Alert Notification Parameters | Trend Micro Service Central

Views:

All triggered alert rules can notify recipients with a custom email message. Some alerts have additional parameters, including message count, checking interval, or risk level.

Critical Alert Parameters

Note:

For explanations about available message tokens in each alert, see Alert Notification Message Tokens.

Table 1. Virtual Analyzer Stopped
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%`

Table 2. Service Stopped
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%ServiceName%`

Table 3. Relay MTAs Unreachable
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceName%` `%DeviceIP%` `%MessageList%` `%MTAList%`

Table 4. License Expiration
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DaysBeforeExpirationATD%` `%DaysBeforeExpirationSEG%` `%DeviceName%` `%DeviceIP%` `%ExpirationDateATD%` `%ExpirationDateSEG%` `%LicenseStatusATD%` `%LicenseStatusSEG%` `%LicenseTypeATD%` `%LicenseTypeSEG%`

Important Alert Parameters

Note:

For explanations about available message tokens in each alert, see Alert Notification Message Tokens.

Table 5. Suspicious Messages Identified
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Email messages	Specify the email message threshold that will trigger the alert.
Risk level	Select the risk level that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%MessageList%`

Table 6. Watchlisted Recipients at Risk
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipient watchlist	Add recipients to the watchlist. The alert triggers when any watchlist recipient receives a suspicious or malicious email message.
Email messages	Specify the email message threshold that will trigger the alert.
Risk level	Select the risk level that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%MessageList%`

Table 7. Quarantined Messages with Detected Threats
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Quarantined messages	Specify the quarantine message threshold that will trigger the alert.
Risk level	Select the risk level that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Use the following tokens to customize your message: `%MessageList%` `%DateTime%` `%DeviceName%` `%DeviceIP%` `%ConsoleURL%`

Table 8. Long Message Delivery Queue
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Email messages	Specify the email message threshold that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeliveryQueue%` `%DeviceIP%` `%DeviceName%` `%QueueThreshold%`

Table 9. High CPU Usage
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Average CPU usage	Specify the threshold for the average CPU usage that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%CPUThreshold%` `%CPUUsage%` `%DateTime%` `%DeviceIP%` `%DeviceName%`

Table 10. Long Virtual Analyzer Submission Queue
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Submissions	Select email message threshold that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Average wait time	Select the average wait time threshold for samples waiting in the submission queue during the past hour that will trigger the alert.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DeviceIP%` `%DeviceName%` `%DateTime%` `%SandboxQueue%` `%SandboxQueueThreshold%`

Table 11. Long Virtual Analyzer Processing Time
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Average processing time	Select the average time threshold required to process samples in the sandbox queue during the past hour that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%AveSandboxProc%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%SandboxProcThreshold%`

Table 12. Low Free Disk Space
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Free Disk space	The lowest disk space threshold in GB that triggers the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%DiskSpace%`

Table 13. Component Update/Rollback Unsuccessful
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%ComponentList%` `%DateTime%` `%DeviceIP%` `%DeviceName%`

Table 14. Email Messages Timed Out Without Analysis Results
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Email messages	Specify the email message threshold that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%MessageList%` `%DateTime%` `%DeviceName%` `%DeviceIP%` `%ConsoleURL%`

Table 15. Email Message Encryption/Decryption Unsuccessful
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Email messages	Specify the email message threshold that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%MessageList%` `%DateTime%` `%DeviceName%` `%DeviceIP%` `%ConsoleURL%`

Table 16. Low Free Threat Quarantine Disk Space
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Free threat quarantine disk space	The lowest disk space threshold that triggers the alert. Note: Free threat quarantine disk space refers to the percentage of space remaining on the disk partition to store messages with detected threats.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%DiskSpace%` `%DateTime%` `%DeviceName%` `%DeviceIP%` `%ConsoleURL%`

Table 17. High Memory Usage
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Average memory usage	Select the threshold for avergae memory usage that will trigger the alert. Note: Free disk space refers to the amount of space remaining on the disk partition.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%MemoryThreshold%` `%MemoryUsage%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%ConsoleURL%`

Table 18. Long Message Deferred Queue
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Deferred messages	Specify the email message threshold that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeferredQueue%` `%DeviceIP%` `%DeviceName%` `%QueueThreshold%`

Table 19. Low Free Spam Quarantine Disk Space
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Free spam quarantine disk space	The lowest disk space threshold that triggers the alert. Note: Free spam quarantine disk space refers to the percentage of space remaining on the disk partition to store spam messages.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%DiskSpace%` `%DateTime%` `%DeviceName%` `%DeviceIP%` `%ConsoleURL%`

Table 20. Account Locked
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%Account%` `%DeviceName%` `%DeviceIP%` `%DateTime%` `%ConsoleURL%`

Table 21. Unsuccessful DKIM Signing
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Email messages	Specify the email message threshold that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%TotalMessages%` `%Interval%` `%DateTime%` `%DeviceName%` `%DeviceIP%` `%ConsoleURL%`

Table 22. Connection Issue
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Monitored services	Select one or more services to monitor.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ServiceList%` `%DateTime%` `%DiagnosisTip%` `%DeviceName%` `%DeviceIP%` `%ConsoleURL%`

Informational Alert Parameters

Note:

For explanations about available message tokens in each alert, see Alert Notification Message Tokens.

Table 23. Threat Detection Surge
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Detected messages	Select the detections threshold that will trigger the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DetectionCount%` `%DetectionThreshold%` `%DeviceIP%` `%DeviceName%` `%Interval%`

Table 24. Processing Surge
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Processed messages	The email message threshold that triggers the alert.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%Interval%` `%ProcessingCount%` `%ProcessingThreshold%`

Table 25. Component Update/Rollback Successful
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%ConsoleURL%` `%ComponentList%` `%DateTime%` `%DeviceIP%` `%DeviceName%`

Table 26. Data Loss Prevention Incident
Parameter	Description
Status	Select an option to enable or disable the alert.
Alert level	Displays the alert level in email messages.
Detected messages	Select the detections threshold that will trigger the alert.
DLP templates to monitor	Select a list view option and one or more DLP templates to monitor.
Alert frequency	View the time interval that Deep Discovery Email Inspector checks for the alert rule criteria.
Recipients	Specify the recipients who will receive the triggered alert email message.
Subject	Specify the subject of the triggered alert email message.
Message	Specify the body of the triggered alert email message. Use the following tokens to customize your message: `%DetectionCount%` `%DetectionThreshold%` `%Interval%` `%MessageList%` `%DateTime%` `%DeviceIP%` `%DeviceName%` `%ConsoleURL%`