Please enable JavaScript to view this site.

Navigation: Working with EventSentry > Scripts

User & Managed Scripts

Scroll Prev Top Next More

Clicking on either "User (Embedded)" or "Managed" scripts will show a list of available user or managed scripts.

 

info_32

Managed Scripts are read-only, scripts cannot be added, edited or deleted. Only User (Embedded) scripts can be added, deleted or edited.

 

Adding

To create a new script, first navigate to Scripts -> User (Embedded) and then click the Add button from the ribbon. The name of the script is important, as this will be the name of the file in the launch folder. It is recommended that you specify a valid file extension (required when no interpreter is specified).

 

You can specify the script content in the Script Content text area, which supports scripts with up to 16384 characters. Scripts can either be edited in the script content field directly, pasted from the clipboard (paste button) or loaded from a file (Load button).

 

Managing

To edit an existing script, navigate to Scripts -> User (Embedded), locate the script to edit and double-click it. In the resulting dialog you can either edit the actual script directly in the Script Content text area, copy & paste the content to/from the clipboard or load/save the script to/from a file. Other properties, including the interpreter and tags can also be edited here.

 

Deleting

To delete a script, navigate to Scripts -> User (Embedded), select the script and click the Delete button in the ribbon. Keep in mind that any application schedules and/or process actions referencing the deleted script will no longer work when the script does no longer exist.

 

clip0360

 

Type, On-Demand vs Validation

All scripts, either User or Managed, can either be on-demand or validation scripts. The vast majority of managed scripts are validation.

 

On Demand: Are referenced by either an application schedule or process action.

Validation: Are referenced by one or more validation scripts packages.

 

Enabled (Validation scripts only)

Enables or disables a script. This is mostly useful to disable managed scripts that are automatically included based on their tag as part of a validation script package, but should not be executed.

 

Interpreter

An interpreter is only necessary when the file extension that is used for the file cannot be mapped to an executable by the OS. For example, if you are adding a PERL script, then you can specify perl.exe as the script interpreter.

 

Frequency

Controls how frequently the script is executed, only available for validation scripts. The frequency of on-demand scripts is either controlled by the application scheduler or by events triggering the action. Validation script will follow this schedule, even when the agent is restarted or a new configuration is received. Note: If an assigned validation script is updated and pushed to the agent, it will be executed immediately, regardless of its schedule.

 

Evaluation

Validation Script packages determine whether a script passes or fails it test based on the evaluation criteria, which can either be its ERRORLEVEL, a wildcard check or a RegEx check.

 

Errorlevel (%ERRORLEVEL%)

0: Script passed check (OK)

998: Script passed check with warning (WARNING)

999: Script is not applicable on the system and should be ignored.

 

Any other error level indicates failure.

 

Wildcard:

Applies the specified wild card pattern to the output of the script. If the pattern matches, the script will pass its check.

 

RegEx:

Applies the specified RegEx pattern to the output of the script. If the pattern matches, the script will pass its check.

 

Tags

Can be specified for both On-Demand and Validation scripts, but are generally intended to be utilized by Validation Scripts packages for assignment purposes. For example, you can assign all validation scripts tagged nist-800-53 to hosts that need to be NIST compliant. Tags associated with managed scripts cannot be removed, but additional user-defined tags can be added.