Create an Agent Client Collector Security Incident Response command

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Define a command or command string to be executed on a machine referenced by a security incident. Commands are listed by operating system. For example, a ps command on a Windows OS retrieves the status of active Windows OS processes in the system.

    Before you begin

    Role required: sn_si.admin

    Procedure

    1. Navigate to All > Agent Client Collector SIR Integration > ACC Integration Commands.
    2. Select New.
      The ACC Integration Commands - New Record page appears.
    3. Configure the fields on the page.
      Table 1. ACC Integration Commands
      Field Description
      Name A descriptive name for the command.
      Operating System The CI's operating system supported by the Agent Client Collector.
      Command The actual command or command string to be executed.
    4. To validate that the command you are writing works, select Test Command.
      The Test Command page appears.
      Table 2. Test Command
      Field Description
      Agent The specific end-point where the command is run.
    5. Enter the specific end-point Agent where the result of the test is displayed.
      • successful If it was successful
      • large too large of an output
      • error or an Error occurred with the error message displayed to the sn_si.admin.
    6. Select Submit