24, 2022, 4:25:32 AM11/24/22
to wa...@googlegroups.com
Hi team, hope you are doing well?
I wanted to ask if there is any plans to implement custom email subject and body formatting capabilities for the email notification coming from Wazuh (I know there were many requests for the same in the group and some issues were already opened for that, example - https://github.com/wazuh/wazuh/issues/3568 )
I am aware of the option to do this with custom integration (like https://wazuh.com/blog/how-to-integrate-external-software-using-integrator/) but this method has some pitfalls and require customization for every type of alert and fields you want to display - for example custom integration for Sysmon Event 1, custom integration for Sysmon event 11, custom integration for FIM, custom integration for AD event logins, etc (assuming that you want to provide specific fields in the alert body depending on the alert type).
Also no direct way to limit the emails send in a period of time.
Best regards,
Martin
Sandra Ocando
Nov 25, 2022, 6:34:39 AM11/25/22
to Martin Stoyanov, wa...@googlegroups.com
Hi Martin,
Unfortunately there is not an expected date for this development.
Nevertheless, the custom integration option is very powerful and can be customized to fulfill your needs. Check out this script to send custom email alerts: https://github.com/jctello/JCT-Wazuh/blob/main/integrations/custom-email-alerts. This script allows you to easily change the subject and message. Check out this post for instructions on how to configure this integration: https://www.reddit.com/r/Wazuh/comments/sem0gv/how_can_i_change_email_subject/
Instead of custom integrations for each alert type, consider adding conditionals in the script to display different fields as you'd like. If you'd like to limit the alerts per hour, consider adding a database to the script and a function to group messages if necessary.
Let us know if you have any questions.
Best regards,
Sandra.
Unfortunately there is not an expected date for this development.
Nevertheless, the custom integration option is very powerful and can be customized to fulfill your needs. Check out this script to send custom email alerts: https://github.com/jctello/JCT-Wazuh/blob/main/integrations/custom-email-alerts. This script allows you to easily change the subject and message. Check out this post for instructions on how to configure this integration: https://www.reddit.com/r/Wazuh/comments/sem0gv/how_can_i_change_email_subject/
Instead of custom integrations for each alert type, consider adding conditionals in the script to display different fields as you'd like. If you'd like to limit the alerts per hour, consider adding a database to the script and a function to group messages if necessary.
Let us know if you have any questions.
Best regards,
Sandra.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CACuuZBAVybJ%2BQ5AjOzLKtLUsTVqVoMYZ91FpRXK-_G3Uxw6dAw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages