Skip to main content
Matrix42 Self-Service Help Center

Setting up EgoSecure IntellAct Automation to trigger Matrix42 Workspace Management workflows

ID: 18111401
Languages: EN, DE
Components: Matrix42 Workspace Management, EgoSecure Server
Operating system: Windows

Task

The integration of two systems - the Matrix42 Workspace Management system and the EgoSecure Server - allows to extend the administration options in your company. Via the central management tool of the EgoSecure Server - the EgoSecure Management Console - you can create IntellAct Automation tasks and then select the Trigger workflow option as an action to trigger the previously defined workflow in the Service Desk, once the conditions of an IntellAct Automation client rule are met.

Solution

1. Connecting the EgoSecure Server and the Matrix 42 Server

  1. In the Matrix42 Workspace Management, navigate to Administration | Integration | Web Services Tokens and then click Generate Api Token.

    generate_API_token.jpg
  2. In the Name field, define the token name.
  3. In the Expires on drop-down menu, select Never.
  4. In the User field, specify a user for whom this token is assigned. With the help of this key the specified user can perform only the actions permitted within his rights in the system.
  5. Click Generate API token.

    token_2_.jpg
  6. Copy the Api Token value.

    Copy the Api Token value now, as it will not be available later.

  7. Open the EgoSecure Management Console and navigate to Administration | Servers | Mail, proxy and others.
  8. Scroll down to the Matrix42 Workspace Management server settings area.
  9. In the Server field, enter the host name or web address of the Matrix42 Workspace Management server.
  10. In the Token field, paste the Api Token value created in the steps before.

    m42 workspace.png
  11. Click Save.

2. Creating and preparing workflows for EgoSecure

In this section you can find details about how to create a simple workflow that is used to get data from the EgoSecure Server and to create a task in the Service Management. You can create this simple workflow manually using the description below or you can skip this part and use the workflow with preconfigured arguments. To use the workflow with preconfigured arguments, all you need to do is to download the Service Management Security Connector from Matrix42 Marketplace (registration required) and install it on the computer with Matrix42 Workspace Management server.
For the advanced usage of workflows, see Matrix42 help files - workflows.

  1. In the Matrix42 Workflow Studio, create a blank workflow. One workflow is created for one IntellAct event.
  2. Define the workflow properties and click Save.

    workflow_properties.jpg
  3. Under Repository, search for Create task and drag it after Start.

    create_task.jpg
  4. In the View menu, click A.jpg.
    ⇒ The field for editing an argument appears on the bottom.

    argum.jpg
  5. Add all arguments for an intellAct event manually. One argument is per one string. For details, see the list of argument for each event below in the table.
    Event List of arguments
    Access rights requests
    • EventID
    • User
    • User SID
    • Computer
    • Computer GUID
    • EventData
    • Time
    • RequestedRights
    • Comments
    • Server
    Access denied (Access Control)
    • Event ID
    • DeviceClass
    • DeviceName
    • DeviceID
    • User
    • User SID
    • Computer
    • Computer GUID
    • EventDate
    • Time
    • Path
    • Process
    • Access
    • Reason
    • Server
    EgoSecure Antivirus: Threat found
    • Computer
    • Computer GUID
    • EventDate
    • Time
    • EventID
    • Reason
    • Type
    • Status
    • Server
    EgoSecure Antivirus: State changed
    • Computer
    • Computer GUID
    • EventDate
    • Time 
    • EventID
    • Status
    • Server 
    Access denied (Application Control)
    • EventID
    • Application
    • User
    • User SID
    • Computer 
    • Computer GUID
    • EventDate
    • Time
    • Reason
    • Server 
    Green IT: Suspicious activity
    • EventID
    • Computer
    • Computer GUI
    • EventDate 
    • Time
    • Event
    • Server
    EgoSecure Antivirus: Signatures are outdated
    • EventID
    • Message
    • Computer
    • Computer GUID
    • Server
  6. Add arguments to display them in a certain field of an incident, once an administrator receives it:
    1. Select the field and click edit (1).jpg.

      edit (2).jpg

      ⇒ The dialog for editing appears.
    2. Enter the text, which describes the argument and then click add_argument.jpg.

      summary (1).jpg
      ⇒ The Select Variable dialog appears. 
    3. Select the argument and click OK to close the dialog.
      ⇒ The argument appears after a user-defined text in an orange box.
    4. Click OK to close the dialog and save the changes.
       
  7. Publish the workflow:
    1. In the Release & Publish area, click Validate.
    2. In the Document area, click Check In.
    3. In the Release & Publish area, click Release and then Publish.

    publish (1).jpg
  8. As soon as workflows for all IntellAct events are created, get the workflow ID:
    1. Navigate to Administration | Services & Processes | Workflows | Manage Workflows.
    2. Select a registered workflow from the list.
    3. Click export.jpg, select the XML radio button and then click Export.
      ⇒ The XML file opens in a new tab.
    4. To find the right place in the workflow XML, search for the tag <PLSLXamlComponentType> and copy the workflow ID below.

      ID.jpg

3. Setting up IntellAct Automation rules for triggering workflows

  1. Skip this step and proceed with step 2 if you have installed the Service Management Security Connector instead of a manual workflow configuration.
    If you configured a workflow manually as described in section 2, open the EgoSecure Management Console and create the workflow under Product settings | IntellAct | Settings:
    1. In the Matrix42 workflow management area, click Add.
    2. Define the workflow name in the Name column.
    3. Paste the ID you copied in step d.
    4. Click Save.

      workflow mgmt.png
  2. Create an IntellAct rule under Product settings | IntellAct | Rules - Client. For details about creating IntellAct rules, see the EgoSecure Console Manual (sign in required), chapter "Configuring IntellAct Automation for Clients".
  3. Under Actions, set the Trigger workflow check box.
    For the current version of EgoSecure Data Protection, the Trigger workflow check box is available only for Rules - Client, in next releases, we plan to integrate this check box for the Rules - Custom area.
  4. Select a workflow from the list:
    • Select any of the workflows if you configured them manually as described in section 2.
    • EgoSecure Create Incident if you installed the Service Management Security Connector.

      intellact-create incident.jpg
       
  5. Click Save.
    ⇒Once the conditions are met, the EgoSecure Server sends all information to the Matrix server and the task is created in the Service Desk.