You can use SecurityCoach information placeholders to populate specific information in your SecurityTip notifications. These placeholders pull information from the triggered detection rule that initiates the SecurityTip. For general information about placeholders, see our Placeholders Guide.
For information about each of the SecurityCoach information placeholders, see the table below:
| Placeholder Name | Placeholder Drop-Down Menu Option | Information Populated |
| [[log_type]] | Log Type |
This placeholder populates the vendor’s security type. For more information, see our Vendor Security Types article. |
| [[vendor]] | Vendor | This placeholder populates the vendor’s name. |
| [[rule]] | Detection Rule | This placeholder populates the detection rule’s name. |
| [[category]] | Rule Category |
This placeholder populates the threat category of the detection rule. For example, the category may be malware or online safety. |
| [[detection_datetime]] | Detection Time | This placeholder populates the date and time that the rule detection occurred. |
| [[detection_category]] | Detection Category | This placeholder populates the threat category of the detected vendor event. |
| [[detection_severity]] | Detection Severity |
This placeholder populates the threat severity of the rule detection. Threat severities include low, medium, high, and critical. |
| [[event_file_name]] | Event File Name |
This placeholder populates the name of the file that triggered the detection rule. |
| [[domain_visited]] | Domain Visited |
This placeholder populates the domain that triggered the detection rule. |
| [[email_subject]] | Email Subject |
This placeholder populates the subject of the email that triggered the detection rule. |
| [[callback_phishing_phone_number]] | Callback Phone Number |
This placeholder populates the callback phishing phone number that the user contacted to trigger the detection rule. |