Configuring Suspicious Hosts Detections Notifications Parent topic

Deep Discovery Inspector can send this notification when detecting suspicious hosts. A host is considered suspicious when the number of detections associated with it reaches the configured threshold. The notification contains information that can help determine the cause of the increased detections.

Procedure

  1. Go to AdministrationNotificationsNotification SettingsSuspicious Hosts Detections.
    The Suspicious Hosts Detections screen appears.
  2. Select Notify administrator if number of detections per IP address.
  3. Specify the detection threshold.
    Tip
    Tip
    Trend Micro recommends using the default settings.
  4. (Optional) Configure the notification recipients.
    For details, see Configuring Email Notification Settings.
  5. (Optional) Modify the default message content.
    1. Type a subject that does not exceed 256 characters.
    2. Type message content that does not exceed 4,096 characters.
    Use any of the following message tokens when customizing the notification.
    Message Token
    Description
    __LOOP_END__
    End of message token loop
    __LOOP_HOST_IP__
    Host IP address
    __LOOP_INCIDENT_NUMBER__
    Incident count
    __LOOP_INCIDENT_THRESHOLD__
    Incident threshold
    __LOOP_START__
    Start of message token loop
    __TIMESTAMP__
    Notification date and time
    Note
    Note
    When a __LOOP_[variable]__ message token is applied, the LOOP variable will repeat continuously between the LOOP start time and the LOOP end time.
  6. Click Save.