The following table describes token variables for customizing Attack Discovery
event notification messages.
|
Variable
|
Description
|
%cmserver% |
The Apex Central server name
|
%computer% |
The name of the endpoint
|
%entity% |
The display name of the managed product server in
Apex Central
|
%event% |
The event detected
|
%pname% |
The name of the managed product
|
%pver% |
The version of the managed product
|
%time% |
The time (hh:mm) when the event occurred
|
%vloginuser% |
The logged on user name at the time of the event
|
%act% |
The action taken by the managed product. Example: file
cleaned, file deleted, file quarantined
|
%actresult% |
The result of the action taken by the managed
product. Example: successful, further action required
|
%highrisk_detection%
|
The number of high-risk detections for the specified period
|
%highrisk_detection_endpoint%
|
The number of endpoints with high-risk detections for the specified
period
|
%mediumrisk_detection%
|
The number of medium-risk detections for the specified
period
|
%mediumrisk_detection_endpoint%
|
The number of endpoints with medium-risk detections for
the specified period
|
%start_time%
|
The start date and time of the detection period
|
%end_time%
|
The end date and time of the detection period
|