#19 Emailing from Summary

Incident Grouping
closed
Nerveup
Interface (44)
5
2006-02-02
2005-02-15
Joel Esler
No

Say I'm at the summary page (say something on
base_stat_uaddr.php) I want to send an email regarding
several different IP's on a subnet (say a bunch belong
to me, and I want to find out why they are triggering
on a particular signature, so I click on the signature,
then click the Unique source IP summary) I wanna be
able to put a check mark beside the IP, and then send
an email.

Discussion

  • Joel Esler

    Joel Esler - 2005-02-28
    • priority: 5 --> 3
     
  • Joel Esler

    Joel Esler - 2005-04-01
    • priority: 3 --> 5
     
  • Christian

    Christian - 2005-04-07

    Logged In: YES
    user_id=1155549

    While on the subject of mail and Summary

    If you do a search on an ip then display that as Unique Alerts
    and want to mail that as summary, the mail will look like this

    The display in BASE
    [bugtraq] [cve] [icat] [nessus] [snort] BAD-TRAFFIC udp
    port 0 traffic misc-activity 4 (0%) 1 1
    1 2005-04-06 22:22:55 2005-04-06 22:24:10

    In the mail that will be
    1-64124| [2005-04-06 22:24:10] xxxxxxxx:1492 ->
    xxxxxxxxx:0 [bugtraq/576] [cve/1999-0675] [icat/1999-0675]
    [nessus/10074] [snort/525] BAD-TRAFFIC udp port 0 traffic

    #1-64123| [2005-04-06 22:24:10] xxxxxxxxx:1492 ->
    xxxxxxxxx:0 [bugtraq/576] [cve/1999-0675] [icat/1999-0675]
    [nessus/10074] [snort/525] BAD-TRAFFIC udp port 0 traffic

    #1-64122| [2005-04-06 22:24:10]xxxxxxxxxx:1492 ->
    xxxxxxxxx:0 [bugtraq/576] [cve/1999-0675] [icat/1999-0675]
    [nessus/10074] [snort/525] BAD-TRAFFIC udp port 0 traffic

    #1-64109| [2005-04-06 22:22:55] xxxxxxxxx:1334 ->
    xxxxxxxxxx:0 [bugtraq/576] [cve/1999-0675] [icat/1999-0675]
    [nessus/10074] [snort/525] BAD-TRAFFIC udp port 0 traffic

    I want it to when i choose summary to mail it as it looks in
    BASE

    This is what i want in the mail.
    [bugtraq] [cve] [icat] [nessus] [snort] BAD-TRAFFIC udp port
    0 traffic misc-activity 4 (0%) 1 1
    1 2005-04-06 22:22:55 2005-04-06 22:24:10

    And the other way if i choose email full.

    /Christian

     
  • Joel Esler

    Joel Esler - 2005-06-01
    • milestone: 467936 --> Incident Grouping
     
  • Nerveup

    Nerveup - 2006-02-02
    • assigned_to: nobody --> nerveup
    • status: open --> closed
     
  • Nerveup

    Nerveup - 2006-02-02

    Logged In: YES
    user_id=1429350

    RFE Implemented... in to cvs... ;)