Views:
The following table describes token variables for customizing Known Threat Activity or Outbreak Prevention Service event notification messages.
Note
Note
For the list of standard token variables supported by all event notifications, see Standard Token Variables.
Variable
Description
%device_ip%
IP address of an infected endpoint
%egnver%
  • Scan engine version
  • Used by the alert event category as well as the "Active Outbreak Prevention Policy received" and "Outbreak Prevention Mode started" notifications. For the notification types of the alert event category, this variable refers to the scan engine version currently installed on the managed product server.
  • For the "Active Outbreak Prevention Policy received" and "Outbreak Prevention Mode started" notifications, this variable refers to the Outbreak Prevention Policy required.
%hierarchy%
  • The location of the endpoint within the Apex One domain hierarchy
  • Used by the alert event category
%ptnver%
  • Virus pattern version
  • Used by the alert event category and the "Active Outbreak Prevention Policy received" and "Outbreak Prevention Services started" notifications. For the notification types of the alert event category, this variable refers to the virus pattern version currently installed on the managed product server.
  • For the "Active Outbreak Prevention Policy received" and "Outbreak Prevention Services started" notifications, this variable refers to the Outbreak Prevention Policy required.
%scanmethod%
The scan method for specific virus actions. This token is only available for the following alerts:
  • Virus found-first action unsuccessful and second action unavailable
  • Virus found-first and second actions unsuccessful
  • Virus found-first action successful
  • Virus found-second action successful
%threat_info%
  • Virus/malware threat information provided by outbreak prevention policies
  • Used by "Active Outbreak Prevention Policy received" and "Outbreak Prevention Services started"
%vcnt%
  • Virus count.
  • Used by virus outbreak alert.
%vdest%
  • Virus/malware destination.
  • Examples:
    Email detection: %vdest% is the intended recipient
    Host-based/Endpoint detection: %vdest% is the endpoint IP address or host name
  • Used by the alert event category
%vfile%
Infected file name. Used by the alert event category.
%vfilepath%
Infected file directory. Used by the alert event category.
%vname%
Virus or malware name. Used by the alert event category.
%vsrc%
  • Virus/malware origin or infection source.
  • For example, the message sender takes the value of %vsrc% if an antivirus managed product detected a virus/malware in an email message.
  • Used by the alert event category as well as the network virus alert notification type.