When using the $INCIDENT_SNAPSHOT$ variable in a 'Send Email Notification' response rule, it sends an incorrect URL.
search cancel

When using the $INCIDENT_SNAPSHOT$ variable in a 'Send Email Notification' response rule, it sends an incorrect URL.

book

Article ID: 273473

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

When configuring a Send Email Notification response rule, you can use the $INCIDENT_SNAPSHOT$ variable to include the fully qualified URL to the incident snapshot page. However, if you have changed either the hostname or domain, the URL still contains the old hostname or FQDN, causing the link to be invalid when users click it.

Environment

Release: DLP 15.8, 16.0

Cause

If you have recently changed the hostname or domain, and the FQDN of the Enforce server has been updated, you need to ensure that Enforce sends the correct FQDN when using the $INCIDENT_SNAPSHOT$ variable in email notifications.

Resolution

1. In the Enforce Console, go to System > Settings > General.

2. Click on the "Configure" button.

3. Under "Reports and Alerts," locate the "Fully Qualified Manager Name" field.

4. Enter the new FQDN or IP address of your Enforce Server in this field.

5. Click "Save" to apply the changes.

From now on, all new incidents will include the updated URL in the email notifications, ensuring that users can access the incident snapshot page correctly.

Additional Information

What Variables can be used within Response Rules?