Incident Notification
AccelOps can send notifications via email/SMS, HTTPS, SNMP traps, and over the AccelOps API. These topics describe the formats for these notification types, and how to use the notification API.
Formats for Incident Notifications over Email, HTTPS, SNMP Trap, and API Using the Notification API
Formats for Incident Notifications over Email, HTTPS, SNMP Trap, and API
This topic describes the formats for the various types of notifications that AccelOps can send by email/SMS, HTTPS, SNMP trap, or through the API>.
Email/SMS Notification
Subject Line Format
Body Format
SMS Format
SNMP Trap Notification
MIB File
HTTP(S) Notification
XML Schema
XML File Format
Email/SMS Notification
Email is the most common form of incident notification. For integration purposes, an incident email subject and body can be parsed and specific actions can be taken if necessary.
These screenshots shows three types of email that can be sent depending on whether an incident is NEW, UPDATEd or CLEARed
| New | Update | Clear |
Subject Line Format
[New|Update|Clear] <HostName>: <Rule Name>
Body Format
| Section | Field | Description |
| Generic | ||
| Incident Id | Unique ID of the incident in AccelOps. An incident can be searched in AccelOps by this ID. | |
| Time | Time when this incident occurred | |
| Severity | Incident severity: HIGH|MEDIUM|LOW and a numeric severity in the range 0-10 (0-4 LOW, 5-8 MEDIUM and 9-10 HIGH | |
| Incident Count | How many times this incident has occurred. For NEW incidents, the count is 1. | |
| Rule | Rule Name | Name of the rule, repeated in the subject line |
| Rule
Description |
||
| Incident Target | Where the incident occurred, or the target of an IPS alert | |
| Host Name
(optional) |
||
| Host IP
(optional) |
||
| Other attributes as defined in rule | ||
| Incident Source | For security-related incidents, where the incident originated | |
| Host Name
(optional) |
||
| Host IP
(optional) |
||
| Other attributes as defined in rule | ||
| Incident Details | Rule-specific details that caused the incident to trigger | |
| Affected Business
Services (optional ) |
||
| Identity and
Location |
Xontains additional information for IP addresses in incident source or target. This information is present only if such information is discovered by AccelOps and shown in the Identity and Location tab. Host name
User Domain Nearest switch name/port or VPN gateway or Wireless Controller First and last seen times for this IP address to identity/location binding |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!