Known Threat Activity Token Variables

Scan engine version

Used by the alert event category as well as the "Active Outbreak Prevention Policy received" and "Outbreak Prevention Mode started" notifications. For the notification types of the alert event category, this variable refers to the scan engine version currently installed on the managed product server.

For the "Active Outbreak Prevention Policy received" and "Outbreak Prevention Mode started" notifications, this variable refers to the Outbreak Prevention Policy required.

The location of the endpoint within the Apex One domain hierarchy

Used by the alert event category

Virus pattern version

Used by the alert event category and the "Active Outbreak Prevention Policy received" and "Outbreak Prevention Services started" notifications. For the notification types of the alert event category, this variable refers to the virus pattern version currently installed on the managed product server.

For the "Active Outbreak Prevention Policy received" and "Outbreak Prevention Services started" notifications, this variable refers to the Outbreak Prevention Policy required.

Virus found-first action unsuccessful and second action unavailable

Virus found-first and second actions unsuccessful

Virus found-first action successful

Virus found-second action successful

Virus/malware threat information provided by outbreak prevention policies

Used by "Active Outbreak Prevention Policy received" and "Outbreak Prevention Services started"

Virus count.

Used by virus outbreak alert.

Virus/malware destination.

Examples:

Email detection: %vdest% is the intended recipient

Host-based/Endpoint detection: %vdest% is the endpoint IP address or host name

Used by the alert event category

Virus/malware origin or infection source.

For example, the message sender takes the value of %vsrc% if an antivirus managed product detected a virus/malware in an email message.

Used by the alert event category as well as the network virus alert notification type.