Deep Discovery Inspector can send notifications when detecting high-risk hosts. A host is considered high-risk
when a high severity event is detected.
Procedure
- Add at least one monitored network group.For details, see Adding Network Groups.
- Go to .
- Select Notify Administrator for high risk hosts.
- Specify a sending interval.
-
Summarize notifications and send one notification according to a set interval.
-
Send immediately after each detection.
Tip
Trend Micro recommends sending summary notifications for better performance. -
- (Optional) Configure the notification recipients.For details, see Configuring Email Notification Settings.
- (Optional) Modify the default subject and message body.
Note
-
The message body cannot exceed 4,096 characters.
-
The message subject cannot exceed 256 characters.
You can use any of the following message tokens when customizing the notification.Message TokenDescription__AFFECTED_HOST__Affected host__BEHAVIOR__Description of suspicious behavior__DATE__Threat detection date and time__DIRECTION__Network traffic direction__DST_ACCOUNT__Destination account__DST_GROUP__Destination group__DST_IP_ADDR__Destination IP__DST_MAC_ADDR__Destination MAC address__DST_PORT__Destination port__DST_ZONE__Destination zone__HOSTNAME__Host name__HOST_IP__High-risk host IP address__INCIDENT_COUNT__Number of high risk hosts__LOG_QUERY_URL__Link to the All Detections screen on the management console__NETWORK_PROTOCOL__Network protocol__SRC_ACCOUNT__Source account__SRC_GROUP__Source group__SRC_IP_ADDR__Source IP address__SRC_MAC_ADDR__Source MAC address__SRC_PORT__Source port__SRC_ZONE__Source zone__TIMESTAMP__Notification date and time -
- Click Save.