Managing Custom Alert Templates
Article ID: 289324
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Steps to create and remove custom Alert Templates.
Environment
- App Control Server: All Supported Versions
Resolution
| Note: This article is a "Best Effort" to provide the ability to create custom Templates. The methods described here are not officially supported. |
Creating New Templates:
- Log in to the application server as the Carbon Black Service Account.
- Failure to log in as the Service Account will prevent importing the necessary files.
- Browse to the AlertTemplates directory in the Server install directory, example:
C:\Program Files\Bit9\Parity Server\Reporter\AlertTemplates
- Make copies of the relevant files for the Alert or Response Template(s), outside the Server directory (example: C:\Temp\CustomAlert\):
- Template for Alert.hdr
- Template for Alert.html
- Template for Alert.txt
- Customize the copied Template files as needed (example: adjust phrasing, add additional Tags, etcetera)
- Use an administrative command prompt to switch into the Parity Server\Reporter directory:
cd "C:\Program Files\Bit9\Parity Server\Reporter\"
- Add the new Custom Template to the database with a unique Name and specify the folder, header, html and text files, example:
ParityReporter.exe add_template /name="Name of New Alert" /folder="C:\Temp\CustomAlert" /header="C:\Temp\CustomAlert\CustomHeader.hdr" /html="C:\Temp\CustomAlert\CustomBody.html" /text="C:\Temp\CustomAlert\CustomBody.txt"
- Verify the new Template is available in the Console > Tools > Alerts > Add Alert > Mail Template.
Removing Existing Templates:
- Verify the Template Name from the Console > Tools > Alerts > relevant Alert > Mail Template.
- Log in to the application server as the Carbon Black Service Account.
- Issue the following commands in an administrative command prompt:
cd "C:\Program Files\Bit9\Parity Server\Reporter\"
ParityReporter.exe remove_template /name="Name of Alert"
Available Template Tags: (Per Alert Type)
| Tag Name | Alert Type Tag Can Be Used With | Tag Value |
|---|---|---|
| {$server_name} | All Alerts | Computer name where Server is installed |
| {$alert_id} | All Alerts | Alert identifier |
| {$alerts_triggered_id} | All Alerts | Triggered alert instance identifier |
| {$priority} | All Alerts | Priority of the Alert itself |
| {$priority_color} | All Alerts | Alert priority color (for HTML) |
| {$alert_type} | All Alerts | Alert type name |
| {$alert_name} | All Alerts | Alert name |
| {$alert_message} | All Alerts | Alert message |
| {$created_by} | All Alerts | Date when alert was created |
| {$triggered_date} | All Alerts | Date when alert was triggered |
| {$triggered_summary} | All Alerts | Summary of triggered alert |
| {$tagline} | All Alerts | Tagline used for branding purposes through database (shepherdConfigs param tagline) |
| {$host_id} | Computer related alerts | Host database identifier (used optionally for host detail links) |
| {$host_name} | Elevated privilege alert | Host name of computer that triggered the alert |
| {$hash} | File related alerts | Hash of file that triggered the alert |
| {$file_name} | File related alerts | File name of file that triggered the alert |
| {$antibody_id} | File related alerts | File database identifier (used for file detail links) |
| {$file_state} | File related alerts | File state of the file that triggered the alert |
| {$cert_it} | Certificate alerts | Certificate id that triggered the alert |
| {$cert_subject} | Certificate alerts | Certificate subject that triggered the alert |
| {$publisher} | Certificate alerts | Certificate publisher that triggered the alert |
| <Sha256> | Event and Approval Request alerts | SHA256 hash of the file that triggered the alert |
| <Md5> | Event and Approval Request alerts | MD5 hash of the file that triggered the alert |
| <Sha1> | Event and Approval Request alerts | SHA1 hash of the file that triggered the alert |
| <FileName> | Event and Approval Request alerts | File name of the file that triggered the alert |
| <HostName> | Event and Approval Request alerts | Host name of the computer which triggered the alert |
| <UserName> | Event and Approval Request alerts | User name that triggered the alert |
| <RootSha256> | Event and Approval Request alerts | SHA256 hash of the installer of the file that triggered the alert |
| <AntibodyId> | Event and Approval Request alerts | Database identifier of the file that triggered the alert |
| <HostId> | Event and Approval Request alerts | Database identifier of the computer that triggered the alert |
| <EventRuleName> | Event alerts | Event rule that triggered the alert (if event rule is used) |
| <EventRuleDescription> | Event alerts | Event rule description that triggered the alert (if event rule is used as criteria) |
| <EventSubtype> | Event alerts | Event subtype that triggered the alert (if event is used as criteria) |
| <EventDescription> | Event alerts | Event description that triggered the alert (if event is used as criteria) |
| <ApprovalRequestPriority> | Approval Request alerts | Approval request priority as submitted by the user |
| <ApprovalRequestReason> | Approval Request alerts | Approval request reason as submitted by the user |
| {$approval_filename} | Approval Response | Approval response file name |
| {$approval_resolution} | Approval Response | Approval response resolution as submitted by the administrator |
| {$approval_response} | Approval Response | Approval response comments as submitted by the administrator |
| {$approval_request_reason} | Approval Response | Approval request reason as submitted by the user |
| {$approval_requestor} | Approval Response | Approval requester |
| {$approval_request_date} | Approval Response | Approval request date |
| {$indicator_id} | System health alerts | Health indicator id that triggered the alert |
Additional Information
- Each Template consists of 3 files: Header, HTML Body, and Text Body.
- A new Template with the same name will overwrite an existing Template.
Feedback
Yes
No
Powered by
