Agent Client Collector ACC-V - How to Launch Powershell Script on Agent through Check Definition

Paul Curwen
Giga Sage

‎01-28-2022 08:38 AM

Has anyone successfully managed to get a Check Definition to run a Powershell script on an Agent?

Our business requirement is to get a Virtual Agent Topic to use the ACC Spoke to invoke the Flow Action 'Run Agent Client Collector Check Definition'.

The challenge is how to configure the ACC Check Definition as I can see no examples that run Powershell scripts on the agents only osquery as they supplied Ruby Scripts are provided OOTB.  We can get the VA Topic to call the 'Run Agent Client Collector Definition', but I'm having issues understanding the correct syntax in the Check Definition to launch a  Powershell script on the agent. 

 

find_real_file.png

 

 

***If Correct/Helpful please take time mark as Correct/Helpful. It is much appreciated.***

Regards

Paul
Preview file
69 KB
Preview file
44 KB
Preview file
44 KB
Preview file
44 KB
0 Helpfuls
  • 2,063 Views
5 REPLIES 5

Fabian Kunzke
Kilo Sage
Kilo Sage

‎01-31-2022 02:39 AM

Hello,

I may be incorrect about this, but i am fearly certain that you cannot directly execute a powershell command through the agent client collector.

This has several reasons:
The ACC is based on the Sensu framework. It is exclusively running ruby scripts. This allows you to extend the ACC functionality, but - as you stated - only ruby based scripts.

However, the Sensu framework comes with a very active community. I found this github repository which provides windows based checks run in correlation with .ps scripts. Now, i have to admit that i did not use it personally yet, but it could help you going in the right direction.

Note: The repro does contain the .ps scripts under the "bin" folder.

Note 2: I sadly did not have the time to try this out. But sticking to the readme in the github repository should give you a good direction.

You will have to create a agent client collector plugin record for these checks similar to the "monitoring-plugin-windows" one supplied ootb. You can then create a check definition for this plugin (for the monitoring-plugin-windows one this is os.windows.metrics-system-disk-usage).

tl:dr You will need to setup a plugin containing the .ps files you want to run. Then create the check you want to call in your flow.

I know, this is just very rough guidance. Still hope this helps.

Regards

Fabian

0 Helpfuls

Paul Curwen
Giga Sage
In response to Fabian Kunzke

‎02-03-2022 07:35 AM

Thanks for the reply. I have figured out how to do this and will post my findings for others shortly
***If Correct/Helpful please take time mark as Correct/Helpful. It is much appreciated.***

Regards

Paul

Fabian Kunzke
Kilo Sage
Kilo Sage
In response to Paul Curwen

‎02-03-2022 09:30 AM

I would encourage you to write an article and post the link here. That way the solution (which i would deem a very interseting one) gets more visibility.

Regards

Fabian

0 Helpfuls

jevans74
ServiceNow Employee
ServiceNow Employee
In response to Paul Curwen

‎03-23-2022 09:49 AM

Hey Paul,  

Did you ever post your findings for this anywhere?

Thanks in advance!
Joe

0 Helpfuls