Procedure

1. Navigate to Notifications → Administrator Notifications → Outbreak Notifications.
2. On the Criteria tab, configure the following options:

   Option	Description
   Same compromised host	Select to define an outbreak based on the callback detections per endpoint
   C&C list source	Specify whether to include all C&C source lists, only the Global Intelligence list, or only the Virtual Analyzer list
   C&C risk level	Specify whether to trigger an outbreak on all C&C callbacks or only high risk sources
   Action	Select from Any action, Logged, or Blocked
   Detections	Indicate the required number of detections that defines an outbreak
   Time Period	Indicate the number of hours that the number of detections must occur within

   Tip Trend Micro recommends accepting the default values in this screen.

3. In the Email tab:
   1. Go to the C&C Callbacks section.
   2. Select Enable notification via email.
   3. Specify the email recipients.
   4. Accept or modify the default email subject and message. You can use token variables to represent data in the Subject and Message fields.

      Token Variables for C&C Callbacks Outbreak Notifications

      Variable	Description
      %C	Number of C&C callback logs
      %T	Time period when the C&C callback logs accumulated

   5. Select from the available additional C&C callback information to include in the email.
4. In the SNMP Trap tab:
   1. Go to the C&C Callbacks section.
   2. Select Enable notification via SNMP trap.
   3. Accept or modify the default message. You can use token variables to represent data in the Message field. See Token Variables for C&C Callbacks Outbreak Notifications for details.
5. In the NT Event Log tab:
   1. Go to the C&C Callbacks section.
   2. Select Enable notification via NT Event Log.
   3. Accept or modify the default message. You can use token variables to represent data in the Message field. See Token Variables for C&C Callbacks Outbreak Notifications for details.
6. Click Save.