Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎02-19-2013

Clearpass Insight Alert Help

I am trying to write an alert in Insight that generates an email each time a user fails RADIUS authentication in ClearPass.  I have it working with two issues.

1:  It only generates an email every ten minutes listing all the failed auths in the last 10 minutes.  I would like to generate 1 email per failure.

 

2:  In the email I receive, it lists  date, time, username, and error code (user auth failure).  What I would ideally like is for it to be able to pull some more of the attributes from the Radius message and tell me the device it failed on, and the field in "Computed Attributes" for "Connection:Client-Mac-Vendor"

 

Is any of this possible?  Attached is a screenshot of my alert as written.  Any help is greatly appreciated.

 

Thank you!

 

 

Occasional Contributor I
Posts: 6
Registered: ‎02-19-2013

Re: Clearpass Insight Alert Help

Nobody?

 

New Contributor
Posts: 7
Registered: ‎03-09-2016

Re: Clearpass Insight Alert Help

Hi teksup9599, 

 

have you managed to find answers to your questions?

 

I am trying to do similar thing, send 1 email for each Posture check that has Quarantine status. When i set threshold 1 in 1minute and there is not so much logs we can say that we get 1 email for 1 event. But sometimes we get multiple events in one email.

 

Also, in email we currently get only MAC address of the device but we would need at least Hostname and Posture check that is not Healthy.

 

thanks

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: