The following table describes the token variables that can be used to customize the subject line of alert notifications.
Not all tokens are available for all alerts.
|
Token |
Description |
|---|---|
|
%AlertLevel% |
The level of the alert notification. |
|
%AlertName% |
The name of the alert notification. |
|
%AlertType% |
The type of the alert notification. |
|
%HostName% |
The Deep Discovery Director (Consolidated Mode) host name. |
|
%ProductShortName% |
The Deep Discovery Director (Consolidated Mode) short name. |
The following table describes the token variables used in the message body of alert notifications.
The message body of alert notifications cannot be modified.
|
Token |
Description |
|---|---|
|
%LoopStart% %LoopEnd% |
Any text between these two tokens is repeated until all system errors have been listed. |
|
%IssueDescription% |
The description of the system error. |
|
%Recommendation% |
The recommendation on how to resolve the system error. |
|
%DateTime% |
The date and time the alert was triggered. |
|
%ConsoleURL% |
The Deep Discovery Director (Consolidated Mode) management console URL. |
|
%DataBaseUsage% |
The total database partition usage. |
|
%FreeDataBaseSpace% |
The free database partition space. |
|
%YaraRulesPage% |
The URL to the YARA Rules screen on the Deep Discovery Director (Consolidated Mode) management console. |
|
%STIXPage% |
The URL to the STIX screen on the Deep Discovery Director (Consolidated Mode) management console. |
|
%LicenseLoopStart% %LicenseLoopEnd% |
Any text between these two tokens is repeated until all license items have been listed. |
|
%LicenseDescription% |
The description of the license. |
|
%LicenseType% |
The license type. |
|
%LicenseStatus% |
The license status. |
|
%ExpirationDate% |
The license expiration date. |
|
%DaysBeforeExpiration% |
The number of days before the license expires. |
|
%LicensePageURL% |
The URL to the License screen on the Deep Discovery Director (Consolidated Mode) management console. |
|
%ServiceLoopStart% %ServiceLoopEnd% |
Any text between these two tokens is repeated until all stopped services have been listed. |
|
%ServiceID% |
The ID of the stopped service. |
|
%TriggerTime% |
The date and time the service stopped. |
|
%HighRiskLevelDetections% |
The number of correlated events that have been found. |
|
%AlertConsole% |
The URL to the rule page on the Deep Discovery Director (Consolidated Mode) management console. |
|
%LastDetectedTime% |
The date and time of the last detection. |
|
%CorrelatedEventsPage% |
The URL to the Correlated Events screen on the Deep Discovery Director (Consolidated Mode) management console. |
|
%AttachmentHint% |
A hint about the attached file. |
|
%TotalDetections% |
The total number of detections. |
|
%HighRiskLevelDetections% |
The number of email messages that were assigned a high risk level. |
|
%MediumRiskLevelDetections% |
The number of email messages that were assigned a medium risk level. |
|
%LowRiskLevelDetections% |
The number of email messages that were assigned a low risk level. |
|
%UnavailableRiskLevelDetections% |
The number of email messages that were assigned an unavailable risk level. |
|
%EmailMessagePage% |
The URL to the Email Messages screen on the Deep Discovery Director (Consolidated Mode) management console. |
|
%HighSeverityDetections% |
The number of network detections that were assigned a high severity level. |
|
%MediumSeverityDetections% |
The number of network detections that were assigned a medium severity level. |
|
%LowSeverityDetections% |
The number of network detections that were assigned a low severity level. |
|
%InformationalSeverityDetections% |
The number of network detections that were assigned an informational severity level. |
|
%NetworkDetectionPage% |
The URL to the Network Detections screen on the Deep Discovery Director (Consolidated Mode) management console. |
|
%SuccessLoopStart% %SuccessLoopEnd% |
Any text between these two tokens is repeated until all completed plans have been listed. |
|
%CompletedPlanName% |
The name of the completed plan. |
|
%Detail_page_URL% |
The URL to the Details screen of the plan on the Deep Discovery Director (Consolidated Mode) management console. |
|
%CompletedPlanType% |
The type of the completed plan. |
|
%CompletedDateTime% |
The date and time the plan was completed. |
|
%FailedLoopStart% FailedLoopEnd |
Any text between these two tokens is repeated until all unsuccessful plans have been listed. |
|
%UnsuccessfulPlanName% |
The name of the unsuccessful plan. |
|
%UnsuccessfulPlanType% |
The type of the unsuccessful plan. |
|
%ApplianceUnsuccessfulNumber% |
The number of appliances that unsuccessfully executed the plan. |
|
%ApplianceUnreachableNumber% |
The number of appliances that were unreachable. |
|
%ApplianceCanceledNumber% |
The number of appliances where the plan was canceled. |
|
%LogPartitionUsage% |
The total log partition usage. |
|
%FreeLogPartitionSpace% |
The free log partition space. |
|
%LogPartitionSpaceThreshold% |
The low free disk space threshold value. |
|
%StoragePage% |
The URL to the Storage screen on the Deep Discovery Director (Consolidated Mode) management console. |
|
%RepositoryUsage% |
The total repository usage. |
|
%FreeRepositorySpace% |
The free repository space. |
|
%PageURL% |
The URL to the Repository screen on the Deep Discovery Director (Consolidated Mode) management console. |
|
%FileUploadLoopStart% %FileUploadLoopEnd% |
Any text between these two tokens is repeated until all file upload results have been listed. |
|
%FileName% |
The name of the uploaded file. |
|
%FileType% |
The type of the uploaded file. |
|
%UploadResult% |
The result of the upload. |
|
%UploadDateTime% |
The date and time the file was uploaded. |
|
%RepositoryURL% |
The URL to the Repository screen on the Deep Discovery Director (Consolidated Mode) management console. |
|
%PlanPageURL% |
The URL to the Plans screen on the Deep Discovery Director (Consolidated Mode) management console. |