Alert Notification Message Tokens Parent topic

The following table explains the tokens available for alert notifications. Use the table to understand which alert rules accept the message token and the information that the token provides in an alert notification.
Note
Note
Not every alert notification can accept every message token. Review the alert's parameter specifications before using a message token. For details, see Alert Notification Parameters.

Message Tokens

Token
Description
Example
Where Allowed
%ActiveApplianceIP%
The IP address of the TippingPoint Advanced Threat Protection Analyzer active primary appliance
123.123.123.123 | 2001:0:3238:DFE1:63::FEFB
High Availability Restored
High Availability Suspended
Passive Primary Appliance Activated
%ActiveApplianceName%
The host name of the TippingPoint Advanced Threat Protection Analyzer active primary appliance
  • ATP_Analyzer
  • ATP_Analyzer-ABC123
High Availability Restored
High Availability Suspended
Passive Primary Appliance Activated
%ApplianceError%
The error encountered by the appliance
  • Not connected
  • Invalid API key
  • Incompatible software version
Secondary Appliance Unresponsive
%ApplianceIP%
The IP address of the TippingPoint Advanced Threat Protection Analyzer appliance
123.123.123.123 | 2001:0:3238:DFE1:63::FEFB
All
  • High Availability Restored
  • High Availability Suspended
  • Passive Primary Appliance Activated
%ApplianceName%
The host name of the TippingPoint Advanced Threat Protection Analyzer appliance
  • ATP_Analyzer
  • ATP_Analyzer-ABC123
All
  • High Availability Restored
  • High Availability Suspended
  • Passive Primary Appliance Activated
%BackupServer%
The host name or IP address of the backup server
  • my.example.com
  • 123.123.123.123
  • 2001:0:3238:DFE1:63::FEFB
Backup Server Inaccessible
%ComponentList%
The list of components
  • Advanced Threat Scan Engine
  • Deep Discovery Malware Pattern
  • IntelliTrap Exception Pattern
  • IntelliTrap Pattern
Component Update Unsuccessful
%ConsoleURL%
The TippingPoint Advanced Threat Protection Analyzer management console URL
https://192.168.85.69/ | https://[2001:0:3238:DFE1:63::FEFB]/
All
%CPUThreshold%
The average CPU usage as a percentage allowed in the last 5 minutes before TippingPoint Advanced Threat Protection Analyzer sends an alert notification
80%
High CPU Usage
%CPUUsage%
The total CPU usage as a percentage in the last 5 minutes
80%
High CPU Usage
%DateTime%
The date and time the alert was initiated
2014-03-21 03:34:09
All
%DiskThreshold%
The disk usage as a percentage allowed before TippingPoint Advanced Threat Protection Analyzer sends an alert notification
85%
High Disk Usage
%DiskUsage%
The total disk usage as a percentage
85%
High Disk Usage
%FreeDiskSpace%
The amount of free disk space in GB
50GB
High Disk Usage
%HighRiskThreshold%
The maximum number of new high-risk objects identified during the specified time period before TippingPoint Advanced Threat Protection Analyzer sends an alert notification
10
New High-Risk Objects Identified
%LockedAccount%
The account that was locked
guest
Account Locked
%MemThreshold%
The average memory usage as a percentage allowed in the last 5 minutes before TippingPoint Advanced Threat Protection Analyzer sends an alert notification
90%
High Memory Usage
%MemUsage%
The total memory usage as a percentage in the last 5 minutes
90%
High Memory Usage
%PasssiveApplianceIP%
The IPv4 address of the TippingPoint Advanced Threat Protection Analyzer passive primary appliance
123.123.123.123
High Availability Restored
High Availability Suspended
Passive Primary Appliance Activated
%PassiveApplianceName%
The host name of the TippingPoint Advanced Threat Protection Analyzer passive primary appliance
  • ATP_Analyzer
  • ATP_Analyzer-ABC123
High Availability Restored
High Availability Suspended
Passive Primary Appliance Activated
%ProductName%
The product name
TippingPoint Advanced Threat Protection Analyzer
All
%ProductShortName%
The abbreviated product name
ATP Analyzer
All
%SandboxQueue%
The submission count in the sandbox queue waiting to be analyzed by Virtual Analyzer
100
Long Virtual Analyzer Queue
%SandboxQueueThreshold%
The maximum number of submissions in the sandbox queue before TippingPoint Advanced Threat Protection Analyzer sends an alert notification
30
Long Virtual Analyzer Queue
%SyslogServer%
The host name or IP address of the syslog server
  • my.example.com
  • 123.123.123.123
  • 2001:0:3238:DFE1:63::FEFB
Syslog Server Inaccessible
%TimeRange%
The time period observed for new high-risk objects before TippingPoint Advanced Threat Protection Analyzer sends an alert notification
  • 5 minutes
  • 30 minutes
  • 1 hour
  • 12 hours
  • 24 hours
New High-Risk Objects Identified
%UpdateError%
The list of update errors
  • Unable to download: Advanced Threat Scan Engine
  • Unable to update: Deep Discovery Malware Pattern
  • Unable to update: IntelliTrap Exception Pattern. The appliance is configuring Virtual Analyzer instances or shutting down.
Component Update Unsuccessful