Data Access Security Alert Rule Email Template
The Data Access Security Alert Rule email is sent to a user when a configured alert in Data Access Security is triggered.
Data Access Security Alerts can be configured and emails enabled through Data Access Security Alert Rules.
Note
Email notifications are only sent if Send Email is enabled in the Data Access Security Alert Rule configuration and only to those recipients listed for the specified alert.
Name: Data Access Security Alert Rule
Subject: Alert triggered by $alert.ruleName alert rule
Body:
<div>Dear $__recipient.name,
<br>
<br>A $alert.severity severity alert was triggered by the $alert.ruleName alert rule.
<br>
<br>The alert details:
<br>
<br><strong>Action Time: </strong>$alert.actionTime
<br><strong>User Name: </strong>$alert.userName
<br><strong>Identity Name:</strong> $alert.identityName
<br><strong>Department:</strong> $alert.identityDepartment
<br><strong>Action Type: </strong>$alert.actionType
<br><strong>Application: </strong>$alert.application</div>
<div><strong>Resource Path: </strong>$alert.resourcePath
<br><strong>Object Name: </strong>$alert.objectName
<br><strong>Data Classification Policies: </strong>$alert.dataClassificationPolicies
<br>
<br>Click <a href="$alert.url">here</a> to access the Activity Forensics page and see related alerts of this rule.</div>
<p><span style="font-family: 'calibri'; font-size: small;">
<br>Thank you,
<br><strong>The SailPoint Team</strong></span></p>
Attributes
This email template uses version 2 global variables and the following template-specific attributes:
| Name | Type | Description |
|---|---|---|
| alert.identityName | String | Name of the identity which caused the event triggering the alert. |
| alert.severity | String | Set severity level of the alert. Options are: High, Medium, Low. |
| alert.ruleName | String | Name of the Alert Rule triggered. |
| alert.actionTime | DateTime | Date and time of the event which triggered the alert notification. |
| alert.userName | String | Username of the identity which caused the event triggering the alert. |
| alert.identityDepartment | String | Department associated to the identity which caused the event triggering the alert. |
| alert.actionType | String | Action type name of the event which triggered the alert. |
| alert.application | String | Application name of the event which triggered the alert. |
| alert.resourcePath | String | Resource path of the event which triggered the alert. |
| alert.objectName | String | Name of the resource or object of the event which triggered the alert. |
| alert.dataClassificationPolicies | List | List of policies associated to the resource or object of the event which triggered the alert. |
| alert.url | URL | URL to Data Access Security Activity Forensics page. Note: No filters are applied as part of the url. You may need to add appropriate filters like Application of Action Type. |
| alert.recipientIdentityIds | List | List of identity IDs for those identities receiving email notification for alert triggered. |
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.