Execute Program in Trap Rule Alert Action

Question

Hey guys, I'm looking for some help with the Execute Program Alert Action in a Trap Rule. I am trying to launch a powershell script when a certain condition is met but I can't work out the syntax.

I am trying the following but it is not launching:

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe D:\directory\filename.ps1 ${vbData4}

I also can't find any logs where Orion logged anything about trying the action and failing.

Any help is greatly appreciated.

adatole · Accepted Answer

It's been a while, but generally speaking you may be best off launching a simple batch file that acts as a "wrapper" for the action you want.

The reason is that the script is launching as "system" and not an actual user, so it doesn't have any environment variables set that are needed for the script to run correctly.

Wrapping it in a batch file would allow you to set those variables, and log stupid messages like "I'm starting now" and "here are the variables the script just passed me" so you can figure out where it fell down. It also let's you pre-test the action. Just writing to a log "the command I *would* be running here is _________" and also running the script with the "WhatIf" parameter.

HTH

- Leon

Execute Program in Trap Rule Alert Action

Top Replies