Email to a specific address for a specific alert

I have created a Monitor for an Event ID, and need the alerts created for that Event ID to email a specific Email Address?

Import-Module $env:SyncroModule
# This will send you an email, no SMTP server required.
Send-Email -To "ENTER EMAIL" -Subject "Test Subject" -Body "This is the body"

When you create a new script in Syncro, there are a lot of useful snippets at the bottom. That is where this is.

I would look at our Automated Remediation module. RMM Alerts feed into this and you can pick those up and conditionally take actions, such as sending an email to a specific user, based on any number of criteria.

I should learn to read better. I dunno why I thought he was talking about running a script versus the fact he actually said he created an event log monitor.

Is there a way to get the Alert Details to be included in the Email Body?
I created a script to email, but I don’t know how to grab the details of the Alert?

Can you elaborate on what you mean? You are triggering custom alerts via scripts?

I have created a Event log Monitor for Event ID 4625, which is a login failure. The Alert comes in. I then created a script that will email a specific address and includes the Device Name and Customer Name via Variables. What I want to do is have that email the script is sending, include the body of the alert as well.
The Email from the Alert and the Email from the Script, as well as the Script Settings




are attached as pictures.

Ok thanks for the explanation. The system isn’t designed to work this way, so you can’t pass alert-based variables into scripts run from an alert as part of an Automated Remediation.

The way I bet you could solve this is by taking the script out of the equation and just send the email as an action out of AR. You should be able to use tags there to pull the alert body into the email action fields. There are 4 you can use there:

  1. {{rmm_alert_computer_name}}
  2. {{rmm_alert_description}}
  3. {{rmm_alert_formatted_output}}
  4. {{rmm_alert_status}}

Then there are all the tags for assets so you can grab the asset name and whatever else you needed there as well. This method is also preferred because it doesn’t require the asset is online. For example, if wanted to trip an alert/email to a customer over an asset offline alert, the scripting method wouldn’t work because it would get stuck in the scripting queue while waiting for the asset to come back online.

I will try that, any idea of why it take 10-15 mins for the alert to trigger?

Depends on the alert and how you have it configured. Some stuff requires periodic checks and won’t be realtime, like low drive space monitoring for example. Judging by your example with looking for failed logins, Event Log monitoring would fall into that category of occurring periodically.