The Email Agent sends emails to recipients specified in the Agent options.

Use the Email Agent to notify individuals of important occurences using data from upstream Events. For example: alert teammates of malicious behaviour detected in firewall logs; notify engineers of the results of a vulnerability scan; notify employees of suspicious activity related to their accounts.

Features

  • Send emails on receipt of events.
  • Send emails in text or HTML format.
  • Customize body and subject of email using the Agent options.
  • Emails will be sent from support@tines.io.
  • Use the prompt widget to automate recipient responses.
  • As well as sending the email to recipients, an Event containing send status will be emitted by the agent.

Configuration Options

  • recipients: Include an email address (or an array of email addresses) to whom the email should be sent. Each recipient will receive an individual email.
  • subject: Include a subject for the email. Include information from upstream events by specifying the key.
  • body: (Optional) Customize the body of the email. Include information from upstream events by specifying a wrapped JSONPath (examples below). The body can contain simple HTML and will be sanitized. When using body, it will be wrapped with <html> and <body> tags, so these do not need to be added.
  • content_type: (Optional) Provide a content type for the email by specifying text/plain or text/html. If you do not specify content_type, then the recipient email server will determine the correct rendering.
  • expected_update_period_in_days: Set this key to the maximum amount of time expected to pass between Events being created by this Agent. If this period passes without any Events being emitted, the Agent will be flagged as “Not Working”.

Emitted Events

Events emitted by the Email agent look similar to the below:

{ 
  status: "Sent email to alice@example.com with Event 1010" 
}  

Example Configuration Options

Send a simple email to one recipient:

{
  "recipients": "alice@example.com",
  "subject": "New Tines Event",
  "body": "Malicious behaviour has been detected.",
  "expected_update_period_in_days": "2"
}

Send an HTML email to multiple recipients including Event data from an upstream Agent:

{
  "recipients": ["alice@example.com", "bob@example.com"],
  "subject": "Vulnerability scan completed",
  "body": "The scan has completed. <br /><br /><b>Hosts scanned:</b> {{.host_count}}<br /><b>Vulnerabilities detected: </b> {{vulnerability_count}}",
  "content_type": "text/html",
  "expected_update_period_in_days": "2"
}

Send an HTML email with a prompt in the body, and including data from an upstream Agent:

{
  "recipients": ["alice@example.com", "bob@example.com"],
  "subject": "Action Required on your account.",
  "body": "Hi Alice,<br /><br />We detected an unusual sign-in on your account:<br /><b>Time: </b>{{.get_alert.timestamp}}<br /><b>IP Address: </b>{{.get_alert.ip}}<br /><b>Browser: </b>{{.get_alert.browser}}<br /><br />If you recognize this activity, there is no action required. If you do not recognize this activity, click <a href='{% prompt compromised %}'>here</a>.<br /><br />Thank you.",
  "content_type": "text/html",
  "expected_update_period_in_days": "2"
}