The following table describes token variables for customizing Data Loss Prevention event notification messages.
For the list of standard token variables supported by all event notifications, see Standard Token Variables.
|
Variable |
Description |
|---|---|
|
%DLP_INCIDENT_TOTAL_NUM% |
The total number of incidents triggered by directly managed users |
|
%DLP_INCIDENT_HIGH_NUM% |
The total number of high severity incidents triggered by directly managed users |
|
%DLP_INCIDENT_MED_NUM% |
The total number of medium severity incidents triggered by directly managed users |
|
%DLP_INCIDENT_LOW_NUM% |
The total number of low severity incidents triggered by directly managed users |
|
%DLP_INCIDENT_INFO_NUM% |
The total number of informational incidents triggered by directly managed users |
|
%DLP_INCIDENT_UNDEFINED_NUM% |
The total number of undefined severity incidents triggered by directly managed users |
|
%DLP_INCIDENT_ALLTOTAL_NUM% |
The total number of incidents triggered by all managed users |
|
%DLP_INCIDENT_ALLHIGH_NUM% |
The total number of high severity incidents triggered by all managed users |
|
%DLP_INCIDENT_ALLMED_NUM% |
The total number of medium severity incidents triggered by all managed users |
|
%DLP_INCIDENT_ALLLOW_NUM% |
The total number of low severity incidents triggered by all managed users |
|
%DLP_INCIDENT_ALLINFO_NUM% |
The total number of informational incidents triggered by all managed users |
|
%DLP_INCIDENT_ALLUNDEFINED_NUM% |
The total number of undefined severity incidents triggered by all managed users |
|
%DLP_START_TIME% |
The start date and time for the reporting period |
|
%DLP_END_TIME% |
The end date and time for the reporting period |
|
%weblink% |
The link to view details of the incident information listed in the notification message |
|
%INCIDENTID% |
Incident ID number |
|
%SEVERITY% |
Incident severity level |
|
%POLICY% |
Apex Central policy name Note:
For incidents triggering DLP policies created on the managed product console, the Apex Central policy name appears as N/A. |
|
%ACCOUNT% |
User name |
|
%OLD_STATUS% |
Incident status before modification |
|
%NEW_STATUS% |
Incident status after modification |
|
%LATEST_COMMENT% |
The latest comments about the incident |
|
%DLP_VIOLATION_NUM% |
The number of violations matching DLP policies |
|
%DLP_THRESHOLD% |
The number of violations that must be triggered to indicate a significant increase on policy violations |
|
%DLP_TEMPLATE% |
Template matching the significant incident increase |
|
%DLP_USER_NAME% |
The user name associated with the endpoint that triggered the DLP policy violation |
|
%DLP_SENDER% |
The sender of the message that triggered the DLP policy violation |
|
%DLP_CHANNEL% |
The channel of the incident that triggered the DLP policy violation |
|
%STATUS_CHANGE_TIME% |
Incident details updated |