Advanced Threat Activity Token Variables | Trend Micro Service Central

Views:

The following table describes token variables for customizing Advanced Threat Activity event notification messages.

Note:

For the list of standard token variables supported by all event notifications, see Standard Token Variables.

Variable	Description
`%hostIP%`	Depending on the traffic direction, %hostIP% is IP address determined by Deep Discovery Inspector: Outbound traffic (internal traffic going to an external network): `%hostIP%` is the IP address of the endpoint in the network (source) Traffic within the network: `%hostIP%` is the IP address of the endpoint in the network External traffic to an endpoint in a network: `%hostIP%` is the IP address of the endpoint in the network Traffic outside the network: `%hostIP%` is the IP address of the endpoint outside the network
`%group%`	The name of the subnetwork
`%START_TIME%`	The start date and time of the detection period Note: The specified time period for the notification criteria determines the start and end times.
`%END_TIME%`	The end date and time of the detection period The start and end times define the time range interval. When logs are received during a certain interval, Apex Central calculates those logs. If the alert criteria is met, Apex Central counts the logs. `%START_TIME%` is the start time of the interval and `%END_TIME%` is the end time of the interval. The length of the interval is determined by the period threshold in the alert settings. Note: The specified time period for the notification criteria determines the start and end times.
`%detections%`	The number of detections For example: `Event: High risk Virtual Analyzer detections` `IP address: %hostIP%` `Host name: %computer%` `Group: %group%` `Time range: %START_TIME% - %END_TIME%` `Detections: %detections%`

Table of Contents

The page you're looking for can't be found or is under maintenance

Try again later or go back to the previous page