The “Execution” tab allows you to trigger a specific action when something is detected by one of your FileAudit alert rules. Create a script and allow it to run whenever the alert is triggered.
This method allows you to automatically react to an abnormal or suspicious event. For example you could execute a script to shut down the machine or logoff the user.
Select the script to be applied when the alert is triggered by selecting from the dropdown list. Once a script is selected, its settings appear below.
Add a new script
- Select « Add a new script » from the dropdown list.
- Complete the form in the popup:
- Name: Name of the script, must be unique.
- Executable: Path to your script file.
Note: Permitted executable types are .bat, .exe, or .ps1
- Working folder: (optional)
- Argument(s): Arguments for the executable file.
Note: You can use dynamic variables in this field.
Please note that the following list of dynamic variables is applicable.
- Domain: Active Directory Domain.
- Username: Account that has the permissions required.
- Password: <Enter password>
- Click on the ‘Save’ button
Edit or delete a script
- Select the script from the dropdown list you want to edit or delete.
- The script settings appear in a panel below the dropdown list. Click on the “Edit” button.
- Edit the script or click on the “Delete” button.
Please note: A tooltip will inform you if the script is used by several alerts. A link in the tooltip will allow you to see the concerned alerts. If you edit or delete the configured script, the changes will be applied to every alert using this script.