Description
This article describes how to create remediation scripts for a device in the case of a incident.
Here are the steps to complete:
1. Create login/device association2. Create Rule from Event3. Create Remediation script4. Create Incident Policy containing Rule + Remediation script
Solution
Here is a step by step guide.1. Create login/device associationCreate a SSH credential for the device (Enable SNMP on the device)1.1 Go to Admin > Credentials1.2 Click ADD and Create a SSH account1.3. Associate the device (IP) to new account created1.4 Once associate, test the login connectivity.1.5. Now Login is associated to the device, create rules from the Event.
2. Create Rule from Event
2.1 Go to Analytics > Real-time search or Historical search2.2 Fill out the Filter Criteria for the device2.3 Once done, create a rule2.4 Fill out Pattern Conditions, Notification Frequency etc…2.5 Edit Actions (This will generate Incident view)
2.6 Create a script to associate to the device.
3. Create Remediation script.
3.1 Clone existing Script3.2 Edit the script
3.3 Example of script /root/test
#!/bin/bashsudo reboot
3.4 Alternatively replace the line by command directly like:cmd = ("check_ssh --host %s --port 22 --timeout 30 --user %s --passwd '%s' --cmd 'sudo reboot'") % (3.5 Create the incident notification.4. Create Incident Policy containing Rule + Remediation script
4.1 Create a notification
4.2 Select the script and enforce to the device IP it needs to be associated with.
4.3 Additionally email notification can be added when a event is triggered.
