Notification variablesΒΆ
When adding an action to a notification profile, you have the option to add variables in the notification message. These variables allow you to customize the content of the notification message and are replaced with actual values when the notification is sent.
%m is the default variable when setting up an action to a notification profile. This means that the notification will show the message that appears in the Alarm Monitor page which includes information specific to the event.
However, you can add one or more of the following variables in the Message field, in any combination:
%m |
Message |
Specific message generated by the policy violated |
%pol |
Policy Violated |
Indicates the name of the policy that generated the current notification |
%v |
Violator Addresses |
IP addresses that violated the policy causing the notification |
%url |
Report Threshold Event URL |
The URL of a report for a Saved Report Threshold Violation |
%h |
Host |
The host sending the notification, in this case, Plixer Scrutinizer |
%v_resolved |
Resolved Violators |
Indicates that the IP addresses that violated the policy are resolved |
%id |
Event ID |
The identifier for the logged event that generated the current notification |
%h_resolved |
Host name |
Indicates the host name where the resolved violation occurred |
%violator_users |
Violator Usernames |
Usernames associated with a violating host |
%time |
Alarm Time |
The time that the policy that generated the current notification was violated |
%p |
Protocol |
Specifies the name of the violating protocol, if applicable |
%t |
Target Addresses |
IP addresses of the target machines |
%tactic_id |
Tactic ID |
The ID of the malicious tactic, as identified by MITRE |
%tactic_name |
Tactic name |
The name of the malicious tactic, as identified by MITRE |
%target_users |
Target Usernames |
Usernames associated with a targeted host |
%technique_id |
Technique ID |
The ID of the malicious technique, as identified by MITRE |
%technique_name |
Technique name |
The name of the malicious technique, as identified by MITRE |
%category |
Category |
The category of the policy violated |