Incident Response Actions¶
NSIA includes the ability to define actions that are triggered when a rule rejects some resource. Below are the actions currently supported:
- Run a program
- Append a message to a text file
- Run an command on a remote host using SSH
- Send an email message
Message Format¶
Messages are created and the following variables will be substituted to per the observations. Variables are defined with a dollar sign followed by the variable name (like $Message). Below are the possible variables:
| Message | A description of the finding |
| Severity | A description of the severity of the issue observed |
| SeverityID | The integer ID of the severity |
| Date | The date the finding occurred |