4 Replies Latest reply: Mar 31, 2014 12:28 PM by msitko RSS

    Run a script


      I would really like to utilize the "run a script" functionality within the RTTA to populate information in our event tracker.  I can't seem to find any documentation on how this works though.  The built-in help doesn't say anything about what kind of script is expected, where the script is run, how variables are accessed, etc.


      I tried a really simple hello world VBS script, but it gives an error message, I also tried a javascript hello world, to no avail either.

        • 1. Re: Run a script

          I'm attempting to write a KB article on this, however I'm running into the same issue you are with it erroring every time, so I haven't been able to test much yet.


          It's my understanding that it works similar to the Windows command prompt.  You can call other programs, echo into text files, etc and use the variables provided to pass more information to the script.  I'll have more information when I can see what's causing the errors.

          • 2. Re: Run a script

            I was able to get this to work:


            print "test";

            2-6-2014 4-20-00 PM.png

            that would match javascript and php at the least, but its pretty generic syntax. 


            Variables don't work either:


            var myvar = "test";

            print myvar;


            $myvar = "test";

            print $myvar;



            Also can't redirect anything to stdout, adding " >> somefile.txt" causes the error again.


            I opened a ticket with platinum support, will see what they say.

            • 3. Re: Run a script

              It looks like you can call programs, such as batch files.  For example, I created this batch file in E:\temp\test.bat:


              echo %1 %2 > out.txt


              I then made this script in the RTTA:


              E:\temp\test.bat $ALERT_ID$ $ATTACK_ID$


              Running that script created an out.txt file on my desktop, containing the alert and attack ID for the alert I ran the script off of.



              The fact that print worked lead me to believe it was a scripting language as well, until I realized that print is a function in the command line, to print files.  At least with the ability to call a batch file (or other script, I assume) you can write whatever you want with whatever input you need.

              • 4. Re: Run a script

                To circle back on this in case anyone else has this issue, it's been resolved in a hotfix, which will be available by contacting support