Alert Actions
Tenable Security Center automatically performs alert actions when an alert triggers. You can configure the following types of alert actions:
Tip: Use email alerts to interface with third-party ticketing systems by adding variables in the message option.
For more information, see Alerts.
When the alert triggers, Tenable Security Center creates a ticket and assigns the ticket to a user. For more information, see Tickets.
|
Option |
Description |
Default |
|---|---|---|
|
Name |
(Required) The name of the ticket. |
Ticket opened by alert |
|
Description |
A description for the ticket. |
-- |
|
Assignee |
(Required) The user who receives the ticket. |
-- |
When the alert triggers, Tenable Security Center sends an email.
|
Option |
Description |
Default |
|---|---|---|
|
|
||
|
Subject |
The alert email subject line. |
Email Alert |
|
Message |
The body of the email message. You can include the following variables to customize the email:
The following sample email alert contains some of these keywords embedded into an HTML email: Alert <strong>%alertName%</strong> (id #%alertID%) has triggered.
<strong>Alert Definition:</strong> %triggerName% %triggerOperator% %triggerValue% <strong>Calculated Value:</strong> %calculatedValue%
Please visit your Tenable Security Center Director (<a href="%url%">%url%</a>) for more information. This e-mail was automatically generated by Tenable Security Center Director as a result of alert <strong>%alertName%</strong> owned by <strong>%owner%</strong>.
If you do not wish to receive this email, contact the alert owner. |
(see description) |
|
Include Results |
When enabled, Tenable Security Center includes the query results that triggered the alert (maximum of 500). |
Disabled |
| Recipients | ||
|
Users |
The users who receive the alert email. Tip: If you delete a user who receives alert emails, the action option for the alert turns red and Tenable Security Center displays a notification to the new alert owner with the new alert status. To resolve this, update the list of users in the alert email. |
-- |
|
Email Addresses |
Specifies additional email addresses to include in the alert email. For multiple recipients, add one email address per line or use a comma-separated list. |
-- |
When the alert triggers, Tenable Security Center sends a custom message to a syslog server.
|
Option |
Description |
Default |
|---|---|---|
|
Host |
(Required) The host that receives the syslog alert. |
-- |
|
Port |
The UDP port used by the remote syslog server. |
514 |
|
Severity |
The severity level of the syslog messages (Critical, Notice, or Warning). |
Critical |
|
Message |
(Required) The message Tenable Security Center sends with the syslog alert. |
-- |
When the alert triggers, Tenable Security Center generates a report from an existing report template. For more information, see Reports.
|
Option |
Description |
Default |
|---|---|---|
|
Report Template |
(Required) The report template Tenable Security Center uses to generate a report based on the triggered alert data. |
-- |
When the alert triggers, Tenable Security Center displays a notification to the specified users.
|
Option |
Description |
Default |
|---|---|---|
|
Message |
(Required) The notification message Tenable Security Center sends when the alert triggers. |
-- |
|
Users |
(Required) The users who receive the notification message. |
-- |