Did anyone of you guys try to change the content of email notifications for event rules?
What I'd like to do is, to use custom properties extracted from events or at least some more standard fields (e.g. MAC-Adress) for certain events. For example it would be really helpful if I'd be able to add the attacker MAC-Adress to an email notification concerning a port security violation.
Is there a possibility to "hack" the notification settings?
I've been searching the config files for clues but didn't find any so far.