Email Actions

Actions for Email #

  • Send Email. Sends data about one or more assets or users to one or more recipients.

Use Cases #

Below are the possible use cases for the Send Email action:

  • Send the IT team a list of Macintosh assets that are running the AMF agent but are not running the CarbonBlack agent.

  • Send the IT team a list of EC2 instances that are idle and could be retired.

  • Sending the IT team a list of users who have been disabled in AD and have had recent access to sensitive files.

Prerequisites #

Before you can execute an email action, you must have access to an email user name and password that Lucidum can use to send emails.

Workflows #

Email Configuration #

  • Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.

  • Host. The hostname or IP address of the email server.

  • Port. TCP/UDP port of the email server. Default value is 587, the standard SMTP port.

  • User Name . User name for an email account on the server specified in Host.

  • Password. The password associated with User Name.

  • Protocol. Mail protocol. Options are SMTP, POP, and IMAP. The default value is SMTP.

  • Default Encoding. Default encoding to encode email content. The default value is UTF-8.

  • Enable SSL. Specifies whether to use SSL when connecting to the mail server. Default value is TRUE.

Using the default Lucidum Email Configuration #

If you want to use Email Actions without configuring an email account as the “from” user, you can use the default Lucidum configuration for email actions.

To use the default configuration for Email Actions:

  1. In new Email Actions, specify the existing configuration “Default Lucidum Alerts” as the configuration.

  2. Note that emails from Email Actions will have a “from” address of “[email protected]

Create or Edit an Action #

To create an Email action:

  1. In the Create a New Action page, in the General step, enter:

    • Action Type. Select an action from the pulldown options.

      • Configuration Name. Select an action configuration from the pulldown options.

      • Action Name. Identifier for the action. This name will appear in the Lucidum Action Center.

      • Description. Description of the action.

  2. Click the Next (>) icon.

  3. In the Filters page, click Configure Filters.

  4. The Build a Query page appears.

  5. In the Build a Query page, you define the query for the assets or users that the action will act upon.

  6. Click Next.

  7. In the Build a Current Query page, enter the fields, operators, and values for the query. For existing actions, the query is already loaded in this page.

  8. For details on creating and editing queries in Lucidum, see the section on Building Queries.

    NOTE: To optimize performance, the default time range is Current. If you need to access historical data, contact Lucidum Custom Success for help on using historical data without affecting performance.

  9. Click the Apply (page and pencil) icon.

  10. Click the Next (>) icon.

  11. In the Schedule step, enter:

    • Schedule Type. Define the schedule for the action. Choices are:

      • Recurrence. Specify a frequency for the recurring schedule.

      • After Data Ingestion. The action is executed after data ingestion, which happens at least once every 24 hours and can also be triggered manually.

    • Do not trigger the action unless. Specify the number of results from Filters as a prerequisite for executing the action.

  12. Click the Next (>) icon.

  13. In the Details step, enter the following:

    • Output Fields. For the records selected with the Filters field, specify the columns to display. When creating or editing the query, you can select these fields in the Query Results page > Edit Column button.

    • Recipients. Specify one or more email addresses, separated by commas. The action will send emails to these email addresses.

    • Email Subject. Specify the subject for the email. The action will use this subject when sending emails.

    • Email Body. HTML that specifies the email body. The field includes a default Jinja template that you can edit. For details on Jinja, see