Mail Message tab
The content of the e-mail message can be personalized via the ‘Mail message' tab. The dynamic variables are enclosed in square brackets { }. The message is different regarding the type of alert: single or mass.
Definitions of dynamic variables
Single access alert:
- AccessMask: Display the requested access rights.
- AccessTime: Display the time of the access attempt.
- DisplayAccessType: Display the access types.
- DisplayStatus: Display the status of the access attempt (‘Granted’ or ‘Denied’).
- DomainName: Display the user domain name.
- FileName: Display the full path of the file accessed.
- Logon Id: Display the user login.
- Process: Display the process(s) used to access the file. This information is available only if the access is done locally on the audited system.
- RecNumber: Microsoft Security log record number. Only display/use for technical support purposes.
- ServerName: Display the server name hosting the file in question.
- ShortFileName: Display the name of the file.
- Source: Display the name or IP address of the machine source.
- UserName: Display the user account name.
Mass access alert:
- CountLimit: Display the number of access beyond which the alert will be triggered if achieved over the defined time period (alert settings).
- DisplayAccessTypes: Display the access type.
- DisplayAccessStatus: Display the status of the access attempt (‘Granted’ or ‘Denied’).
- DomainName: Display the user domain name.
- EffectiveCount: Display the number of events detected during the {EffectiveTimePeriod}.
- EffectiveTimePeriod: Display the time period during which the {EffectiveCount} number was counted.
- EventTime: Display the time when the threshold has been reached.
- LatencyPeriod: Display the time period during which the alert will be temporary disabled once triggered (alert settings).
- TimePeriod: Display the rolling time period during which the number of access is counted (alert settings).
- TopFolders : Display the path of the top-level folders where the mass access events have been generated.
- UserName: Display the user account name.
E-mail alert example
An example of an e-mail triggered for a single access alert: