The following table describes token variables for customizing event notification messages for Behavior Monitoring violations and Predictive Machine Learning detections.
|
Variable |
Description |
|---|---|
|
%cmserver% |
The Apex Central server name |
|
%computer% |
The name of the endpoint |
|
%entity% |
The display name of the managed product server in Apex Central |
|
%event% |
The event detected |
|
%pname% |
The name of the managed product |
|
%pver% |
The version of the managed product |
|
%time% |
The time (hh:mm) when the event occurred |
|
%vloginuser% |
The logged on user name at the time of the event |
|
%act% |
The action taken by the managed product. Example: file cleaned, file deleted, file quarantined |
|
%actresult% |
The result of the action taken by the managed product. Example: successful, further action required |
|
%hostIP% |
The IP address of the endpoint |
|
%START_TIME% |
The start date and time of the detection period |
|
%END_TIME% |
The end date and time of the detection period |
|
%detections% |
The number of detections |
|
%domain% |
The root domain of the target in the Apex One domain hierarchy |
|
%hierarchy% |
The full path of the target in the Apex One domain hierarchy |
|
%BM_policy% |
The Behavior Monitoring policy ID |
|
%risklevel% |
The risk level of the event |
|
%target% |
The target of the event |