How to customize alert subject and body
Starting from version 4.4, Cayosoft Guardian supports the customization of alert text fields with so-called tokens. A token is a reference to an object or the value of an object's property. This article contains token usage examples with step-by-step instructions on how to customize alert text fields with tokens.
Applies to: v4.4 and later.
General information
WhenCayosoft Guardian raises an alert, there are linked objects and their properties that might be available in actions of the Alerting rule to generate various texts like message subject or body. Such linked objects might include Jobs, Alerting Rules, Change History Records, and changed objects from managed systems. Refer to the following steps:
Open the Cayosoft GuardianWeb Portal.
Open Change History.
Select any saved query without a linked Alerting Rule or create a new saved query.
To create a new alerting rule use New alert action.
Go to the Alert parameters tab and observe tokens in the Alert subject and Alert body.
-
Edit Alert Subject and Alert body. See the example of the Alert subject below.
CopyALERT! {AlertRule/ObjectName}. Object: {TargetItem/ObjectName}.
NOTE: There is a predefined behavior that defines how tokens are shown inside messages. In case a token is used that references the object, like change history record or an object from managed system, it will be shown as link and on click Cayosoft Guardian will open properties page of the object. In case a property is specified it will be shown as text. HTML expressions can also be used to provide desired text formatting.
List of the objects available in alerting rule workflow
№ |
Object name |
Token |
|---|---|---|
1 |
An item that triggered the alert, such as a Change History record or Job Execution History Item |
{TargetItem} |
2 |
An object from the managed system that is referenced in the change record |
{TargetItem/TargetObject} |
3 |
An alert object. |
{Alert} |
4 |
An alerting rule object. |
{AlertRule} |
5 |
A saved query. |
{AlertRule/SavedQuery} |
6 |
A management system from where the change history record came. |
{TargetItem/ManagedSystem} |
Examples of the tokens referencing object properties
№ |
Example Description |
Token |
|---|---|---|
1 |
Adding samaccountname property of a modified Active Directory User in alert title NOTE: Non-modified values of properties of the target object in the change history record at the time of record creation can be referenced as propertyname. See Token column for example. |
{TargetItem/TargetObject/samaccountname} |
2 |
Adding userPrincipalName of a modified Azure Active Directory user |
{TargetItem/TargetObject/userPrincipalName} |
3 |
Adding domain controller name where object was modified |
{TargetItem/OriginatingSource/ObjectName} |
4 |
Adding managed system name |
{TargetItem/ManagedSystem/ObjectName} |
5 |
List names of the objects added to an Active Directory group NOTE: Values of modified properties of the object in the change record can be referenced as propertyname_added. See Token column for example.
Consider using |
{TargetItem/member_added/ObjectName} |
6 |
List names of the objects added to an Azure Active Directory group |
{TargetItem/members_added/ObjectName} |
7 |
Creator of the saved query |
{AlertRule/SavedQuery/createdBy} |
| 8 | Audit Category(-es) | {TargetItem/auditCategories} |
| 9 | Type of change record | {TargetItem/ChangeType} |
| 10 | Execution result of specific action in the job workflow | {RollbackAction/ExecutionResult} |
| 11 | Start/End time of the job run | {TargetItem/StartedDateTime} {TargetItem/StoppedDateTime} |
| 12 | Initiator from the change history record |
{TargetItem/Who} |
Comments
0 comments
Please sign in to leave a comment.