Event Manager Rule Template: Block IPAddress Email to Include "Reason Blocked" Variable
CompletedThis came up today from our tech teams. We send all Cerberus alert emails to a monitored mailbox, which help this team troubleshoot incoming client connections. They asked if we could include the reason the IP was being blocked in the email so they could filter out the malicious traffic and keep only the customer traffic with users failing to have a correct username or password.
Context: You can create an Event Manager rule to fire on IP Address being added to the Blocklist and set an action to send notification emails that currently include variables; TimeStamp and IPAddress.
Request: Please add a variable to include that pulls the "reason for blocking" from the Log file.
Block Reasons from Log File:
due to DOS, due to DDOS, due to using a username on the Auto Block list, due to attempting a non-existent account, due to cipher exchange issues or cipher attacks
Thank you,
Phil Grant
-
Hey Phil,
Thank you for the feedback and use case scenario! I have submitted this to our product team for review.
Best regards,
Jeff
0 -
Any update on this request? I would find this extremely helpful also.
0 -
Hi Jessica, thank you for letting us know this will be useful to your organization as well. I will note that in our enhancement request so that our product team is aware. At the moment this has not been scheduled on our roadmap, but feel free to check in again.
Best regards,
Ian
0 -
Hello everyone,
I wanted to let you know that Cerberus FTP Server 12.1 is now available for download. This release has added the new feature you requested.
- New: In Event Manager, the “IP Blocked Event” now includes a variable for the reason why the IP was blocked
To review the rest of the release notes, please visit:
https://www.cerberusftp.com/products/releasenotes/0
Please sign in to leave a comment.
Comments
4 comments