What are the available variables for response pages?

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
Not applicable

What are the available variables for response pages?

What are the available substitution keywords for the response pages?  Do they differ by page?

I am trying to incorporate an email with all the pertinent information to be sent to our internal systems.  Unfortunately, the keywords that I have found for substitution are insuffficient.  For example:

<h1>Virus Download Blocked</h1>
<p>Download of the virus has been blocked in accordance with CompanyX policy.</p>
<p>If you believe there is an error, please contact the helpdesk at
<script type="text/javascript">

document.write("<a href='mailto:support@companyx.com?subject=" + escape("AntiVirus File Blocking problem: <url/>") + "&body=Please%20check%20antivirus%20for%20possible%20misconfiguration.%3A%20%0A%0AFile name: " + escape("<fname/>") + "'>support@companyx.com</a>");

</script>
or +1 (800) 555-1212.
</p>
<p><b>File name:</b> <fname/> </p>

Produces an email with only the filename (Ex: eicar.com).  Not enough to determine what the action should be in many cases (eicar.com being an obvious exception).  Really this needs: Referring URL or complete URL of the file, and likely the application name.  That would allow a better investigation.

Thanks,

Kirk.


Accepted Solutions
Highlighted
L3 Networker

attached are the variables for the response pages.

View solution in original post


All Replies
Highlighted
L3 Networker

attached are the variables for the response pages.

View solution in original post

Highlighted
L4 Transporter

In addition to what is in that doc, you should also be able to use <threatname/> to get the name of the virus or exploit that was detected.

Mike

Highlighted
L2 Linker

Not trying to hijack the thread, but this last post (variable "<threatname/>") indicates there may be OTHER "hidden" variables that can be used... It would be really nice to know what ALL the variables are to customize each block page. (also, which variables are only allowed in certain block pages, such as Anti-Virus, versus URL filtering...

Highlighted
L3 Networker

Hi rlsmith999,

   There is also a variable '<rulename>' that I just found mentioned by Doris Yang on another thread... (https://live.paloaltonetworks.com/message/22083)

   We really need the complete, unadulterated Non-Readers-Digested version of the Variables and which pages the variables are functional for.

Thanks

Art

Highlighted
L3 Networker

Hi PanTAC

  Please note that there are variables (<threatname/> & <rulename> at a minimum) that are not mentioned in the document you referenced.

Thanks

Art

Highlighted
Not applicable

How to show in response page user IP and username? As when username is available, only this is visible. But I need both. And also timestamps.

Highlighted
L3 Networker

Yes I need to see the offending user IP and there is no variable for that if the user exits.  Anyone know

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!