https://live.paloaltonetworks.com/t5/general-topics/email-alerts/m-p/139160#M48077 <P>Doing it through reporting will require that you either run it every x minutes if you want the same day's data. When you run a scheduled report, the best you'll get is yesterday's data.</P><P>&nbsp;</P><P>Here is how I did it years ago when we had several SMTP servers sending us malicious email attachments with the same message body.</P><P>&nbsp;</P><OL><LI>What you could do is create a data filtering profile searching for a data pattern X in application SMTP.</LI><LI>Then create a firewall policy with SMTP as the application type and port 25 as the service port in the policy then apply your Data Filtering profile (and anything else SMTP should have for a profile like AV etc. too!).&nbsp;</LI><LI>&nbsp;Put this above your regular SMTP permit policies.&nbsp;</LI><LI>&nbsp;Don't forget you won't see a match if you aren't decrypting the SSL when using encrypted SMTP so add that also if needed.</LI><LI>&nbsp;Now on that firewall policy make sure your logging destination includes an email forwarding profile so you get an alert everytime it is matched.</LI></OL> Tue, 24 Jan 2017 19:20:17 GMT Retired Member 2017-01-24T19:20:17Z https://live.paloaltonetworks.com/t5/general-topics/email-alerts/m-p/29666#M21675 <HTML><HEAD></HEAD><BODY><P>Hi All,.</P><P></P><P>Is it possible to generate email alert for particular event and send it to particular email id?</P><P><SPAN>Example: If any data found (in attachment or in email) which is defined in DATA Pattern send alert to&nbsp; </SPAN><A class="jive-link-email-small" href="mailto:ABC@test.com">ABC@test.com</A></P><P><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; If any file is blocked then send alert to&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><A class="jive-link-email-small" href="mailto:XYZ@test.com">XYZ@test.com</A></P><P></P><P>Regards,</P><P>Gururaj</P></BODY></HTML> Wed, 28 Aug 2013 11:40:41 GMT https://live.paloaltonetworks.com/t5/general-topics/email-alerts/m-p/29666#M21675 Gururaj 2013-08-28T11:40:41Z https://live.paloaltonetworks.com/t5/general-topics/email-alerts/m-p/29667#M21676 <HTML><HEAD></HEAD><BODY><P>Not directly supported but can do other things like log forwarding traffic log hits that 2 specific rule written.</P><P>Also look at <A href="https://live.paloaltonetworks.com/message/4216">Email notification per specific threat</A></P></BODY></HTML> Wed, 28 Aug 2013 12:30:08 GMT https://live.paloaltonetworks.com/t5/general-topics/email-alerts/m-p/29667#M21676 Retired Member 2013-08-28T12:30:08Z https://live.paloaltonetworks.com/t5/general-topics/email-alerts/m-p/29668#M21677 <HTML><HEAD></HEAD><BODY><P>You can use the below method. The only difference is that you will not get the emails instantly, but only at the time the scheduled email reports are sent out.</P><P></P><P>create a custom report for the file blocking / data filtering events</P><P><IMG alt="data filtering.JPG.jpg" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/7968_data filtering.JPG.jpg" style="width: 620px; height: 346px;" /></P><P></P><P>add this custom report to a report group:</P><P></P><P><IMG alt="data-filtering-2.JPG.jpg" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/7969_data-filtering-2.JPG.jpg" style="width: 620px; height: 475px;" /></P><P></P><P>Use this report group under an email scheduler</P><P></P><P><IMG alt="data-filtering-3.JPG.jpg" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/7970_data-filtering-3.JPG.jpg" /></P><P></P><P>You can play around with the override email addresses, depending upon who the recipient of the email shall be</P><P></P><P></P><P>BR,</P><P>Karthik</P></BODY></HTML> Wed, 28 Aug 2013 13:02:50 GMT https://live.paloaltonetworks.com/t5/general-topics/email-alerts/m-p/29668#M21677 kprakash 2013-08-28T13:02:50Z https://live.paloaltonetworks.com/t5/general-topics/email-alerts/m-p/139160#M48077 <P>Doing it through reporting will require that you either run it every x minutes if you want the same day's data. When you run a scheduled report, the best you'll get is yesterday's data.</P><P>&nbsp;</P><P>Here is how I did it years ago when we had several SMTP servers sending us malicious email attachments with the same message body.</P><P>&nbsp;</P><OL><LI>What you could do is create a data filtering profile searching for a data pattern X in application SMTP.</LI><LI>Then create a firewall policy with SMTP as the application type and port 25 as the service port in the policy then apply your Data Filtering profile (and anything else SMTP should have for a profile like AV etc. too!).&nbsp;</LI><LI>&nbsp;Put this above your regular SMTP permit policies.&nbsp;</LI><LI>&nbsp;Don't forget you won't see a match if you aren't decrypting the SSL when using encrypted SMTP so add that also if needed.</LI><LI>&nbsp;Now on that firewall policy make sure your logging destination includes an email forwarding profile so you get an alert everytime it is matched.</LI></OL> Tue, 24 Jan 2017 19:20:17 GMT https://live.paloaltonetworks.com/t5/general-topics/email-alerts/m-p/139160#M48077 Retired Member 2017-01-24T19:20:17Z