Closed tmitchell5280 closed 7 years ago
Hey Troy, which field are you after? Currently the email template supports the fields outlined here https://github.com/CrowdStrike/falcon-orchestrator/wiki/Installation-&-Deployment#templates. Will need some code changes to support any other fields. If the one you're after is in the list, simply update the template html file in web app's App_Data\templates directory.
No it is not on the list. I'd like to add the Command-Line Field to my Detection Notification Email.
Thanks,
-Troy
Okay, you'll want to download the source for FalconOrchestrator.Client module and modify the Rules.cs file (https://github.com/CrowdStrike/falcon-orchestrator/blob/master/FalconOrchestrator.Client/Rules.cs) in the section lines 121-147 is where the fields are specified. You can add the new CommandLine field in there then compile and replace the FalconOrchestrator.Client.exe file with your new one. Once that's done, you'll need to update the alert_template.html file and include the new {{CommandLine}} variable in there. Hope that helps. If you need further clarification, feel free to ping me on slack.
Awesome. Sounds like a plan. Thank Evan.
-Troy
Hey @tmitchell5280 did you get what you need here? I'm going to close out this ticket, just ping me on slack if you need some more help with this.
Hello,
Has anyone added a new field to the Detection Notification email that is sent by Falcon Orchestrator.
I'd like to add an exiting SQL Database field to my emailed report.
If so what are the steps to making this happen.
Thanks,
-Troy