FileAudit Documentation
FileAudit Documentation

Mail Message tab

The content of the e-mail message can be personalized via the ‘Mail message' tab. The dynamic variables are enclosed in square brackets { }. The message is different regarding the type of alert: single or mass.

Definitions of dynamic variables

Single access alert:

  • AccessMask: Display the requested access rights.
  • AccessTime: Display the time of the access attempt.
  • DisplayAccessType: Display the access types.
  • DisplayStatus: Display the status of the access attempt (‘Granted’ or ‘Denied’).
  • DomainName: Display the user domain name.
  • FileName: Display the full path of the file accessed.
  • Logon Id: Display the user login.
  • Process: Display the process(s) used to access the file. This information is available only if the access is done locally on the audited system.
  • RecNumber: Microsoft Security log record number. Only display/use for technical support purposes.
  • ServerName: Display the server name hosting the file in question.
  • ShortFileName: Display the name of the file.
  • Source: Display the name or IP address of the machine source.
  • UserName: Display the user account name.

Mass access alert:

  • CountLimit: Display the number of access beyond which the alert will be triggered if achieved over the defined time period (alert settings).
  • DisplayAccessTypes: Display the access type.
  • DisplayAccessStatus: Display the status of the access attempt (‘Granted’ or ‘Denied’).
  • DomainName: Display the user domain name.
  • EffectiveCount: Display the number of events detected during the {EffectiveTimePeriod}.
  • EffectiveTimePeriod:  Display the time period during which the {EffectiveCount} number was counted.
  • EventTime: Display the time when the threshold has been reached.
  • LatencyPeriod: Display the time period during which the alert will be temporary disabled once triggered (alert settings).
  • TimePeriod: Display the rolling time period during which the number of access is counted (alert settings).
  • TopFolders : Display the path of the top-level folders where the mass access events have been generated.
  • UserName: Display the user account name.

E-mail alert example

An example of an e-mail triggered for a single access alert: