Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Regex with help for Trend Micro Apex One Email

Afonso Henrique Rodrigues Alves
Afonso Henrique Rodrigues Alves August 9, 2022

Hello Atlassian

I got this email

-

From: no-reply@manage.trendmicro.com <no-reply@manage.trendmicro.com>

Sent: Wednesday, June 22, 2022 6:44 PM

Subject: Apex Central Notification: Virus Found - First and Second Actions Unsuccessful

 

Apex Central (n5azba.manage.trendmicro.com) notification: Virus found action result.

The first and second virus scan actions were unsuccessful for the virus detected on \Apex Central as a Service\Local Folder\Apex One (Mac) as a Service\Apex One (Mac) as a Service\Default\ZADMRHF8J9\ZADMRHF8J9.

Update your components to the latest version.

Virus: OSX_Genieo.PFL

Action result: Unable to delete file

Infected file: PRTPLG1 File path: /Volumes/Time Machine Backups/Backups.backupdb/ZADMRHF8J9/2020-06-15-004754/MacIntosh HD/Users/cathor/Library/Application Support/ProntoApp/ZipRar/PRTPLG1.bundle/Contents/MacOS

Scan engine: N/A

Virus pattern: 17.563.00

Event date/time: 6/22/2022 09:10:52

-

 

What is the best way to get this alerted and not get duplicated alerts so having the unique entities and alias?

 

08 8-9-2022 2.35.49 PM afalve ZDEN7B8F3J3.jpg

 

Answer
Watch
Like Be the first to like this
897 views

2 answers

1 accepted

0 votes
Answer accepted
Nick Haller
Nick Haller
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 9, 2022

Hi @Afonso Henrique Rodrigues Alves ,

If you want all emails to create alerts vs. deduplicating, you don't necessarily need to configure anything in the alias field. Leaving it blank would automatically parse the alert's ID into the alias. 

You could consider having the create alert action only trigger for certain types of emails as well with something like this:

alias1.jpg

 

But if you do want to parse some data from the email/alert into the alias, then it needs to be unique and somewhat inconsistent to avoid deduplication. 

View More Comments
Afonso Henrique Rodrigues Alves
Afonso Henrique Rodrigues Alves August 9, 2022

Thanks @Nick Haller  

I really appreciate your help.

I think the best way - following your logic is - to do as you mentioned and inserting an alias that points to the path as we can see here

\Apex Central as a Service\Local Folder\Apex One (Mac) as a Service\Apex One (Mac) as a Service\Default\ZADMRHF8J9\ZADMRHF8J9.

the bold section is very unique.

Could you help me with that?

Like
Afonso Henrique Rodrigues Alves
Afonso Henrique Rodrigues Alves August 9, 2022

@Nick Haller I testing sending the same email and it got duplicated, so I need to have an unique alias.

08 8-9-2022 3.26.05 PM afalve ZDEN7B8F3J3.jpg

Like
Nick Haller
Nick Haller
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 9, 2022

Hi @Afonso Henrique Rodrigues Alves ,

I think there is confusion with the terminology being used. You're saying the alerts are duplicating, meaning a new alert is being created for each email.

When it seems like you want these to deduplicate, or increase in count under one alert.

In that case, you are correct that the alias needs to match with all of these, so it would need to be consistent. I'm not a regex expert so wouldn't know what you need to simply pull:

\Apex Central as a Service\Local Folder\Apex One (Mac) as a Service\Apex One (Mac) as a Service\Default\ZADMRHF8J9\ZADMRHF8J9.

But to extract all of that, you could use some form of string processing with something like:

{{ message.substringBetween("\\",".") }}

Not sure that is much help, but I'm unsure what regex expression is needed to only pull: \Apex Central as a Service\Local Folder\Apex One (Mac) as a Service\Apex One (Mac) as a Service\Default\

You could test expressions with a site like this: https://regex101.com/

Like Afonso Henrique Rodrigues Alves likes this
Afonso Henrique Rodrigues Alves
Afonso Henrique Rodrigues Alves August 10, 2022

Thanks @Nick Haller 

Your explanation really helped me and Improve my vocabulary.

So we are using the deduplication term here as I have seen the same term on how backups work.

Like
Reply
0 votes
Afonso Henrique Rodrigues Alves
Afonso Henrique Rodrigues Alves August 9, 2022

Where would I insert the regex for email?

([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9_-]+)

Now I am researching the regex for the path and unique workstations.

\Apex Central as a Service\Local Folder\Apex One (Mac) as a Service\Apex One (Mac) as a Service\Default\ZADMRHF8J9\ZADMRHF8J9.

Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events