What are the available substitution keywords for the response pages? Do they differ by page?
I am trying to incorporate an email with all the pertinent information to be sent to our internal systems. Unfortunately, the keywords that I have found for substitution are insuffficient. For example:
<h1>Virus Download Blocked</h1>
<p>Download of the virus has been blocked in accordance with CompanyX policy.</p>
<p>If you believe there is an error, please contact the helpdesk at
document.write("<a href='mailto:email@example.com?subject=" + escape("AntiVirus File Blocking problem: <url/>") + "&body=Please%20check%20antivirus%20for%20possible%20misconfiguration.%3A%20%0A%0AFile name: " + escape("<fname/>") + "'>firstname.lastname@example.org</a>");
or +1 (800) 555-1212.
<p><b>File name:</b> <fname/> </p>
Produces an email with only the filename (Ex: eicar.com). Not enough to determine what the action should be in many cases (eicar.com being an obvious exception). Really this needs: Referring URL or complete URL of the file, and likely the application name. That would allow a better investigation.
Solved! Go to Solution.
In addition to what is in that doc, you should also be able to use <threatname/> to get the name of the virus or exploit that was detected.
Not trying to hijack the thread, but this last post (variable "<threatname/>") indicates there may be OTHER "hidden" variables that can be used... It would be really nice to know what ALL the variables are to customize each block page. (also, which variables are only allowed in certain block pages, such as Anti-Virus, versus URL filtering...
There is also a variable '<rulename>' that I just found mentioned by Doris Yang on another thread... (https://live.paloaltonetworks.com/message/22083)
We really need the complete, unadulterated Non-Readers-Digested version of the Variables and which pages the variables are functional for.
Please note that there are variables (<threatname/> & <rulename> at a minimum) that are not mentioned in the document you referenced.
How to show in response page user IP and username? As when username is available, only this is visible. But I need both. And also timestamps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!