08-11-2010 03:05 PM
What are the available substitution keywords for the response pages? Do they differ by page?
I am trying to incorporate an email with all the pertinent information to be sent to our internal systems. Unfortunately, the keywords that I have found for substitution are insuffficient. For example:
<h1>Virus Download Blocked</h1>
<p>Download of the virus has been blocked in accordance with CompanyX policy.</p>
<p>If you believe there is an error, please contact the helpdesk at
document.write("<a href='mailto:firstname.lastname@example.org?subject=" + escape("AntiVirus File Blocking problem: <url/>") + "&body=Please%20check%20antivirus%20for%20possible%20misconfiguration.%3A%20%0A%0AFile name: " + escape("<fname/>") + "'>email@example.com</a>");
or +1 (800) 555-1212.
<p><b>File name:</b> <fname/> </p>
Produces an email with only the filename (Ex: eicar.com). Not enough to determine what the action should be in many cases (eicar.com being an obvious exception). Really this needs: Referring URL or complete URL of the file, and likely the application name. That would allow a better investigation.
attached are the variables for the response pages.
08-11-2010 10:59 PM
In addition to what is in that doc, you should also be able to use <threatname/> to get the name of the virus or exploit that was detected.
09-09-2011 12:17 PM
Not trying to hijack the thread, but this last post (variable "<threatname/>") indicates there may be OTHER "hidden" variables that can be used... It would be really nice to know what ALL the variables are to customize each block page. (also, which variables are only allowed in certain block pages, such as Anti-Virus, versus URL filtering...
01-03-2013 08:58 AM
There is also a variable '<rulename>' that I just found mentioned by Doris Yang on another thread... (https://live.paloaltonetworks.com/message/22083)
We really need the complete, unadulterated Non-Readers-Digested version of the Variables and which pages the variables are functional for.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!