Procedure

1. Add at least one monitored network group.
   For details, see Adding Network Groups.
2. Go to Administration → Notifications → Notification Settings → High Risk Hosts Detections.
   The High Risk Hosts Detections screen appears.
3. Select Notify Administrator for high risk hosts.
4. Specify a sending interval.
   • Summarize notifications and send one notification according to a set interval.
   • Send immediately after each detection.

   Tip Trend Micro recommends sending summary notifications for better performance.

5. (Optional) Configure the notification recipients.
   For details, see Configuring Email Notification Settings.
6. (Optional) Modify the default message content.
   1. Type a subject that does not exceed 256 characters.
   2. Type message content that does not exceed 4,096 characters.
   Use any of the following message tokens to customize the notification template.

   Message Token	Description
   __AFFECTED_HOST__	Affected host
   __BEHAVIOR__	Description of suspicious behavior
   __DATE__	Threat detection date and time
   __DIRECTION__	Network traffic direction
   __DST_ACCOUNT__	Destination account
   __DST_GROUP__	Destination group
   __DST_IP_ADDR__	Destination IP
   __DST_MAC_ADDR__	Destination MAC address
   __DST_PORT__	Destination port
   __DST_ZONE__	Destination zone
   __HOSTNAME__	Host name
   __HOST_IP__	High-risk host IP address
   __INCIDENT_COUNT__	Number of high risk hosts
   __LOG_QUERY_URL__	Link to the All Detections screen on the management console
   __NETWORK_PROTOCOL__	Network protocol
   __SRC_ACCOUNT__	Source account
   __SRC_GROUP__	Source group
   __SRC_IP_ADDR__	Source IP address
   __SRC_MAC_ADDR__	Source MAC address
   __SRC_PORT__	Source port
   __SRC_ZONE__	Source zone
   __TIMESTAMP__	Notification date and time

7. Click Save.