The following table describes token variables for customizing Data Loss
Prevention event notification messages.
 |
NoteFor the list of standard token variables supported by all event notifications, see
Standard Token Variables.
|
|
Variable
|
Description
|
||
%DLP_INCIDENT_TOTAL_NUM% |
The total number of incidents triggered by directly managed users
|
||
%DLP_INCIDENT_HIGH_NUM% |
The total number of high severity incidents triggered by directly
managed users
|
||
%DLP_INCIDENT_MED_NUM% |
The total number of medium severity incidents triggered by directly
managed users
|
||
%DLP_INCIDENT_LOW_NUM% |
The total number of low severity incidents triggered by directly
managed users
|
||
%DLP_INCIDENT_INFO_NUM% |
The total number of informational incidents triggered by directly
managed users
|
||
%DLP_INCIDENT_UNDEFINED_NUM% |
The total number of undefined severity incidents triggered by directly
managed users
|
||
%DLP_INCIDENT_ALLTOTAL_NUM% |
The total number of incidents triggered by all managed users
|
||
%DLP_INCIDENT_ALLHIGH_NUM% |
The total number of high severity incidents triggered by all managed
users
|
||
%DLP_INCIDENT_ALLMED_NUM% |
The total number of medium severity incidents triggered by all managed
users
|
||
%DLP_INCIDENT_ALLLOW_NUM% |
The total number of low severity incidents triggered by all managed
users
|
||
%DLP_INCIDENT_ALLINFO_NUM% |
The total number of informational incidents triggered by all managed
users
|
||
%DLP_INCIDENT_ALLUNDEFINED_NUM% |
The total number of undefined severity incidents triggered by all
managed users
|
||
%DLP_START_TIME% |
The start date and time for the reporting period
|
||
%DLP_END_TIME% |
The end date and time for the reporting period
|
||
%weblink% |
The link to view details of the incident information listed in the
notification message
|
||
%INCIDENTID% |
Incident ID number
|
||
%SEVERITY% |
Incident severity level
|
||
%POLICY% |
Apex Central policy name
|
||
%ACCOUNT% |
User name
|
||
%OLD_STATUS% |
Incident status before modification
|
||
%NEW_STATUS% |
Incident status after modification
|
||
%LATEST_COMMENT% |
The latest comments about the incident
|
||
%DLP_VIOLATION_NUM% |
The number of violations matching DLP policies
|
||
%DLP_THRESHOLD% |
The number of violations that must be triggered to indicate a
significant increase on policy violations
|
||
%DLP_TEMPLATE% |
Template matching the significant incident increase
|
||
%DLP_USER_NAME% |
The user name associated with the endpoint that triggered the DLP
policy violation
|
||
%DLP_SENDER% |
The sender of the message that triggered the DLP policy violation
|
||
%DLP_CHANNEL% |
The channel of the incident that triggered the DLP policy
violation
|
||
%STATUS_CHANGE_TIME% |
Incident details updated
|