Critical Alert Parameters Parent topic

You can customize alert notification parameters for the following critical alerts:
  • Security: Multiple Advanced Threats Detected in Specified Network Groups
  • Security: Multiple Ransomware Detected in Specified Network Groups
  • Security: Multiple C&C Callbacks Detected in Specified Network Groups
  • Security: Multiple Coin Miners Detected in Specified Network Groups
  • System: Service Stopped/Abnormal
  • System: License Expiration
  • System: Network Is Down
Important
Important
You must configure an SMTP server to send notifications. For details, see Configuring the Notification SMTP Server.

Security: Multiple Advanced Threats Detected in Specified Network Groups

Parameter
Description
Status
Select an option to enable or disable the alert.
Alert level
Displays the alert level in email messages.
Detections
Specifies the detection threshold that will trigger the alert. You can customize this parameter. Valid detection options: 5, 10, or 20
The default is 10.
Alert frequency
Select the time interval that Deep Discovery Web Inspector checks for the alert rule criteria.
Valid alert frequency options: Immediate, Once every 5 minutes, Once every 30 minutes, Once every hour, Once a day
The default is once every 5 minutes.
Network Object
Select whether the alert rule applies to any network object or to the selected network objects. The default is to apply to all networks.
If using selected network objects, select existing network objects or create new network objects to which the alert rule applies.
Exception
Select to include exceptions to the alert rule.
Recipients
Specify the recipients who will receive the triggered alert email message or select Send to all contacts to send the alert to all recipients in the contact list.
Subject
Specifies the subject of the triggered alert email message. You can customize this parameter.
Message
Specifies the body of the triggered alert email message. You can customize this parameter.
Use the following tokens to customize your message:
  • %ConsoleURL%
  • %DateTime%
  • %DeviceName%
  • %DeviceIP%
  • %Threshold%
  • %ThreatCount%

Security: Multiple Ransomware Detected in Specified Network Groups

Parameter
Description
Status
Select an option to enable or disable the alert.
Alert level
Displays the alert level in email messages.
Detections
Specifies the detection threshold that will trigger the alert. You can customize this parameter. Valid detection options: 5, 10, or 20
The default is 10.
Alert frequency
Select the time interval that Deep Discovery Web Inspector checks for the alert rule criteria.
Valid alert frequency options: Immediate, Once every 5 minutes, Once every 30 minutes, Once every hour, Once a day
The default is once every 5 minutes.
Network Object
Select whether the alert rule applies to any network object or to the selected network objects. The default is to apply to all networks.
If using selected network objects, select existing network objects or create new network objects to which the alert rule applies.
Exception
Select to include exceptions to the alert rule.
Recipients
Specify the recipients who will receive the triggered alert email message or select Send to all contacts to send the alert to all recipients in the contact list.
Subject
Specifies the subject of the triggered alert email message. You can customize this parameter.
Message
Specifies the body of the triggered alert email message. You can customize this parameter.
Use the following tokens to customize your message:
  • %ConsoleURL%
  • %DateTime%
  • %DeviceName%
  • %DeviceIP%
  • %Threshold%
  • %ThreatCount%

Security: Multiple C&C Callbacks Detected in a Specified Network Groups

Parameter
Description
Status
Select an option to enable or disable the alert.
Alert level
Displays the alert level in email messages.
Detections
Specifies the detection threshold that will trigger the alert. You can customize this parameter. Valid detection options: 5, 10, or 20
The default is 10.
Alert frequency
Select the time interval that Deep Discovery Web Inspector checks for the alert rule criteria.
Valid alert frequency options: Immediate, Once every 5 minutes, Once every 30 minutes, Once every hour, Once a day
The default is once every 5 minutes.
Network Object
Select whether the alert rule applies to any network object or to the selected network objects. The default is to apply to all networks.
If using selected network objects, select existing network objects or create new network objects to which the alert rule applies.
Exception
Select to include exceptions to the alert rule.
Recipients
Specify the recipients who will receive the triggered alert email message or select Send to all contacts to send the alert to all recipients in the contact list.
Subject
Specifies the subject of the triggered alert email message. You can customize this parameter.
Message
Specifies the body of the triggered alert email message. You can customize this parameter.
Use the following tokens to customize your message:
  • %ConsoleURL%
  • %DateTime%
  • %DeviceName%
  • %DeviceIP%
  • %Threshold%
  • %ThreatCount%

Security: Multiple Coin Miners Detected in Specified Network Groups

Parameter
Description
Status
Select an option to enable or disable the alert.
Alert level
Displays the alert level in email messages.
Detections
Specifies the detection threshold that will trigger the alert. You can customize this parameter. Valid detection options: 5, 10, or 20
The default is 10.
Alert frequency
Select the time interval that Deep Discovery Web Inspector checks for the alert rule criteria.
Valid alert frequency options: Immediate, Once every 5 minutes, Once every 30 minutes, Once every hour, Once a day
The default is once every 5 minutes.
Network Object
Select whether the alert rule applies to any network object or to the selected network objects. The default is to apply to all networks.
If using selected network objects, select existing network objects or create new network objects to which the alert rule applies.
Exception
Select to include exceptions to the alert rule.
Recipients
Specify the recipients who will receive the triggered alert email message or select Send to all contacts to send the alert to all recipients in the contact list.
Subject
Specifies the subject of the triggered alert email message. You can customize this parameter.
Message
Specifies the body of the triggered alert email message. You can customize this parameter.
Use the following tokens to customize your message:
  • %ConsoleURL%
  • %DateTime%
  • %DeviceName%
  • %DeviceIP%
  • %Threshold%
  • %ThreatCount%

System: Service Stopped/Abnormal

Parameter
Description
Status
Select an option to enable or disable the alert.
Alert level
Displays the alert level in email messages.
Alert frequency
Note
Note
You cannot configure alert frequency for this notification. The default is to send the notification immediately.
Recipients
Specify the recipients who will receive the triggered alert email message or select Send to all contacts to send the alert to all recipients in the contact list.
Subject
Specifies the subject of the triggered alert email message. You can customize this parameter.
Message
Specifies the body of the triggered alert email message. You can customize this parameter.
Use the following tokens to customize your message:
  • %ConsoleURL%
  • %DateTime%
  • %DeviceName%
  • %DeviceIP%
  • %ServiceName%

System: License Expiration

Parameter
Description
Status
Select an option to enable or disable the alert.
Alert level
Displays the alert level in email messages.
Alert frequency
Note
Note
You cannot configure alert frequency for this notification. The default is to send the notification immediately.
Recipients
Specify the recipients who will receive the triggered alert email message or select Send to all contacts to send the alert to all recipients in the contact list.
Subject
Specifies the subject of the triggered alert email message. You can customize this parameter.
Message
Specifies the body of the triggered alert email message. You can customize this parameter.
Use the following tokens to customize your message:
  • %ConsoleURL%
  • %DateTime%
  • %DeviceName%
  • %DeviceIP%
  • %DaysBeforeExpiration%
  • %ExpirationDate%
  • %LicenseStatus%
  • %LicenseType%

System: Network Is Down

Parameter
Description
Status
Select an option to enable or disable the alert.
Alert level
Displays the alert level in email messages.
Alert frequency
Note
Note
You cannot configure alert frequency for this notification. The default is to send the notification immediately.
Recipients
Specify the recipients who will receive the triggered alert email message or select Send to all contacts to send the alert to all recipients in the contact list.
Subject
Specifies the subject of the triggered alert email message. You can customize this parameter.
Message
Specifies the body of the triggered alert email message. You can customize this parameter.
Use the following tokens to customize your message:
  • %ConsoleURL%
  • %DateTime%
  • %DeviceName%
  • %DeviceIP%
  • %PortName%