Skip to main content
Matrix42 Self-Service Help Center

IntellAct Automation: Setting up EgoSecure IntellAct Automation to trigger Matrix42 Workspace Management workflows

ID: 18111401
Languages: EN, DE
Components: Matrix42 Workspace Management, EgoSecure Server
Operating system: Windows

Task

The integration of two systems - the Matrix42 Workspace Management system and the EgoSecure Server - allows to extend the administration options in your company. Via the central management tool of the EgoSecure Server - the EgoSecure Management Console - you can create IntellAct Automation tasks and then select the Trigger workflow option as an action to trigger the previously defined workflow in the Service Desk, once the conditions of an IntellAct Automation client rule are met.

Solution

1. Connecting the EgoSecure Server and the Matrix 42 Server

  1. In the Matrix42 Workspace Management, navigate to Administration | Integration | Web Services Tokens and then click Generate Api Token.

    generate_API_token.jpg
  2. In the Name field, define the token name.
  3. In the Expires on drop-down menu, select Never.
  4. In the User field, specify a user for whom this token is assigned. With the help of this key the specified user can perform only the actions permitted within his rights in the system.
  5. Click Generate API token.

    token_2_.jpg
  6. Copy the Api Token value.

    Copy the Api Token value now, as it will not be available later.

  7. Open the EgoSecure Management Console and navigate to Administration | Server management | Mail, proxy and others.
  8. Scroll down to the Matrix42 Workspace Management server settings area.
  9. In the Server field, paste the Api Token value created in the steps before.
  10. Click Save.

    administration.png

2. Creating and preparing workflows for EgoSecure

  1. In the Matrix42 Workflow Studio, create a blank workflow. One workflow is created for one IntellAct event.
  2. Define the workflow properties and click Save.

    workflow_properties.jpg
  3. Under Repository, search for Create task and drag it after Start.

    create_task.jpg
  4. In the View menu, click A.jpg.
    ⇒ The field for editing an argument appears on the bottom.

    argum.jpg
  5. Add all arguments for an intellAct event manually. One argument is per one string. For details, see the list of argument for each event below in the table.
    Event List of arguments
    Access rights requests
    • EventID
    • User
    • User SID
    • Computer
    • Computer GUID
    • EventData
    • Time
    • RequestedRights
    • Comments
    • Server
    Access denied (files)
    • Event ID
    • DeviceClass
    • DeviceName
    • DeviceID
    • User
    • User SID
    • Computer
    • Computer GUID
    • EventDate
    • Time
    • Path
    • Process
    • Access
    • Reason
    • Server
    Break-in attempt Not available, will be added in next versions.
    AV: Threat found
    • Computer
    • Computer GUID
    • EventDate
    • Time
    • EventID
    • Reason
    • Type
    • Status
    • Server
    AV: State changed
    • Computer
    • Computer GUID
    • EventDate
    • Time 
    • EventID
    • Status
    • Server 
    Access denied (application)
    • EventID
    • Application
    • User
    • User SID
    • Computer 
    • Computer GUID
    • EventDate
    • Time
    • Reason
    • Server 
    Suspicious activity
    • EventID
    • Computer
    • Computer GUI
    • EventDate 
    • Time
    • Event
    • Server
    AV: Signatures are outdated
    • EventID
    • Message
    • Computer
    • Computer GUID
    • Server
    Avira: Threat found Not available, will be added in next versions.
    Avira: State changed Not available, will be added in next versions.
  6. Add arguments to display them in a certain field of an incident, once an administrator receives it:
    1. Select the field and click edit (1).jpg.

      edit (2).jpg

      ⇒ The dialog for editing appears.
    2. Enter the text, which describes the argument and then click add_argument.jpg.

      summary (1).jpg
      ⇒ The Select Variable dialog appears. 
    3. Select the argument and click OK to close the dialog.
      ⇒ The argument appears after a user-defined text in an orange box.
    4. Click OK to close the dialog and save the changes.
       
  7. Publish the workflow:
    1. In the Release & Publish area, click Validate.
    2. In the Document area, click Check In.
    3. In the Release & Publish area, click Release and then Publish.

    publish (1).jpg
  8. As soon as workflows for all IntellAct events are created, get the workflow ID:
    1. Navigate to Administration | Services & Processes | Workflows | Manage Workflows.
    2. Select a registered workflow from the list. For details about creating and managing workflows, see Matrix42 help files - workflows.
    3. Click export.jpg, select the XML radio button and then click Export.
      ⇒ The XML file opens in a new tab.
    4. To find the right place in the workflow XML, search for the tag <PLSLXamlComponentType> and copy the workflow ID below.

      ID.jpg

3. Setting up IntellAct Automation rules for triggering workflows

  1. In the EgoSecure Management Console, create a workflow under Product settings | IntellAct Automation | Settings:
    1. In the Matrix42 workflow management area, click Add.
    2. Define the workflow name in the Name column.
    3. Paste the ID you copied in step d.
    4. Click Save.

      workflow (1).jpg
  2. Create an IntellAct rule under Product settings | IntellAct Automation | Rules - Client. For details about creating IntellAct rules, see the EgoSecure Console Manual (sign in required), chapter "Configuring IntellAct Automation for computers".
  3. Under Actions, set the Trigger workflow check box and select the workflows from the list. For the current version of EgoSecure Data Protection, the Trigger workflow check box is available only for Rules - Client, in next releases, we plan to integrate this check box for the Rules - Custom area.

    trigger_workflow.jpg
  4. Click Save.
    ⇒Once the conditions are met, the EgoSecure Server sends all information to the Matrix server and all information appears in the Service Desk under Incidents.