Customize System Emails - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-03-28
End_of_Life
EoL
Category
Administrator Guide
Abstract

Customize subject and message body for Cortex XSOAR system emails and choose HTML and/or text format.

Cortex XSOAR sends notifications to users. You can customize the subject and the contents of the email, and choose whether to send the email in HTML format.

Arguments are specific to message types, and not all arguments are available for all message types. The default message body column in the table below includes the arguments available for each message type.

Message Type

Default Subject

Default Message Body

mentionNew

Message from Cortex XSOAR Security Operations Server

{{.username}} added you to investigation {{.invName}}.\nYou were mentioned: {{.parentContent}}.

mentionNewNoContent

Message from Cortex XSOAR Security Operations Server

{{ .username}} added you to investigation {{ .invName}}.

mentionOld

Message from Cortex XSOAR Security Operations Server

{{ .username}} mentioned you in investigation {{ .invName}}: {{ .parentContent}}.

assign

Message from Cortex XSOAR Security Operations Server

{{ .username}} assigned task #{{ .taskId}} in investigation {{ .invName}} to you.

taskCompleted

Message from Cortex XSOAR Security Operations Server

{{ .username}} completed task #{{ .taskId}} in investigation {{.invName }}.

taskUpdated

Message from Cortex XSOAR Security Operations Server

{{.username}} updated task #{{.taskId}} in investigation {{.invName}}.

userAcceptedInvite

Message from Cortex XSOAR Security Operations Server

{{.username}} has accepted your invitation to join Demisto Security Operations Server.

investigationClosed

Message from Cortex XSOAR Security Operations Server

{{.username}} has closed investigation {{.invName}}.

investigationWaiting

Message from Cortex XSOAR Security Operations Server

{{.username}}, {{.invName}} has stopped and is waiting your instructions."

investigationError

Message from Cortex XSOAR Security Operations Server

{{.username}}, {{.invName}} has stopped because of an error.

investigationDeleted

Message from Cortex XSOAR Security Operations Server

{{.username}} has deleted investigation {{.invName}}.

welcomeAboardMessage

Message from Cortex XSOAR Security Operations Server

Hi {{.username}}. Nice to meet you, my name is DBot™, and I will be happy to assist you in your investigations.

incidentOpened

Message from Cortex XSOAR Security Operations Server

{{.username}} has reported {{.incTermArticle}} {{.incTermSingular}} {{.invName}}.

incidentChanged

Message from Cortex XSOAR Security Operations Server

{{.username}} has updated {{.incTermArticle}} {{.incTermSingular}} {{.invName}}.

incidentStatusChanged

Playbook has stopped on {{ .runStatus}} for {{ .invName}} (#{{ .incID}})

{{.incTermCapitalSingular}} playbook task "{{.taskName}}" stopped on {{.runStatus}}. {{.incTermCapitalSingular}} Id: #{{.incID}}{{.incTermCapitalSingular}} Name: {{.invName}}{{.incTermCapitalSingular}} SLA: {{.SLA}}{{.incTermCapitalSingular}} Severity: {{.severity}}Task: #{{.taskID}}Task Name: {{.taskName}}Task SLA: {{.TaskSLA}}

incidentAssigned

Message from Cortex XSOAR Security Operations Server

{{.username}} has assigned you {{.incTermArticle}} {{.incTermSingular}} {{.invName}}.

taskCompletedWithNotes

Message from Cortex XSOAR Security Operations Server

{{.username}} completed task #{{.taskId}} in investigation {{.invName}}.\nCompletion note was: {{.taskComment}}

incidentReminderSLA

Message from Cortex XSOAR Security Operations Server

FYI, {{.incTermSingular}} #{{.invID}} "{{.reminedOn}}" - SLA expiration is approaching. ({{.SLA}})

MessageTypeTaskSLA

Message from Cortex XSOAR Security Operations Server

FYI, task "{{.reminedOn}}" (from investigation {{.invName}}) - due date is approaching. ({{.SLA}})

newContentAvailable

Message from Cortex XSOAR Security Operations Server

A content update: {{.release}} for your Demisto Server is available.\n{{.releaseNotes}}

drCriticalError

Message from Cortex XSOAR Security Operations Server

An unrecoverable error has occurred. Live Backup has been disabled. Please shut down both servers and recopy the relevant files, then boot both servers. Live Backup configuration will be saved.

failedFetchIncidents

Integration instance {{ .instance}} ({{ .brand}}) failed fetching new {{ .incTermPlural}}

Integration instance {{.instance}} ({{.brand}}) failed fetching new {{.incTermPlural}} at {{.date}}\nerror message is:\n{{.error}}

engineDisconnected

Cortex XSOAR Engine Disconnected

Engine '{{.name}}' ({{.host}}) is disconnected. Engines will not process integration automations until it is reconnected.

externalFormSubmit

{{ .subject}}

""

externalAskSubmit

{{ .subject}}

""

jobRunning

Message from Cortex XSOAR Security Operations Server

A previous instance of job {{.invName}} is already running.

accountStopped

Cortex XSOAR Account Stopped

Account '{{.name}}' on host '{{.host}}' has stopped.

hostStopped

Cortex XSOAR Host Stopped

Host '{{.name}}' has stopped. All accounts running on this host will be inaccessible.

failedNodeDisabled

Connection to Node "{{ .nodeID}}" Failed

The connection to db node {{.nodeID}} failed. The node was unreachable for {{.minutes}} minutes and is now disabled. No new data will be written to this node, and data that exists on the node will not be displayed in Cortex XSOAR. You should investigate why the node is unreachable and then re-enable the node from the DB Monitoring page.

failedNodeDisableError

Connection to Node "{{ .nodeID}}" Failed

The connection to db node {{.nodeID}} failed. The node was unreachable for {{.minutes}} minutes but could not be disabled. No new data will be written to this node, and data that exists on the node will not be displayed in Cortex XSOAR. You should investigate why the node is unreachable and then re-enable the node from the DB Monitoring page.

Change the Email Subject

You can customize the subjects of system emails.

  1. Go to Settings+About+Troubleshooting+Server Configuration.

  2. Add the key Messages.Subject.Formats.<MessageType>, where <MessageType> is the type of message, such as assign or taskCompleted. For the value, enter your custom subject. You can use any of the default variables, for example .invName in your subject.

    Examples:

    Key

    Value

    Messages.Subject.Formats.assign

    You were assigned to an incident

    Messages.Subject.Formats.taskCompleted

    Task completed in {{.invName }}

Change the Email Body

You can customize the content of the system messages, and include variables such as .username and .invName in your body content.

You can send HTML or non HTML messages. If you have users who can only receive plain text, use the key Messages.Formats.<MessageType>, where <MessageType> is the type of message, such as assign or taskCompleted. Enter your custom body text as the value. If you have users who can receive HTML emails, use the key Messages.HTML.Formats.<MessageType>, where <MessageType> is the type of message. Enter your custom body text as the value. To set custom body text for both text and HTML messages, add both keys/values for each message you want to customize.

  1. Go to SettingsAboutTroubleshootingServer Configuration.

  2. Add the key Messages.Formats.<MessageType> or Messages.HTML.Formats.<MessageType>. For the value, enter your custom subject.

    Examples:

    Key

    Value

    Messages.HTML.Formats.assign

    {{.username}} added you to investigation {{.invName}}.\nPlease log in and review.

    Messages.Formats.assign

    {{.username}} added you to investigation {{.invName}}.\nPlease log in and review.