0
1.1.5
Yokohama, Xanadu, Washington DC, Vancouver
ACC spoke provides a framework to write customized workflows or automations to execute on Agents (ACC) or Configuration Items (CI).
ServiceNow's approach to workflow removes bottlenecks and integrates processes and activities between people and systems. Simplified with automated workflows using a drag and drop interface of Flow Designer (IntegrationHub) - ACC spoke provides a way for you to automate monitoring and managing compliance, security, or applications of endpoints. With ACC spoke workflows, you will improve business outcomes by making work more efficient.
These actions are available as part of ACC spoke and can be triggered based on incidents or alerts, or scheduled or API call.
- Get Running Process – Gets all running processes on the host system.
- Get Running Services – Gets all running services and relevant data on the host system.
- Get Network Statistics – Gets all Detailed information and stats of network interfaces.
- Get System Details – Gets System Information for Identification.
- Get Logged on Users – Gets all logged on users on the host system.
- Get Agent Status – Gets the Agents Status – Up, Down, and more.
- Run Osquery on Agent - Run an Osquery on the Agent - more info here.
- Run Command on Agent - Run a command on the Agent.
- Restart Agent - Restart the agent based on Agent Status.
- Install Agent on Linux - Installs the agent on Linux.
- Install Agent on Windows - Installs the agent on Windows.
And bundled sample flows:
- SigHealth CyberAttack Detection Flow: SigHealth CyberAttack most serious breach of public data to date, saw a total of 1.5 million patient records accessed and 160,000 records of outpatient dispensed medicine taken. This flow will identify the tactics and techniques used by adversaries in that attack. This covers MITRE ATT&CK: T1173,T1086,T1204,T1183, T1192, T1193 and more". More information about the Sighealth attack can be found here. This flow puts MITRE attack to action.
- Managing Compliance for Remote Workers: Wanted to run through some examples of how ACC Spoke can be used to automate the monitoring of your fleets hygiene and notify users directly to remedy issues, taking the pressure off your IT teams:
- Is disk encryption turned on?
- Is the firewall enabled?
- Are updates enabled and being kept up-to-date?
- Fixed for ACCUtils "Error: ACC Agent_xxx is down, Restart the agent.", if there are multiple records for an Agent
Required license:
Plugin Dependencies: Agent Client Collector Framework is dependent on the Mid Web Server, Configuration Management For Scoped Apps (CMDB), and Agent Client Collector Global Utilities plugins