Is there an Active Response tool/connector available for Linux and if so where would I find it?
Thanks in advance for any help here!
Hello... somebody... anybody?
Would really love to see a response over here?
Sorry for the late reply.
There isn't an active response connector for Linux since most of our active responses are either Windows- or firewall-based. Is there something specific you'd like to do on your Linux agents as an active response? That is, are you looking for user-based actions (e.g. log user off, disable an account), machine-based actions (shutdown computer), or something else?
Thanks in advance for the additional info.
Phil
Well, I would like to see all of that. Additionally, (and this is likely a feature request for all system active response) I would like to see the ability to execute a script/program on the system.
Byron - can you post that in the feature request space?
I am all over it, I posted it as a feature request in the space for LEM as well as two other feature requests.
Thanks for putting up the feature request. This one has been in our backlog for a while to add in and be more consistent across platforms, so the visibility is really useful.
FYI: The only AR you can use on Linux is the "append to text file" which is universal. FWIW, some people have used this to drop in items that are automatically used by a cron job, like an IPtables blacklist or a restart command.
