Control Manager 7.0 > Appendices > Token Variables > Advanced Threat Activity Token Variables

Advanced Threat Activity Token Variables

The following table describes token variables for customizing Advanced Threat Activity event notification messages.

Variable	Description
`%hostIP%`	Depending on the traffic direction, %hostIP% is IP address determined by Deep Discovery Inspector: Outbound traffic (internal traffic going to an external network): `%hostIP%` is the IP address of the endpoint in the network (source) Traffic within the network: `%hostIP%` is the IP address of the endpoint in the network External traffic to an endpoint in a network: `%hostIP%` is the IP address of the endpoint in the network Traffic outside the network: `%hostIP%` is the IP address of the endpoint outside the network
`%group%`	Name of the subnetwork
`%START_TIME%`	Start time
`%END_TIME%`	End time The start and end times define the time range interval. When logs are received during a certain interval, Control Manager calculates those logs. If the alert criteria is met, Control Manager counts the logs. `%START_TIME%` is the start time of the interval and `%END_TIME%` is the end time of the interval. The length of the interval is determined by the period threshold in the alert settings.
`%detections%`	Number of detections For example: `Event: High risk Virtual Analyzer detections` `IP address: %hostIP%` `Host name: %computer%` `Group: %group%` `Time range: %START_TIME% - %END_TIME%` `Detections: %detections%`