Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dima_M
Employee
Employee

Automate your everyday tasks with SmartTasks

In R80.40 we introduced SmartTasks, a powerful feature that further expands the openness and extensibility approach.

SmartTasks saves admins valuable time by automating routine tasks with pre-defined or customizable actions. A SmartTask is a combination of trigger and action.

Triggers are events – currently defined in terms of existing management operations, such as install policy or publish

Actions are automatic responses that take place after a trigger is fired, such as running a script, posting a web request.

Below you can find some of the SmartTasks we created. To start using them, just import the SmartTask into your R80.40 Security Management Server.

You're  very welcome to check out the scripts, modify and create your own SmartTasks.

 

SmartTask - Validate Session Name Format

SmartTask - Custom Permissions 

SmartTask - Restrict use of specific objects in Access Control Policy 

4 Replies
Harmesh_Yadav
Collaborator

Dear Team ,

can we do schedule for policy installation ?

Harmesh Yadav
0 Kudos
Ivo_Hrbacek
Contributor

Hi there,

I have a question, having smart task to check if IDA Access role objects have been modified/created.. If yes, policy to dedicated PDP gateways is pushed. Smart task trigger is after publish with bash script below.

#!/bin/bash
@ihr@actinet.cz

trigger_json=`echo $1 | base64 --decode -i`


session_objcets=`echo $trigger_json | jq '.operations | (."added-objects"[] | {"name":.name , "type":.type}) , (."deleted-objects"[] | {"name":.name, "type":.type}), (."modified-objects"[] | {"name":."new-object".name, "type":."new-object".type})' | jq -s .`

session_objects_details=`echo $session_objcets | jq '.[] | {"name":.name, "type":.type, "valid_type": ( [.type]-["access-role"]| length == 0)}' | jq -s .`
number_of_objects_changed=`echo $session_objects_details | jq '.[] | select(."valid_type" == true)' | jq -s '. | length'`
list_of_objects_changed=`echo $session_objects_details | jq '.[] | select(."valid_type" == true)' | jq -s -c '[.[] | .name]' | tr -d [ | tr -d ]`

if [ $number_of_objects_changed -gt 0 ]; then
mgmt_cli -r true install-policy policy-package "AXXXX" access true threat-prevention false targets.1 "XXX" targets.2 "YYY" --format json > /dev/null 2>&1
m1="IDA objects changed, PDP policy was installed on IAP gateways"
m2="The following objects were modified : $list_of_objects_changed"
m2=${m2//\"/\\\"}
printf '{"result":"success","message":"%s %s"}\n' "$m1" "$m2"
exit 0

else
m1="No IDA objects changed, I wont install PDP policy"
printf '{"result":"success","message":"%s"}\n' "$m1"
exit 0

fi

This works fine if you do just few changes in GUI..

 

There is an issue when there are many changes like updating cluster objects with 250 interfaces - get interfaces with topology, basically huge publish changes via GUI.. smart task will crash after 300 sec (max running time) with no output.

I tested also something like this, just to get all data before sorting, same it did not produced any output at all:

#!/bin/bash

trigger_json=`echo $1 | base64 --decode -i`

printf "trigger_json"

 

So my question is, did someone tested to run smart task (after publish trigger) when there are more changes published, specially if you modify cluster object as I described? Or is there other way how to get operations data after publish?

thx!

ivo

0 Kudos
Dima_M
Employee
Employee

Hi Ivo, thanks for reporting.  We're looking into this issue now in order to offer a solution.

0 Kudos
Ivo_Hrbacek
Contributor

thx

0 Kudos