Customize System Emails - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-09-18
Last date published
2024-09-26
Category
Administrator Guide
Solution
Cloud
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation
Abstract

Customize subject and message body for Cortex XSOAR system emails and choose HTML and/or text format.

Cortex XSOAR sends notifications to users. You can customize the subject and the contents of the email, and choose whether to send the email in HTML format. The following are the default message subjects and the default message contents:

Message Type

Default Subject

Default Message Body

mentionNew

Message from Cortex XSOAR Security Operations Server

{{.username}} added you to investigation {{.invName}}.\nYou were mentioned: {{.parentContent}}.

mentionNewNoContent

Message from Cortex XSOAR Security Operations Server

{{ .username}} added you to investigation {{ .invName}}.

mentionOld

Message from Cortex XSOAR Security Operations Server

{{ .username}} mentioned you in investigation {{ .invName}}: {{ .parentContent}}.

assign

Message from Cortex XSOAR Security Operations Server

{{ .username}} assigned task #{{ .taskId}} in investigation {{ .invName}} to you.

Note

The assign message type is only relevant for Playbook tasks.

todoAssign

Message from Cortex XSOAR Security Operations Server

{{.username}} assigned To-Do task {{.title}} in investigation {{.invName}} to you.

taskCompleted

Message from Cortex XSOAR Security Operations Server

{{ .username}} completed task #{{ .taskId}} in investigation {{.invName }}.

taskUpdated

Message from Cortex XSOAR Security Operations Server

{{.username}} updated task #{{.taskId}} in investigation {{.invName}}.

investigationClosed

Message from Cortex XSOAR Security Operations Server

{{.username}} has closed investigation {{.invName}}.

investigationWaiting

Message from Cortex XSOAR Security Operations Server

{{.username}}, {{.invName}} has stopped and is waiting your instructions."

investigationError

Message from Cortex XSOAR Security Operations Server

{{.username}}, {{.invName}} has stopped because of an error.

investigationDeleted

Message from Cortex XSOAR Security Operations Server

{{.username}} has deleted investigation {{.invName}}.

incidentOpened

Message from Cortex XSOAR Security Operations Server

{{.username}} has reported {{.incTermArticle}} {{.incTermSingular}} {{.invName}}.

incidentChanged

Message from Cortex XSOAR Security Operations Server

{{.username}} has updated {{.incTermArticle}} {{.incTermSingular}} {{.invName}}.

incidentStatusChanged

Playbook has stopped on {{ .runStatus}} for {{ .invName}} (#{{ .incID}})

{{.incTermCapitalSingular}} playbook task "{{.taskName}}" stopped on {{.runStatus}}. {{.incTermCapitalSingular}} Id: #{{.incID}}{{.incTermCapitalSingular}} Name: {{.invName}}{{.incTermCapitalSingular}} SLA: {{.SLA}}{{.incTermCapitalSingular}} Severity: {{.severity}}Task: #{{.taskID}}Task Name: {{.taskName}}Task SLA: {{.TaskSLA}}

incidentAssigned

Message from Cortex XSOAR Security Operations Server

{{.username}} has assigned you {{.incTermArticle}} {{.incTermSingular}} {{.invName}}.

taskCompletedWithNotes

Message from Cortex XSOAR Security Operations Server

{{.username}} completed task #{{.taskId}} in investigation {{.invName}}.\nCompletion note was: {{.taskComment}}

incidentReminderSLA

Message from Cortex XSOAR Security Operations Server

FYI, {{.incTermSingular}} #{{.invID}} "{{.reminedOn}}" - SLA expiration is approaching. ({{.SLA}})

MessageTypeTaskSLA

Message from Cortex XSOAR Security Operations Server

FYI, task "{{.reminedOn}}" (from investigation {{.invName}}) - due date is approaching. ({{.SLA}})

newContentAvailable

Message from Cortex XSOAR Security Operations Server

A content update: {{.release}} for your Demisto Server is available.\n{{.releaseNotes}}

failedFetchIncidents

Integration instance {{ .instance}} ({{ .brand}}) failed fetching new {{ .incTermPlural}}

Integration instance {{.instance}} ({{.brand}}) failed fetching new {{.incTermPlural}} at {{.date}}\nerror message is:\n{{.error}}

engineDisconnected

Cortex XSOAR Engine Disconnected

Engine '{{.name}}' ({{.host}}) is disconnected. Engines will not process integration automations until it is reconnected.

externalFormSubmit

{{ .subject}}

""

externalAskSubmit

{{ .subject}}

""

jobRunning

Message from Cortex XSOAR Security Operations Server

A previous instance of job {{.invName}} is already running.

Change the Email Subject

You can customize the subjects of system emails.

  1. Go to Settings & InfoSettingsSystemServer SettingsServer Configuration.

  2. Add the key messages.subject.formats.<MessageType>, where <MessageType> is the type of message, such as assign or taskCompleted. For the value, enter your custom subject. You can use any of the default variables, for example .invName in your subject.

    Examples:

    Key

    Value

    messages.subject.formats.assign

    You were assigned to an incident

    messages.subject.formats.taskcompleted

    Task completed in {{.invName }}

Change the Email Body

You can customize the content of the system messages, and include variables such as .username and .invName in your body content.

You can send HTML or non HTML messages. If you have users who can only receive plain text, use the key messages.formats.<MessageType>, where <MessageType> is the type of message, such as assign or taskCompleted. Enter your custom body text as the value. If you have users who can receive HTML emails, use the key messages.HTML.formats.<MessageType>, where <MessageType> is the type of message. Enter your custom body text as the value. To set custom body text for both text and HTML messages, add both keys/values for each message you want to customize.

  1. Go to Settings & InfoSettingsSystemServer SettingsServer Configuration.

  2. Add the key messages.formats.<MessageType> or messages.HTML.formats.<MessageType>. For the value, enter your custom email body.

    Examples:

    Key

    Value

    messages.HTML.formats.assign

    {{.username}} added you to investigation {{.invName}}.\nPlease log in and review.

    messages.formats.assign

    {{.username}} added you to investigation {{.invName}}.\nPlease log in and review.