Creating alerts using InfoSec App, adaptive response set to email, but in the email body i'm trying to query src, dest and action fields.
I've tried everything such as $src$, with/without quotes, dollar sign but still not working. anything will help!
Does this work for the InfoSec App? trying to do some testing between the 2.
I believe too, to rephrase my question, im trying to insert tokens into the body of my email message. I just want it to display
source, destination, action, and possibly ports. the instructions weren't as clear as to what to insert.
Try as below mentioned (for sending email as an action from ES App"
'$field_name$'