Alert Notification Parameters

All triggered alert rules can notify recipients with a custom email message. Some alerts have additional parameters, including message count, checking interval, or risk level.

Critical Alert Parameters

Note

For explanations about available message tokens in each alert, see Alert Notification Message Tokens.

Virtual Analyzer Stopped

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%`

Service Stopped

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%ServiceName%`

Relay MTAs Inaccessible

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceName%` `%DeviceIP%` `%MessageList%` `%MTAList%`

License Expiration

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DaysBeforeExpiration%` `%DeviceName%` `%DeviceIP%` `%ExpirationDate%` `%LicenseStatus%` `%LicenseType%`

Important Alert Parameters

Note

For explanations about available message tokens in each alert, see Alert Notification Message Tokens.

Suspicious Messages Identified

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Email messages	Select the detections threshold that will trigger the alert.
Risk level	Select the risk level that will trigger the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%MessageList%`

Watchlisted Recipients at Risk

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipient watchlist	Add recipients to the watchlist. The alert triggers when any watchlist recipient receives a suspicious or malicious email message.
Email messages	Select the detections threshold that will trigger the alert.
Risk level	Select the risk level that will trigger the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%MessageList%`

Long Message Delivery Queue

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Email messages	Select email message threshold that will trigger the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeliveryQueue%` `%DeviceIP%` `%DeviceName%` `%QueueThreshold%`

High CPU Usage

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Average CPU usage	Specify the threshold for the average CPU usage that will trigger the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%CPUThreshold%` `%CPUUsage%` `%DateTime%` `%DeviceIP%` `%DeviceName%`

Long Virtual Analyzer Queue

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Submissions	Select email message threshold that will trigger the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%SandboxQueue%` `%SandboxQueueThreshold%`

Long Virtual Analyzer Processing Time

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Average processing time	Select the average time threshold required to process samples in the sandbox queue during the past hour that will trigger the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%AveSandboxProc%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%SandboxProcThreshold%`

Low Free Disk Space

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Free Disk space	The lowest disk space threshold in GB that triggers the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%DiskSpace%`

Component Update/Rollback Unsuccessful

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%ComponentList%` `%DateTime%` `%DeviceIP%` `%DeviceName%`

Email Messages Timed Out Without Analysis Results

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Email messages	Select email message threshold that will trigger the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%MessageList%` `%DateTime%` `%DeviceName%` `%DeviceIP%` `%ConsoleURL%`

Low Free Quarantine Disk Space

Parameter

Description

Status

Select an option to enable or disable the alert.

Alert level

Displays the alert level in email messages.

Free quarantine disk space

The lowest disk space threshold that triggers the alert.

Note

Free quarantine disk space refers to the percentage of space remaining on the disk partition.

Alert frequency

View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.

Recipients

Specify the recipients who will receive the triggered alert email message.

Subject

Specify the subject of the triggered alert email message.

Message

Specify the body of the triggered alert email message.

Use the following tokens to customize your message:

%DiskSpace%
%DateTime%
%DeviceName%
%DeviceIP%
%ConsoleURL%

Quarantined Messages

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Quarantined messages	Specify the quarantine message threshold that will trigger the alert.
Risk level	Select the risk level that will trigger the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Use the following tokens to customize your message: `%MessageList%` `%DateTime%` `%DeviceName%` `%DeviceIP%` `%ConsoleURL%`

High Memory Usage

Parameter

Description

Status

Select an option to enable or disable the alert.

Alert level

Displays the alert level in email messages.

Average memory usage

Select the threshold for avergae memory usage that will trigger the alert.

Note

Free disk space refers to the amount of space remaining on the disk partition.

Alert frequency

View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.

Recipients

Specify the recipients who will receive the triggered alert email message.

Subject

Specify the subject of the triggered alert email message.

Message

Specify the body of the triggered alert email message.

Use the following tokens to customize your message:

%MemoryThreshold%
%MemoryUsage%
%DateTime%
%DeviceIP%
%DeviceName%
%ConsoleURL%

Informational Alert Parameters

Note

For explanations about available message tokens in each alert, see Alert Notification Message Tokens.

Detection Surge

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Detected messages	Select the detections threshold that will trigger the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DetectionCount%` `%DetectionThreshold%` `%DeviceIP%` `%DeviceName%` `%Interval%`

Processing Surge

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Processed messages	The email message threshold that triggers the alert.
Alert frequency	View the time interval that TippingPoint Advanced Threat Protection for Email checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%Interval%` `%ProcessingCount%` `%ProcessingThreshold%`

Component Update/Rollback Successful

Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%ComponentList%` `%DateTime%` `%DeviceIP%` `%DeviceName%`

$('#title').html($('meta[name=description]').attr('content'));