The following table describes token variables for customizing Attack Discovery event notification messages.
|
Variable |
Description |
|---|---|
|
%cmserver% |
The Apex Central server name |
|
%computer% |
The name of the endpoint |
|
%entity% |
The display name of the managed product server in Apex Central |
|
%event% |
The event detected |
|
%pname% |
The name of the managed product |
|
%pver% |
The version of the managed product |
|
%time% |
The time (hh:mm) when the event occurred |
|
%vloginuser% |
The logged on user name at the time of the event |
|
%act% |
The action taken by the managed product. Example: file cleaned, file deleted, file quarantined |
|
%actresult% |
The result of the action taken by the managed product. Example: successful, further action required |
|
%highrisk_detection% |
The number of high-risk detections for the specified period |
|
%highrisk_detection_endpoint% |
The number of endpoints with high-risk detections for the specified period |
|
%mediumrisk_detection% |
The number of medium-risk detections for the specified period |
|
%mediumrisk_detection_endpoint% |
The number of endpoints with medium-risk detections for the specified period |
|
%start_time% |
The start date and time of the detection period |
|
%end_time% |
The end date and time of the detection period |