The engineer who wanted to detect specific DoS attack (WAN link overload) with EEM applet asked for something more in his original question: he wanted to receive a SNMP trap on the NMS when the DoS attack is detected. Implementing this requirement with an EEM applet is simple; you just need to add the trap keyword to the event manager applet configuration command.
EEM-SNMP integration is described in the Embedded Event Manager (EEM) workshop. You can attend an online version of the workshop; we can also organize a dedicated event for your networking team.
The SNMP trap contains the trap OID set to cEventMgrMIB.0.1. The .1 suffix indicates the trap was sent by the EEM server not by applet/Tcl policy code. The rest of the trap data is a copy of an EEM history event table object. One of the fields (ceemHistoryEventType1) contains an index into the event description table, another field (ceemHistoryPolicyName) the name of the EEM applet that triggered the trap.