Unknown Threat Activity Token Variables

The following table describes token variables for customizing event notification messages for Behavior Monitoring violations and Predictive Machine Learning detections.

Variable

Description

%cmserver%

The Apex Central server name

%computer%

The name of the endpoint

%entity%

The display name of the managed product server in Apex Central

%event%

The event detected

%pname%

The name of the managed product

%pver%

The version of the managed product

%time%

The time (hh:mm) when the event occurred

%vloginuser%

The logged on user name at the time of the event

%act%

The action taken by the managed product. Example: file cleaned, file deleted, file quarantined

%actresult%

The result of the action taken by the managed product. Example: successful, further action required

%hostIP%

The IP address of the endpoint

%START_TIME%

The start date and time of the detection period

%END_TIME%

The end date and time of the detection period

%detections%

The number of detections

%domain%

The root domain of the target in the Apex One domain hierarchy

%hierarchy%

The full path of the target in the Apex One domain hierarchy

%BM_policy%

The Behavior Monitoring policy ID

%risklevel%

The risk level of the event

%target%

The target of the event