Scripting

Systems Directorate can be customized by an administrator via its powerful scripting capabilities. Many components of the system allow you to use tools, scripts, or plugins to enhance the capabilities of the product.

Scripting is provided by integration with IronPython.NET. IronPython is a Python interpreter built on top of the .NET Framework. Script written in IronPython has almost full access to the Python standard libraries AND the entire .NET Framework libraries. This allows your script to do absolutely anything you can think of. Python is fairly easy to learn for beginners, and has lots of training available on the Internet and via books.

Places where scripting is available

  • Target rules by using condition logic written in script.
  • Data collection allows collectors to be written in script, and also provides a way for script to analyze and alter any data collected before it is stored.
  • Tools can use plugins and script to execute tasks, collect data, monitor, or do almost anything. These tools can then be used in other components of the system.
  • Monitoring can use tools to analyze a computer and use script-based conditions to compare the data against desired thresholds.
  • Message processing can use scripts and plugins on the Directorate server to filter events and act upon them.
  • Actions can run scripts on Directorate agents and servers in response to monitors or events.

Script capabilities

Systems Directorate provides many additional functions to the Python library for automating activities within the application. Some examples are:

  • Agent
    • Reading any data from an agent policy.
    • Create and send custom messages.
    • Send notifications to teams or users.
    • Retrieve and store data to the local data cache.
    • Update the policy.
    • Execute a data collection for a specific item.
  • Server
    • Read any configuration data from the database.
    • Create, retrieve, update, save, annotate, acknowledge, and delete messages.
    • Send notifications to teams or users.
    • Create, retrieve, update, close tickets.
  • Both
    • Read data from WMI, registry, delimited files, database tables, etc.

New capabilities will be added all the time!

Data accessible to scripts

Scripts cannot do much without data. Systems Directorate passes in data through a group of variables, and expects data back through a set of provided functions that the script can call. Sometimes the data can be altered directly and is read back.

Variable Name Description
data This is a Python dictionary that contains key/value pairs of information. Every component passes in this variable and it includes information like the event message, properties from the computer, monitor, elements, etc.
datarows This is a Python List of Python Dictionaries. This can be thought of as a table since it has many rows of many columns. Each row should have the same column names to be valid. This is supplied by data collection for post processing scripts. It is also provided to scripted conditions that need to check if a row matches criteria.
variables This is a Python dictionary that contains key/value pairs of all system variables assigned to the agent or server. Variables can be assigned globally, on the region, server, computer, monitor, elements, and actions.
stdin This is used by the script code in a tool. It contains the output from any executable programs, batch or powershell scripts, and plugins. The script can read this data and alter it, or return a result table of its own for data collection or monitoring.

Script inputs

Scripts return data mostly via a set of functions that are provided by Systems Directorate. Here are the types of outputs the components of the system may require.

  • Simple true/false result. This is most common and is used by scripts in conditions in monitoring and target rule processing.
  • A data row in Dictionary format. This is most common when changing the contents of an event message. It is typically done directly on the “data” variable.
  • A data table in List[Dictionary] format. This is used by tools, data collection and monitoring when gathering data to analyze.