Customize subject and message body for Cortex XSOAR system emails and choose HTML and/or text format.
Cortex XSOAR sends notifications to users. You can customize the subject and the contents of the email, and choose whether to send the email in HTML format. The following are the default message subjects and the default message contents:
Message Type | Default Subject | Default Message Body |
---|---|---|
mentionNew | Message from Cortex XSOAR Security Operations Server | {{ |
mentionNewNoContent | Message from Cortex XSOAR Security Operations Server | {{ |
mentionOld | Message from Cortex XSOAR Security Operations Server | {{ |
assign | Message from Cortex XSOAR Security Operations Server | {{ NoteThe assign message type is only relevant for Playbook tasks. |
todoAssign | Message from Cortex XSOAR Security Operations Server | {{ |
taskCompleted | Message from Cortex XSOAR Security Operations Server | {{ |
taskUpdated | Message from Cortex XSOAR Security Operations Server | {{ |
investigationClosed | Message from Cortex XSOAR Security Operations Server | {{ |
investigationWaiting | Message from Cortex XSOAR Security Operations Server | {{ |
investigationError | Message from Cortex XSOAR Security Operations Server | {{ |
investigationDeleted | Message from Cortex XSOAR Security Operations Server | {{ |
incidentOpened | Message from Cortex XSOAR Security Operations Server | {{ |
incidentChanged | Message from Cortex XSOAR Security Operations Server | {{ |
incidentStatusChanged | Playbook has stopped on {{ | {{ |
incidentAssigned | Message from Cortex XSOAR Security Operations Server | {{ |
taskCompletedWithNotes | Message from Cortex XSOAR Security Operations Server | {{ |
incidentReminderSLA | Message from Cortex XSOAR Security Operations Server | FYI, {{ |
MessageTypeTaskSLA | Message from Cortex XSOAR Security Operations Server | FYI, task "{{ |
newContentAvailable | Message from Cortex XSOAR Security Operations Server | A content update: {{ |
failedFetchIncidents | Integration instance {{ | Integration instance {{ |
engineDisconnected | Cortex XSOAR Engine Disconnected | Engine '{{ |
externalFormSubmit | {{ | "" |
externalAskSubmit | {{ | "" |
jobRunning | Message from Cortex XSOAR Security Operations Server | A previous instance of job {{ |
Change the Email Subject
You can customize the subjects of system emails.
Go to
→ → → → .Add the key
messages.subject.formats.<MessageType>
, where<MessageType>
is the type of message, such asassign
ortaskCompleted
. For the value, enter your custom subject. You can use any of the default variables, for example.invName
in your subject.Examples:
Key
Value
messages.subject.formats.assign
You were assigned to an incident
messages.subject.formats.taskcompleted
Task completed in {{.invName }}
Change the Email Body
You can customize the content of the system messages, and include variables such as .username
and .invName
in your body content.
You can send HTML or non HTML messages. If you have users who can only receive plain text, use the key messages.formats.<MessageType>
, where <MessageType>
is the type of message, such as assign
or taskCompleted
. Enter your custom body text as the value. If you have users who can receive HTML emails, use the key messages.HTML.formats.<MessageType>
, where <MessageType>
is the type of message. Enter your custom body text as the value. To set custom body text for both text and HTML messages, add both keys/values for each message you want to customize.
Go to
→ → → → .Add the key
messages.formats.<MessageType>
ormessages.HTML.formats.<MessageType>
. For the value, enter your custom email body.Examples:
Key
Value
messages.HTML.formats.assign
{{
.username
}} added you to investigation {{.invName
}}.\nPlease log in and review.messages.formats.assign
{{
.username
}} added you to investigation {{.invName
}}.\nPlease log in and review.