cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 8
Report Inappropriate Content
Message 1 of 7

Creating Automation on Deployment failures in ePO

I want to build on automation on deployment failures

What I would like to setup is example

- Apply tag  if on systems with repeating deployment failures (example 3x same install failure event received on the same product).

 

I have currently setup test automatic response for ENS TP module install failures (picture attached) to trigger Issues when deployment client event failures are received.

 

1.png

 

Problems this I currently have are

  •  When logging issues duplicate issues opened for each computer for every failure event.
  • Aggregation does not allow filter log when multiple events from one computer received but only distinct event/ computer that does not fit the purpose.
  • Based on the issues we cannot know if the event was received only once and installed after successfully and/or if it has been repeating failing.  This means that manual filtering and queries are required after logging the issues.

 

Part of the solution could be to assign tags based on the Automatic responses.

If I could get this to apply tag instead I could run server tasks based on that tag if the issue is later resolved. Also it would resolve the issue of duplicates as it would ignore if the tag is already applied.

 

I'm thinking I could perhaps use Automatic response with Action "Run External Command" and run PowerShell script to apply tag but no idea what that script would look like and how would I provide the Host name from the automatic response as an argument.

 

2.png

Any  ideas?

6 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Creating Automation on Deployment failures in ePO

Hi @Rika1,

Thank you for your post here! Looks like something that would need a closer look from ePO experts! Let me tag them in and request a movement of the topic to the same group!

@vivs @LKS @cdinet : Kindly please help in moving the thread and assisting the request here!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 7

Re: Creating Automation on Deployment failures in ePO

I am not sure an automatic response is your best bet, but you can test with these settings.

Trigger response if multiple events occur within 1 day and when number of distinct values for an event property is agent guid, number of distinct values = 1.  You can choose host name instead of agent guid if desired.

The response will only trigger if there are multiple events in that time frame per system, meaning more than one.

You can also group aggregated events by agent guid or host name so that if there is more than one system with the event, it will at least group them by system.

You still won't have much options as far as creating an issue, but hopefully, it would only create one if there are more than one of those events.

Otherwise, don't use a response and just run a query for that event and use a server task to tag those systems.  However, I don't see a way to have the query return results only if there is more than one event per system.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 8
Report Inappropriate Content
Message 4 of 7

Re: Creating Automation on Deployment failures in ePO

Thank you for your response. My problem is that it seems not possible to run threat event or client event query to apply tag. This is not possible if you run the query in the reports or if you schedule it in the server task. I will test your suggesstions on filtering the automatic response.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: Creating Automation on Deployment failures in ePO

Running a query should have the option to apply tag, but the options available are also dependent on the type of query you are running.  For example, a chart type query might not have option to take action of applying a tag, whereas if you use table type, you might see that option.  Test with different types of queries, as the option to apply tag via server task should certainly be there.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 8
Report Inappropriate Content
Message 6 of 7

Re: Creating Automation on Deployment failures in ePO

I have been testing it and the option is not there. If you run this with server task it will run but 0 tags will be assigned clientID.JPG

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: Creating Automation on Deployment failures in ePO

You need to have the system name returned in the query also for it to know who to apply the tag to.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community