Task + Analysis combo

This page has not been liked. Updated 7/8/16, 12:43 PM by NoahSalzmanTags: None



This procedure documents the very common scenario of using a Task to run a command and then creating an Analysis to read in the results of that command. The most common scenario that a "Task + Analysis combo" is needed occurs when you need to read in the output of a command. You need the Task to execute the command and you then use the Analysis to read in and parse the results.

At a high-level process works like this:

  1. Decide what information you want to gather
  2. Figure out how to automate the generation of that data on the target platform (in a format easy to consume using Relevance)
  3. Create a Task that executes the command with an ActionScript, setup the task as a Policy
  4. Create an Analysis that reads in the output data created by the Task

Cautions about creating the Task:

  • Will the Task create load on the target system? For instance, avoid using a search function that will scan thousands of files.
  • How often do you need to run the task? If you only need a resolution of "one day" then be sure the Task only runs that often.
  • Are you over-writing the output file each time? If you are not, be careful to include a clean-up function in your ActionScript.


Example 1 -- Gather Open Ports from Mac OS X

This example shows how to run the netstat command on Mac OS X (or any Linux/Unix system), export the info to a file, and then view it in the Console with an analysis.