Threat Detection Notifications Parent topic

Deep Discovery Inspector can send notifications when detections reach the specified threshold. Threat Detection notifications specify the number of detections for each threat type.

Procedure

  1. Go to AdministrationNotificationsNotification SettingsThreat Detections.
  2. Select Notify Administrator if number of threat detections for:.
  3. Specify the threshold for outbound and inbound traffic.
    • Outbound traffic: Detections from monitored networks
    • Inbound traffic: Detections from outside the network
  4. Select the types of threats to detect.
  5. (Optional) Configure the notification recipients.
  6. (Optional) Modify the default subject and message body.
    Important
    Important
    • The message subject cannot exceed 256 characters.
    • The message body cannot exceed 4,096 characters.
    You can use any of the following message tokens when customizing the notification.
    Message Token
    Description
    __LOOP_END__
    End of message token loop
    __LOOP_RISKS_COUNT__
    Detection count
    __LOOP_RISKS_DIRECTION__
    Direction of network traffic
    __LOOP_RISKS_NAME__
    Detection type
    __LOOP_RISKS_THRESHOLD__
    Detection threshold
    __LOOP_START__
    Start of message token loop
    __TIMESTAMP__
    Notification date and time
    Important
    Important
    The following tokens repeat as needed inside message token loops:
    • __LOOP_RISKS_COUNT__
    • __LOOP_RISKS_DIRECTION__
    • __LOOP_RISKS_NAME__
    • __LOOP_RISKS_THRESHOLD__
  7. Click Save.