BrianMorris 15 Posted January 20, 2022 Posted January 20, 2022 For me, the more important part of the infection/alert notification emails is URI (Uniform Resource Identifier), but I can't find a way to add it. When I get an email notification, I can add all the other fields that I need EXCEPT URI.
VlP 0 Posted April 12, 2022 Posted April 12, 2022 Hi. Yes, same problem here. Without URI identificator are notifications useless... VP
BrianMorris 15 Posted April 12, 2022 Author Posted April 12, 2022 2 hours ago, VlP said: Without URI identificator are notifications useless... Yes! I feed these alerts into my ticketing system, but it misses this key piece of info 🙁
Ufoto 15 Posted June 14, 2022 Posted June 14, 2022 Is there any information whether ESET is considering to add this variable to the Notifications email body at some point?
ESET Staff igi008 23 Posted June 23, 2022 ESET Staff Posted June 23, 2022 On 6/14/2022 at 11:32 AM, Ufoto said: Is there any information whether ESET is considering to add this variable to the Notifications email body at some point? Hello, many thanks for your post. It is a bit tricky because URI can also be a phishing link (in the case of web protection). ESET may be put on the list of phishers when we will send such notifications. However, we will try to open this topic internally again, and we will try to find an appropriate solution.
Ufoto 15 Posted June 23, 2022 Posted June 23, 2022 28 minutes ago, igi008 said: Hello, many thanks for your post. It is a bit tricky because URI can also be a phishing link (in the case of web protection). ESET may be put on the list of phishers when we will send such notifications. However, we will try to open this topic internally again, and we will try to find an appropriate solution. Hi Igi, Thank you for your response. Yes, indeed that's a valid point. I had my malware summary reports stripped several times because they contained malicious links accessed by endpoints. Maybe it will be worth adding an extra rule as a temporary measure which allows the notifications to send URI information only if it is a file path rather than URL. This should be easy to achieve using regex until you come up with a proper solution such as to separate network-related URI into a separate property which is not available for reporting.
BrianMorris 15 Posted June 28, 2022 Author Posted June 28, 2022 On 6/23/2022 at 4:07 AM, igi008 said: Hello, many thanks for your post. It is a bit tricky because URI can also be a phishing link (in the case of web protection). ESET may be put on the list of phishers when we will send such notifications. However, we will try to open this topic internally again, and we will try to find an appropriate solution. Valid point. You could address this by changing the HTTP to HXXP for the purposes of these notification emails. Ufoto 1
Recommended Posts