Customised Alerts Notifications (Templates)

%3CLINGO-SUB%20id%3D%22lingo-sub-2367545%22%20slang%3D%22en-US%22%3ECustomised%20Alerts%20Notifications%20(Templates)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2367545%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20handy%20as%20the%20existing%20email%20alerts%20are%20for%20Defender%20for%20Endpoint%20for%20Alerts%20and%20Vulnerability%20Notifications%2C%20we%20could%20really%20do%20with%20having%20the%20ability%20to%20customise%20the%20message%20body%20so%20that%20where%20required%20we%20can%20inject%20some%20custom%20data%20to%20allow%20those%20messages%20to%20be%20parsed%20correctly%20by%20ticketing%20systems.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20they%20stand%20for%20our%20organisation%20where%20we%20will%20process%20different%20alerts%20for%20our%20customers%20all%20the%20emails%20will%20end%20up%20in%20a%20single%20queue%20and%20not%20be%20handled%20by%20our%20ticketing%20system%20because%20we%20cannot%20insert%20a%20custom%20field%20with%20a%20value%20that%20our%20parsers%20will%20look%20for.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELong%20term%20we%20will%20look%20at%20API%20level%20integration%20but%20this%20is%20even%20more%20work%2C%20effort%20and%20cost%20to%20complete.%20The%20path%20to%20least%20resistance%20where%20we%20already%20have%20a%20working%20integration%20will%20be%20to%20have%20some%20ability%20to%20insert%20some%20plaintext%20above%20the%20existing%20MS%20template%20for%20the%20ATP%20alert%20emails.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20right%20now%20this%20the%20potential%20to%20hamper%20response%20efforts.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20very%20much%20for%20your%20consideration.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20regards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJames%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2367592%22%20slang%3D%22en-US%22%3ERe%3A%20Customised%20Alerts%20Notifications%20(Templates)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2367592%22%20slang%3D%22en-US%22%3EThis%20will%20not%20be%20an%20answer%20to%20your%20question%2C%20but%20we%20use%20Azure%20Sentinel%20for%20this.%3CBR%20%2F%3EWe%20sync%20incidents%20to%20Sentinel%20(which%20is%20free)%20and%20then%20have%20Logic%20Apps%20running%20that%20send%20emails%20with%20custom%20info%3C%2FLINGO-BODY%3E
New Contributor

Hi there,

 

As handy as the existing email alerts are for Defender for Endpoint for Alerts and Vulnerability Notifications, we could really do with having the ability to customise the message body so that where required we can inject some custom data to allow those messages to be parsed correctly by ticketing systems.

 

As they stand for our organisation where we will process different alerts for our customers all the emails will end up in a single queue and not be handled by our ticketing system because we cannot insert a custom field with a value that our parsers will look for.

 

Long term we will look at API level integration but this is even more work, effort and cost to complete. The path to least resistance where we already have a working integration will be to have some ability to insert some plaintext above the existing MS template for the ATP alert emails.

 

For right now this the potential to hamper response efforts.

 

Thanks very much for your consideration.

 

Kind regards,

 

James

1 Reply
This will not be an answer to your question, but we use Azure Sentinel for this.
We sync incidents to Sentinel (which is free) and then have Logic Apps running that send emails with custom info