Alert Notification Message Tokens Parent topic

The following table explains the tokens available for alert notifications. Use the table to understand which alert rules accept the message token and the information that the token provides in an alert notification.
Note
Note
Not every alert notification can accept every message token. Review the alert's parameter specifications before using a message token. For details, see Alert Notification Parameters.

Message Tokens

Token
Description
Where Allowed
%ActiveApplianceIP%
The IP address of the Deep Discovery Analyzer active primary appliance
Example:
  • 123.123.123.123 | 2001:0:3238:DFE1:63::FEFB
High Availability Restored
High Availability Suspended
Passive Primary Appliance Activated
%ActiveApplianceName%
The host name of the Deep Discovery Analyzer active primary appliance
Examples:
  • DDAN
  • DDAN-ABC123
High Availability Restored
High Availability Suspended
Passive Primary Appliance Activated
%ApplianceError%
The error encountered by the appliance
Examples:
  • Not connected
  • Invalid API key
  • Incompatible software version
Secondary Appliance Unresponsive
%ApplianceIP%
The IP address of the Deep Discovery Analyzer appliance
Example:
  • 123.123.123.123 | 2001:0:3238:DFE1:63::FEFB
All
  • High Availability Restored
  • High Availability Suspended
  • Passive Primary Appliance Activated
%ApplianceName%
The host name of the Deep Discovery Analyzer appliance
Examples:
  • DDAN
  • DDAN-ABC123
All
  • High Availability Restored
  • High Availability Suspended
  • Passive Primary Appliance Activated
%BackupServer%
The host name or IP address of the backup server
Examples:
  • my.example.com
  • 123.123.123.123
  • 2001:0:3238:DFE1:63::FEFB
Backup Server Inaccessible
%ComponentList%
The list of components
Examples:
  • Advanced Threat Scan Engine
  • Deep Discovery Malware Pattern
  • IntelliTrap Exception Pattern
  • IntelliTrap Pattern
Component Update Unsuccessful
%ConsoleURL%
The Deep Discovery Analyzer management console URL
Example:
  • https://192.168.85.69/ | https://[2001:0:3238:DFE1:63::FEFB]/
All
%CPUThreshold%
The average CPU usage as a percentage allowed in the last 5 minutes before Deep Discovery Analyzer sends an alert notification
Example:
  • 80%
High CPU Usage
%CPUUsage%
The total CPU usage as a percentage in the last 5 minutes
Example:
  • 80%
High CPU Usage
%DateTime%
The date and time the alert was initiated
Example:
  • 2014-03-21 03:34:09
All
%DaysBeforeExpiration%
The number of days before the product license expires
Example:
  • 4
License Expiration
%DiskThreshold%
The disk usage as a percentage allowed before Deep Discovery Analyzer sends an alert notification
Example:
  • 85%
High Disk Usage
%DiskUsage%
The total disk usage as a percentage
Example:
  • 85%
High Disk Usage
%ExpirationDate%
The date that the product license expires
Example:
  • 2014-03-21 03:34:09
License Expiration
%FreeDiskSpace%
The amount of free disk space in GB
Example:
  • 50GB
High Disk Usage
%HighRiskThreshold%
The maximum number of new high-risk objects identified during the specified time period before Deep Discovery Analyzer sends an alert notification
Example:
  • 10
New High-Risk Objects Identified
%LicenseStatus%
The current status of the product license
Example:
  • Activated
License Expiration
%LockedAccount%
The account that was locked
Example:
  • guest
Account Locked
%MemThreshold%
The average memory usage as a percentage allowed in the last 5 minutes before Deep Discovery Analyzer sends an alert notification
Example:
  • 90%
High Memory Usage
%MemUsage%
The total memory usage as a percentage in the last 5 minutes
Example:
  • 90%
High Memory Usage
%PasssiveApplianceIP%
The IPv4 address of the Deep Discovery Analyzer passive primary appliance
Example:
  • 123.123.123.123
High Availability Restored
High Availability Suspended
Passive Primary Appliance Activated
%PassiveApplianceName%
The host name of the Deep Discovery Analyzer passive primary appliance
Examples:
  • DDAN
  • DDAN-ABC123
High Availability Restored
High Availability Suspended
Passive Primary Appliance Activated
%ProductName%
The product name
Example:
  • Deep Discovery Analyzer
All
%ProductShortName%
The abbreviated product name
Example:
  • DDAn
All
%SandboxQueue%
The submission count in the sandbox queue waiting to be analyzed by Virtual Analyzer
Example:
  • 100
Long Virtual Analyzer Queue
%SandboxQueueThreshold%
The maximum number of submissions in the sandbox queue before Deep Discovery Analyzer sends an alert notification
Example:
  • 30
Long Virtual Analyzer Queue
%SyslogServer%
The host name or IP address of the syslog server
Examples:
  • my.example.com
  • 123.123.123.123
  • 2001:0:3238:DFE1:63::FEFB
Syslog Server Inaccessible
%TimeRange%
The time period observed for new high-risk objects before Deep Discovery Analyzer sends an alert notification
Examples:
  • 5 minutes
  • 30 minutes
  • 1 hour
  • 12 hours
  • 24 hours
New High-Risk Objects Identified
%UpdateError%
The list of update errors
Examples:
  • Unable to download: Advanced Threat Scan Engine
  • Unable to update: Deep Discovery Malware Pattern
  • Unable to update: IntelliTrap Exception Pattern. The appliance is configuring Virtual Analyzer instances or shutting down.
Component Update Unsuccessful
%ServiceList%
The services affected by the issue
Example:
  • Internal Virtual Analyzer network (eth1, No proxy)
Connection Issue
%SandboxProcessTimeThreshold%
The maximum amount of time spent processing a sample before Deep Discovery Analyzer sends an alert notification
Long Virtual Analyzer Processing Time alert
%SampleList%
The samples affected by the issue
Long Virtual Analyzer Processing Time alert
%TotalSampleNumber%
The total number of samples affected by the issue
Long Virtual Analyzer Processing Time alert
%CheckingDuration%
The amount of time it takes to perform each check
High CPU Usage
High Memory Usage
%CheckingInterval%
The amount of time between each check
High CPU Usage
High Memory Usage
High Disk Usage
%DiagnosisTip%
Recommendations on how to resolve the issue
Connection Issue