I have a simple search similar to this
host=ccirc.example.com | table email malware | sort email | uniq
which gives me results like this
Is it possible for me to iterate through each line and send a boilerplate email to the address in the fist field, basically saying "you are infected with $virus"?
I should also note that the source file for this search is generated by a script once a day, so you don't see individual lines coming in 'real time.'
Any insights are much appreciated!
This functionality doesn't exist.
But you can create your own scripted alert that will create the emails after parsing the results.
View solution in original post
by the way nice reference to the quantic transient state.
Thanks for pointing me in the right direction!