Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
488
Views
0
Helpful
3
Replies

Custom scripts for IDS e-mail alerting

suzanne.nichol
Level 1
Level 1

‎05-23-2002 12:59 AM - edited ‎03-08-2019 10:44 PM

I need an idiots guide (for want of a better word) on how to write custom scripts for the IDS alerting from the Unix director. Currently the notification script is taken from the eventd directory. The format of the default mails is poor and it would be difficult for anyone outside of our department to be able to decipher them.

Can any of you point me in the right direction? Thanks

Labels:
0 Helpful
3 Replies 3

ekrishna
Level 1
Level 1

‎05-23-2002 05:15 AM

The following link will be helpful for you in writing custom scripts.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids5/csidscog/advanced.htm#10542

Elango

0 Helpful

astuckey
Level 1
Level 1

‎05-23-2002 01:55 PM

Are you using the Event Processing -> Applications tab or the Event Processing -> E-mail?

If you write a custom script for the Applications setup, then the positional parameters are the fields of the director log files as described in the Netranger User's Guide. You can do whatever you want at this point, including DNS lookups, cross-referencing of the signature numbers with a locally written file of caveats and notes, etc.

Could you describe better what you want to do?

0 Helpful

suzanne.nichol
Level 1
Level 1
In response to astuckey

‎05-28-2002 05:00 AM

I have got the script defined in the event processing -> applications tab, but I have the alarm events defined in the e-mail tab for each of the severities of alarms. When any of our sensors recieves and alarm it's sent to the director and the director mails the details of the alarm. I want the content of that mail to be a lot more descriptive so anyone can understand what the mail is about. I would like it to say in plain english what IDS sensor the alarm is from, what the alarm is, the source and destination address and some instructions for the recipient of the alarm to tell them how to react to the alert e.g call this number......!

Doesn't sound like it should be much of a change, but I have tried to edit the event script (after first creating a copy!!) and it just stopped alerting so I must have done something wrong.

0 Helpful
Customers Also Viewed These Support Documents