Alert Notification Message Tokens

The following table explains the tokens available for alert notifications. Use the table to understand which alert rules accept the message token and the information that the token provides in an alert notification.

Note:

Not every alert notification can accept every message token. Review the alert's parameter specifications before using a message token. For details, see Alert Notification Parameters.

Table 1. Message Tokens

Token

Description

Where Allowed

%ActiveApplianceIP%

The IP address of the Deep Discovery Analyzer active primary appliance

Example:

  • 123.123.123.123 | 2001:0:3238:DFE1:63::FEFB

High Availability Restored

High Availability Suspended

Passive Primary Appliance Activated

%ActiveApplianceName%

The host name of the Deep Discovery Analyzer active primary appliance

Examples:

  • DDAN
  • DDAN-ABC123

High Availability Restored

High Availability Suspended

Passive Primary Appliance Activated

%ApplianceError%

The error encountered by the appliance

Examples:

  • Not connected

  • Invalid API key

  • Incompatible software version

Secondary Appliance Unresponsive

%ApplianceIP%

The IP address of the Deep Discovery Analyzer appliance

Example:

  • 123.123.123.123 | 2001:0:3238:DFE1:63::FEFB

All

  • High Availability Restored

  • High Availability Suspended

  • Passive Primary Appliance Activated

%ApplianceName%

The host name of the Deep Discovery Analyzer appliance

Examples:

  • DDAN
  • DDAN-ABC123

All

  • High Availability Restored

  • High Availability Suspended

  • Passive Primary Appliance Activated

%BackupServer%

The host name or IP address of the backup server

Examples:

  • my.example.com

  • 123.123.123.123

  • 2001:0:3238:DFE1:63::FEFB

Backup Server Inaccessible

%ComponentList%

The list of components

Examples:

  • Advanced Threat Scan Engine

  • Deep Discovery Malware Pattern

  • IntelliTrap Exception Pattern

  • IntelliTrap Pattern

Component Update Unsuccessful

%ConsoleURL%

The Deep Discovery Analyzer management console URL

Example:

  • https://192.168.85.69/ | https://[2001:0:3238:DFE1:63::FEFB]/

All

%CPUThreshold%

The average CPU usage as a percentage allowed in the last 5 minutes before Deep Discovery Analyzer sends an alert notification

Example:

  • 80%

High CPU Usage

%CPUUsage%

The total CPU usage as a percentage in the last 5 minutes

Example:

  • 80%

High CPU Usage

%DateTime%

The date and time the alert was initiated

Example:

  • 2014-03-21 03:34:09

All

%DaysBeforeExpiration%

The number of days before the product license expires

Example:

  • 4

License Expiration

%DiskThreshold%

The disk usage as a percentage allowed before Deep Discovery Analyzer sends an alert notification

Example:

  • 85%

High Disk Usage

%DiskUsage%

The total disk usage as a percentage

Example:

  • 85%

High Disk Usage

%ExpirationDate%

The date that the product license expires

Example:

  • 2014-03-21 03:34:09

License Expiration

%FreeDiskSpace%

The amount of free disk space in GB

Example:

  • 50GB

High Disk Usage

%HighRiskThreshold%

The maximum number of new high-risk objects identified during the specified time period before Deep Discovery Analyzer sends an alert notification

Example:

  • 10

New High-Risk Objects Identified

%LicenseStatus%

The current status of the product license

Example:

  • Activated

License Expiration

%LockedAccount%

The account that was locked

Example:

  • guest

Account Locked

%MemThreshold%

The average memory usage as a percentage allowed in the last 5 minutes before Deep Discovery Analyzer sends an alert notification

Example:

  • 90%

High Memory Usage

%MemUsage%

The total memory usage as a percentage in the last 5 minutes

Example:

  • 90%

High Memory Usage

%NetworkShare%

The network share folder information

Example:

Share name: test | Server address:123.123.123.123 | Protocol: CIFS

Network Share Inaccessible

%PasssiveApplianceIP%

The IPv4 address of the Deep Discovery Analyzer passive primary appliance

Example:

  • 123.123.123.123

High Availability Restored

High Availability Suspended

Passive Primary Appliance Activated

%PassiveApplianceName%

The host name of the Deep Discovery Analyzer passive primary appliance

Examples:

  • DDAN
  • DDAN-ABC123

High Availability Restored

High Availability Suspended

Passive Primary Appliance Activated

%ProductName%

The product name

Example:

  • Deep Discovery Analyzer

All

%ProductShortName%

The abbreviated product name

Example:

  • DDAn

All

%SandboxQueue%

The submission count in the sandbox queue waiting to be analyzed by Virtual Analyzer

Example:

  • 100

Long Virtual Analyzer Queue

%SandboxQueueThreshold%

The maximum number of submissions in the sandbox queue before Deep Discovery Analyzer sends an alert notification

Example:

  • 30

Long Virtual Analyzer Queue

%SyslogServer%

The host name or IP address of the syslog server

Examples:

  • my.example.com

  • 123.123.123.123

  • 2001:0:3238:DFE1:63::FEFB

Syslog Server Inaccessible

%TimeRange%

The time period observed for new high-risk objects before Deep Discovery Analyzer sends an alert notification

Examples:

  • 5 minutes

  • 30 minutes

  • 1 hour

  • 12 hours

  • 24 hours

New High-Risk Objects Identified

%UpdateError%

The list of update errors

Examples:

  • Unable to download: Advanced Threat Scan Engine

  • Unable to update: Deep Discovery Malware Pattern

  • Unable to update: IntelliTrap Exception Pattern. The appliance is configuring Virtual Analyzer instances or shutting down.

Component Update Unsuccessful

%ServiceList%

The services affected by the issue

Example:

  • Internal Virtual Analyzer network (eth1, No proxy)

Connection Issue

%SandboxProcessTimeThreshold%

The maximum amount of time spent processing a sample before Deep Discovery Analyzer sends an alert notification

Long Virtual Analyzer Processing Time alert

%SampleList%

The samples affected by the issue

Long Virtual Analyzer Processing Time alert

%TotalSampleNumber%

The total number of samples affected by the issue

Long Virtual Analyzer Processing Time alert

%CheckingDuration%

The amount of time it takes to perform each check

High CPU Usage

High Memory Usage

%CheckingInterval%

The amount of time between each check

High CPU Usage

High Memory Usage

High Disk Usage

%DiagnosisTip%

Recommendations on how to resolve the issue

Connection Issue