Suspicious Hosts Detections Notifications Parent topic

Deep Discovery Inspector can send notifications when detecting suspicious hosts. A host is considered suspicious when the number of detections associated with it reaches the configured threshold. Suspicious Hosts Detections notifications contain information that can help determine the cause of the increased detections.

Procedure

  1. Go to AdministrationNotificationsNotification SettingsSuspicious Hosts Detections.
  2. Select Notify administrator if number of detections per IP address.
  3. Specify the detection threshold.
    Tip
    Tip
    Trend Micro recommends using the default settings.
  4. (Optional) Configure the notification recipients.
    For details, see Configuring Email Notification Settings.
  5. (Optional) Modify the default subject and message body.
    Note
    Note
    • The message body cannot exceed 4,096 characters.
    • The message subject cannot exceed 256 characters.
    You can use any of the following message tokens when customizing the notification.
    Message Token
    Description
    __LOOP_END__
    End of message token loop
    __LOOP_HOST_IP__
    Host IP address
    __LOOP_INCIDENT_NUMBER__
    Incident count
    __LOOP_INCIDENT_THRESHOLD__
    Incident threshold
    __LOOP_START__
    Start of message token loop
    __TIMESTAMP__
    Notification date and time
    Note
    Note
    The following tokens repeat as needed inside message token loops:
    • __LOOP_HOST_IP__
    • __LOOP_INCIDENT_NUMBER__
    • __LOOP_INCIDENT_THRESHOLD__
  6. Click Save.