Configuring Security Risk Notifications for Administrators

The Administrator Notifications screen appears.

1. Go to the Virus/Malware and Spyware/Grayware sections.
2. Specify whether to send notifications when Apex One detects virus/malware and spyware/grayware, or only when the action on these security risks is unsuccessful.

1. Go to the Virus/Malware Detections and Spyware/Grayware Detections sections.
2. Select Enable notification via email.
3. Select Send notifications to users with agent tree domain permissions.

   You can use Role-based Administration to grant agent tree domain permissions to users. If a detection occurs on any Security Agent belonging to a specific domain, the email will be sent to the email addresses of the users with domain permissions. See the following table for examples:

   Table 1. Agent Tree Domains and Permissions

   Agent Tree Domain	Roles with Domain Permissions	User Account with the Role	Email Address for the User Account
   Domain A	Administrator (built-in)	root	mary@xyz.com
   	Role_01	admin_john	john@xyz.com
   		admin_chris	chris@xyz.com
   Domain B	Administrator (built-in)	root	mary@xyz.com
   	Role_02	admin_jane	jane@xyz.com

   If any Security Agent belonging to Domain A detects a virus, the email will be sent to mary@xyz.com, john@xyz.com, and chris@xyz.com.

   If any Security Agent belonging to Domain B detects spyware, the email will be sent to mary@xyz.com and jane@xyz.com.

   Note:

   If you enable this option, all users with domain permissions must have a corresponding email address. The email notification will not be sent to users without an email address. Users and email addresses are configured from Administration > Account Management > User Accounts.

4. Select Send notifications to the following email address(es) and then type the email addresses.
5. Specify the Subject used in the email notification.
6. Specify the Message contents.

   Apex One supports use of tokens in the Subject and Message fields.

   Table 2. Token Variables for Security Risk Notifications

   Variable Token	Description
   Virus/Malware detections
   %v	Security threat name
   %s	Endpoint with the detection
   %i	IP address of the endpoint
   %c	MAC address of the endpoint
   %m	Domain of the endpoint
   %p	Location of virus/malware
   %y	Date and time of detection
   %e	Virus Scan Engine version
   %r	Virus Pattern version
   %a	Action performed on the security risk
   %n	Name of the user logged on to the endpoint
   %g	GUID of the Security Agent
   %b	Scan type
   Spyware/Grayware detections
   %s	Endpoint with the detection
   %i	IP address of the endpoint
   %m	Domain of the endpoint
   %y	Date and time of detection
   %n	Name of the user logged on to the endpoint
   %T	Spyware/Grayware and scan result
   %d	Detailed information regarding spyware/grayware detection
   %g	GUID of the Security Agent
   %b	Scan type

1. Go to the Virus/Malware Detections and Spyware/Grayware Detections sections.
2. Select Enable notification via SNMP trap.
3. Accept or modify the default message. You can use token variables in the following table to represent data in the Message field.

   Table 3. Token Variables for Security Risk Notifications

   Variable	Description
   Virus/Malware detections
   %v	Security threat name
   %s	Endpoint with the detection
   %i	IP address of the endpoint
   %c	MAC address of the endpoint
   %m	Domain of the endpoint
   %p	Location of virus/malware
   %y	Date and time of detection
   %e	Virus Scan Engine version
   %r	Virus Pattern version
   %a	Action performed on the security risk
   %n	Name of the user logged on to the endpoint
   %g	GUID of the Security Agent
   %b	Scan type
   Spyware/Grayware detections
   %s	Endpoint with the detection
   %i	IP address of the endpoint
   %m	Domain of the endpoint
   %y	Date and time of detection
   %n	Name of the user logged on to the endpoint
   %T	Spyware/Grayware and scan result
   %v	Security threat name
   %a	Action performed on the security risk
   %d	Detailed information regarding spyware/grayware detection
   %g	GUID of the Security Agent

1. Go to the Virus/Malware Detections and Spyware/Grayware Detections sections.
2. Select Enable notification via NT Event Log.
3. Accept or modify the default message. You can use token variables in the following table to represent data in the Message field.

   Table 4. Token Variables for Security Risk Notifications

   Variable	Description
   Virus/Malware detections
   %v	Security threat name
   %s	Endpoint with the detection
   %i	IP address of the endpoint
   %c	MAC address of the endpoint
   %m	Domain of the endpoint
   %p	Location of virus/malware
   %y	Date and time of detection
   %e	Virus Scan Engine version
   %r	Virus Pattern version
   %a	Action performed on the security risk
   %n	Name of the user logged on to the endpoint
   %g	GUID of the Security Agent
   %b	Scan type
   Spyware/Grayware detections
   %s	Endpoint with the detection
   %i	IP address of the endpoint
   %m	Domain of the endpoint
   %y	Date and time of detection
   %n	Name of the user logged on to the endpoint
   %T	Spyware/Grayware and scan result
   %v	Security threat name
   %a	Action performed on the security risk
   %d	Detailed information regarding spyware/grayware detection
   %g	GUID of the Security Agent