Skip to main content

When working with queues, you can send data in the message body. 

 

A lot of questions come up while working with the map fields in CTO queues. In the below example, I am using the Notifier plugin but this same workflow is valid with all of the CTO plugins like ServiceNow, TEAMS, SLACK and others. I am not going to review how to setup the Notifier plugin but this link goes over it - https://docs.netskope.com/en/notifier-plugin-for-ticket-orchestrator/ Be sure to setup the Business Rules also. 

 

Once you have the Notifier plugin up and running go to Alerts to review what information is coming in. We will use the key value pair to add information to the message we will send. Let’s grab

Activity, Category, Policy, Request ID, Severity, and Site. 

 

AD_4nXcsWPstd_mcx7RlP56JuIGvKxeQPUkXdVW4SEPCqIZSAjVqSvuR3KainifanfbVlIV77SFjP62ieA77DiyVCfWrLihfpcBLCTJKx_0e_4dhDXnmMgr7IJ7HBgxDP2B8-poY3TmhwPd6XNbLnTXMcyIHhq9S?key=QQvnNPt7OsXtnBhoy_Xg1A

 

In the Que you are going to use you can add something like this to the message. 

 

A Netskope Alert has been created with the following information:<br><br>

    Activity: $activity<br>

    Category: $category<br>

    Policy: $policy<br>

    Request ID: $request_id<br>

    Severity: $severity<br>

    Site: $site

 

This will pass whatever text you put into the message and replace the part with the $ sign with the information in the Alert. 

 

You will need to add a subject and enter an email address. 

AD_4nXfTUNk8Z_99PO1X8hE7AEDAvP4UBlEHViOgMiVEZIAJlHZOqccibDRdSC9AayKTXuQFCd9TN3cSI-nlSRSe1Tq2DSskHTxbQ8r9MDLhJ_8a6Lzxxzd-XzQX_kob5A-vD8ZAsyuQiJXAZc8KlK025BB84ZNh?key=QQvnNPt7OsXtnBhoy_Xg1A

 

This is what the email looks like. 

 

A Netskope Alert has been created with the following information:
 

Activity: Login Failed
Category: Cloud Storage
Policy: Bulk Failed Logins
Request ID: 6342975881628829306
Severity: medium
Site: Microsoft Office 365 OneDrive for Business 

In the To: custom message you can also use the $ to send the message an email address that is in the Alert. In this Alert there is an email address in the $userkey field. Adding this to the To custom message would result in an email going to the email address in that field.