Alert Notification Message Tokens Parent topic

The following table explains the tokens available for alert notifications. Use the table to customize your alert notifications with message tokens.
Note
Note
Not every alert notification can accept every message token. Review the alert's parameter specifications before using a message token. For details, see Alert Notification Parameters.

Message Tokens

Token
Description
Notes
%AveSandboxProc%
The average time in minutes it takes to queue and analyze messages in the past hour
Where allowed:
  • System: Long Virtual Analyzer Processing Time
Examples:
  • 3
  • 2
%ComponentList%
The list of components.
Where allowed:
  • System: Component Update/Rollback Successful
  • System: Component Update/Rollback Unsuccessful
Examples:
  • Network Content Inspection Engine/ 0x48000204/ 9.862.1107
  • Network Content Inspection Engine/ 0x48000204/ Unknown
%ConsoleURL%
The TippingPoint Advanced Threat Protection for Email management console URL.
Where allowed:
  • All
Example:
  • https://192.168.252.1/loginPage.ddei
%CPUThreshold%
The maximum CPU usage as a percentage allowed before TippingPoint Advanced Threat Protection for Email sends an alert notification
Where allowed:
  • System: High CPU Usage
Examples:
  • 95
  • 85
%CPUUsage%
The total CPU utilization as a percentage
Where allowed:
  • System: High CPU Usage
Examples:
  • 80
  • 65
%DateTime%
The date and time that the TippingPoint Advanced Threat Protection for Email received the email message
Where allowed:
  • All
Examples:
  • 2014-03-21 03:34:09
  • 2014-06-15 11:31:22
%DaysBeforeExpiration%
The number of days before the product license expires
Where allowed:
  • System: License Expiration
Examples:
  • 4
  • 123
%DeliveryQueue%
The number of email messages in the delivery queue waiting for TippingPoint Advanced Threat Protection for Email to process.
Where allowed:
  • System: Long Message Delivery Queue
Examples:
  • 100
  • 600
%DetectionCount%
The number of messages detected with suspicious characteristics during the specified period of time
Where allowed:
  • System: Detection Surge
Examples:
  • 50
  • 200
%DetectionThreshold%
The maximum number of messages detected to have suspicious characteristics before TippingPoint Advanced Threat Protection for Email sends an alert notification
Where allowed:
  • System: Detection Surge
Examples:
  • 50
  • 40
%DeviceIP%
The IP address of the TippingPoint Advanced Threat Protection for Email appliance
Where allowed:
  • All
Example:
  • 123.123.123.123
%DeviceName%
The host name of the TippingPoint Advanced Threat Protection for Email appliance
Where allowed:
  • All
Example:
  • example.com
%DiskSpace%
The lowest amount of disk space in GB before TippingPoint Advanced Threat Protection for Email send an alert notification
Where allowed:
  • System: Low Free Disk Space
  • System: Low Free Quarantine Disk Space
Examples:
  • 2
  • 30
%ExpirationDate%
The date that the product license expires
Where allowed:
  • System: License Expiration
Examples:
  • 2014-03-21 03:34:09
  • 2014-06-15 11:31:22
%Interval%
The frequency that TippingPoint Advanced Threat Protection for Email checks the message processing volume in minutes
Where allowed:
  • System: Detection Surge
  • System: Processing Surge
Examples:
  • 15
  • 10
%LicenseStatus%
The current status of the product license
Where allowed:
  • System: License Expiration
Examples:
  • Evaluation
  • Not Activated
  • Activated
  • Expired
  • Grace Period
For details, see Product License Status.
%LicenseType%
The product license type
Where allowed:
  • System: License Expiration
Examples:
  • Full
  • Trial
%MemoryThreshold%
The maximum memory usage as a percentage allowed before TippingPoint Advanced Threat Protection for Email sends an alert notification.
Where allowed:
  • System: High Memory Usage
Example: 90
%MemoryUsage%
The total memory utilization as a percentage.
Where allowed:
  • System: High Memory Usage
Example: 90
%MessageList%
The list of detected messages, which includes the risk level, threat type, action taken, message ID, recipients, sender, recipient, subject, top three most risky attachment details, and when the message was received.
Where allowed:
  • Security: Suspicious Message Identified
  • Security: Watchlisted Recipients at Risk
  • System: Quarantined Messages
  • System: Email Messages Timed Out Without Analysis Results
  • System: Relay MTAs Inaccessible
Examples:
  • ==============
Risk: High (potentially 
  malicious file) 
Message ID: 20140610002704.
  EE9A5E0236@example.com
Recipients: john@example.com
Sender: louie@example.com
Subject: The latest report
Attachments: 
  filename.pdf (PDF),
  anotherattachment.doc (Word), 
  hello.exe (EXE) 
Received: 2014-05-21 11:52:32
  • ==============
Risk: Medium (potentially 
  malicious URL)
Message ID: 20140610002721.
  EE9A5E0236@example.com
Recipients: 
  suzysmith@example.com,
  johnnycash@gmail.com, 
  peterpaul@examplecom 
Sender: johndoe@example.com
Subject: Bad story to report 
  about the differences 
  in world eating habits 
Attachments: (Link only) 
Received: 2014-05-21 11:48:32
%MTAList%
The list of unreachable MTAs. Each MTA appears as an IP address and the port number.
Where allowed:
  • System: Relay MTAs Inaccessible
Examples:
  • [1.1.1.1]:99
  • [7.7.7.7]:77
%ProcessingCount%
The total number of processed messages over the specified period of time
Where allowed:
  • System: Processing Surge
Examples:
  • 50
  • 200
%ProcessingThreshold%
The maximum number of processed messages during the specified time frame before TippingPoint Advanced Threat Protection for Email sends an alert notification
Where allowed:
  • System: Processing Surge
Examples:
  • 100
  • 40
%QueueThreshold%
The maximum number of messages in the delivery queue before TippingPoint Advanced Threat Protection for Email sends an alert notification
Where allowed:
  • System: Long Message Delivery Queue
Examples:
  • 100
  • 40
%SandboxProcThreshold%
The maximum amount of time allocated for average sandbox processing before TippingPoint Advanced Threat Protection for Email sends an alert notification
Where allowed:
  • System: Long Virtual Analyzer Processing Time
Examples:
  • 15
  • 30
%SandboxQueue%
The email message count in the sandbox queue waiting to be analyzed by Virtual Analyzer
Where allowed:
  • System: Long Virtual Analyzer Queue
Examples:
  • 30
  • 75
%SandboxQueueThreshold%
The maximum number of messages in the sandbox queue before TippingPoint Advanced Threat Protection for Email sends an alert notification
Where allowed:
  • System: Long Virtual Analyzer Queue
Examples:
  • 100
  • 75
%ServiceName%
The stopped TippingPoint Advanced Threat Protection for Email service
Where allowed:
  • System: Service Stopped
Where allowed:
  • System: Service Stopped
Example:
  • scanner