Customizing Network Connectivity Actions

This section describes how to customize the five action types embedded in the Network Connectivity Automation PowerPack to create automation actions to meet your organization's specific requirements.

For more information about creating automation policies using custom action types, see Creating and Customizing Automation Policies.

This section covers the following topics:

Creating a Custom Action Policy with Network Connectivity Actions

You can use one of the Action Types included with the Network Connectivity Automation PowerPack to create custom actions that you can then use to build custom automation policies.

To create an action policy:

Navigate to the Action Policy Manager page (Registry > Run Book > Actions).
In the Action Policy Manager page, click the Create button.
The Action Policy Editor modal appears.

In the Action Policy Editor page, supply a value in each field.

Action Name. Specify the name for the action policy.
Action State. Specifies whether the policy can be executed by an automation policy (enabled) or cannot be executed (disabled).
Description. Allows you to enter a detailed description of the action.
Organization. Organization to associate with the action policy.
Action Type. Type of action that will be executed. Your choices are:

Run Ping
Run Traceroute
Run Nslookup
Run NMAP
Run SNMP Walk

Execution Environment. Select from the list of available Execution Environments. The default execution environment is System.
Action Run Context. Select Database or Collector as the context in which the action policy will run.
Input Parameters. A JSON structure that specifies each input parameter. Each parameter definition includes its name, data type, and whether the input is optional or required for this Custom Action Type.

Input parameters must be defined as a JSON structure, even if only one parameter is defined.

Click [Save]. If you are modifying an existing action policy, click Save As. Supply a new value in the Action Name field, and save the current action policy, including any edits, as a new policy.

Customizing Ping Actions

The Network Connectivity Automation PowerPack includes two automation actions that execute a Ping or Ping6 command. You can specify the host and the options in a JSON structure that you enter in the Input Parameters field in the Action Policy Editor modal.

The following automation actions that use the "Run Ping" action type are included in the Network Connectivity Automation PowerPack.

Action Name	Description	host	options	ipv6
Run Ping: Default Options	Runs a ping with default options	Default is %a (IP address of current device)	Default is None (empty string)	false
Run Ping6: Default Options	Runs a ping6 with default options	Default is %a (IP address of current device)	Default is None (empty string)	true

For more information about substitution variables, see Appendix A.

Custom Ping Action Parameters

The Ping actions accepts the following parameters in JSON:

Paramter	Input type	Description
host	string	The hostname or IP address to include in the ping command. You can also use the substitution variable "%a" to specify the IP address of the current device.
options	string	The options string to include in the command. Escape characters are not supported. You can include any of the options supported by the ping command-line utility in this field. If you do not include the "-c" or "-w" options in this field, the ping command will automatically include the option "-c 5", meaning that Ping will send five ECHO_REQUEST packets.
ipv6	boolean	(optional) If the ipv6 option is true, the ping6 command will be executed. If the ipv6 option is false, the ping command will be executed.

Paramter

Input type

Description

host

string

The hostname or IP address to include in the ping command. You can also use the substitution variable "%a" to specify the IP address of the current device.

options

string

The options string to include in the command. Escape characters are not supported.

You can include any of the options supported by the ping command-line utility in this field. If you do not include the "-c" or "-w" options in this field, the ping command will automatically include the option "-c 5", meaning that Ping will send five ECHO_REQUEST packets.

ipv6

boolean

(optional) If the ipv6 option is true, the ping6 command will be executed. If the ipv6 option is false, the ping command will be executed.

The pipe (|) and semi-colon (;) characters are not permitted as input to the "host" and "options" parameters.

Using Substitution Values. The host and options inputs can contain substitution values that match the keys in EM7_VALUES. For example, to run a ping against the IP address of the device that triggered the event, you can specify "%a" in the "host" parameter.

For more information about substitution variables, see Appendix A.

Custom Ping Action Examples

IPv4. If the options parameter contains either "-c" or "-w" as a sub-string, and the ipv6 parameter is false or not supplied, the ping command string is built in the following format:

ping [options input] [host input]

For example, for the following settings:

host. 192.168.1.1
options. -c 10

The equivalent ping command string would be: ping -c 10 192.168.1.1

The equivalent JSON structure would be:

{

"host": "192.168.1.1"

"options": "-c 10"

"ipv6": false

}

IPv6. If the options parameter contains either "-c" or "-w" a s sub-string and the ipv6 parameter is true, a ping command string is built in the following format:

ping6 [options input] [host input]

For example, for the following settings:

host. 192.168.1.1
options. -c 10

The equivalent ping command string would be: ping6 -c 10 192.168.1.1.

The equivalent JSON structure would be:

{

"host": "192.168.1.1"

"options": "-c 10"

"ipv6": true

}

The following figure shows a custom ping action for a fictitious company. This custom action is designed to ping IPv4 addresses 10 times without fragmenting the ICMP packets. The action will use the IP address of the current device as the IP address argument.

For a description of all options that are available in Automation Policies, see the Run Book Automation section.

Customizing Traceroute Actions

The Network Connectivity Automation PowerPack includes two automation actions that execute a traceroute command. You can specify the host and the options in a JSON structure (name:value pairs) that you enter in the Input Parameters field in the Action Policy Editor modal.

The following automation actions that use the "Run Traceroute" custom action type are included in the Network Connectivity AutomationPowerPack.

Action Name	Description	host	options	packet_length
Run Traceroute: Default Options	Runs an IPv4 traceroute with default options	Default value is %a (IP address of the current device)	Default value is None (empty string)	Default value is 0
Run IPv6 Traceroute: Default Options	Runs an IPv6 traceroute with all other options as default	Default value is %a (IP address of the current device)	Default value is -6	Default value is 0

For more information about substitution variables, see Appendix A.

Custom Traceroute Action Parameters

The custom Traceroute action type accepts the following parameters:

Paramter	Input type	Description
host	string	The hostname or IP address to include in the traceroute command. You can also use the substitution variable "%a" to specify the IP address of the current device.
options	string	The options string to include in the command. You can include any of the options supported by the traceroute command-line utility, except for "-T" and "-I", in this field.
packet_length	integer	The packet length to include in the traceroute command. To use the default packet length, use "0".

Paramter

Input type

Description

host

string

The hostname or IP address to include in the traceroute command. You can also use the substitution variable "%a" to specify the IP address of the current device.

options

string

The options string to include in the command.

You can include any of the options supported by the traceroute command-line utility, except for "-T" and "-I", in this field.

packet_length

integer

The packet length to include in the traceroute command.

To use the default packet length, use "0".

The pipe (|) and semi-colon (;) characters are not permitted as input to the "host" and "options" parameters.

Using Substitution Values. The host and options inputs can contain substitution values that match the keys in EM7_VALUES. For example, to run a traceroute against the IP address of the device that triggered the event, you can specify "%a" in the "host" parameter.

For more information about substitution variables, see Appendix A.

Custom Traceroute Action Examples

For the following settings, the equivalent traceroute command string would be: traceroute -T 192.168.1.1

host. 192.168.1.1
options. -T
packet_length. 0

The equivalent JSON structure would be:

{

"host": "192.168.1.1"

"options": "-t"

"packet_length": 0

}

For the following settings, the equivalent traceroute command string would be: traceroute 192.168.1.2 100

host. 192.168.1.2
options. An empty string
packet_length. 100

The equivalent JSON structure would be:

{

"host": "192.168.1.2"

"options": ""

"packet_length": 100

}

Customizing NSLOOKUP Actions

The Network Connectivity Automation PowerPack includes an automation action that executes an NSLOOKUP command. You can specify the host and the options in a JSON structure (name:value pairs) that you enter in the Input Parameters field in the Action Policy Editor modal

The following automation actions that use the Run Nslookup custom action type are included in the Network Connectivity Automation PowerPack.

Action Name	Description	host	options	nameserver
Run Nslookup: Default Options	Runs an nslookup with default options	Default value is %a (IP address of the current device)	Default value is None (empty string)	Default value is None (empty string)

For more information about substitution variables, see Appendix A.

Custom NSLOOKUP Action Parameters

The custom NSLOOKUP action type accepts the following parameters:

Paramter	Input type	Description
host	string	The hostname or IP address to include in the NSLOOKUP command. You can also use the substitution variable "%a" to specify the IP address of the current device.
nameserver	string	The IP address or hostname of the nameserver to include in the NSLOOKUP command
options	string	The options string to include in the command. You can include any of the options supported by the NSLOOKUP command-line utility in this field.

The pipe (|) and semi-colon (;) characters are not permitted as input parameters.

For more information about substitution variables, see Appendix A.

Custom NSLOOKUP Action Examples

For example, for the following settings, the equivalent NSLOOKUP command string would be:

nslookup -timeout=10 192.168.1.1

host. 192.168.1.1
options. -timeout=10
nameserver. An empty string

The equivalent JSON structure would be:

{

"host": "192.168.1.1"

"nameserver": ""

"options": "-timeout=10"

}

For the following settings, the equivalent NSLOOKUP command string would be:

nslookup 192.168.1.2 10.644.148.32

host. 192.168.1.2
options. An empty string
nameserver. 10.64.148.32

The equivalent JSON structure would be:

{

"host": "192.168.1.2"

"nameserver": "10.64.148.32"

"options": ""

}

Customizing NMAP Actions

The Network Connectivity Automation PowerPack includes three automation actions that execute an NMAP command. You can specify the host and the options in a JSON structure that you enter in the Input Parameters field in the Action Policy Editor modal.

The following automation actions that use the "Run NMAP" action type are included in the Network Connectivity Automation PowerPack.

Action Name	Description	host	options
Run NMAP: Common Port List	Runs an NMAP command using a list of common ports.	Default is %a (IP address of current device)	Default ports are 21, 22, 25, 53, 80, 443, 5985, and 5986.
Run IPv6 NMAP: Common Port List	Runs an IPv6 NMAP command using a list of common ports.	Default is %a (IP address of current device)	Default ports are 21, 22, 25, 53, 80, 443, 5985, and 5986.
Run NMAP: Monitored Ports	Runs an NMAP command on the ports that are currently monitored on the device.	Default is %a (IP address of current device)	Default is %_monitored_ports_%
Run IPv6 NMAP: Monitored Ports	Runs an IPv6 NMAP command on the ports that are currently monitored on the device.	Default is %a (IP address of current device)	Default is %_monitored_ports_%
Run NMAP: Single Port from Event	Runs an NMAP command on the port provided in the event sub-entity.	Default is %a (IP address of current device)	Default is %Y
Run IPv6 NMAP: Single Port from Event	Runs an IPv6 NMAP command on the port provided in the event sub-entity.	Default is %a (IP address of current device)	Default is %Y

For more information about substitution variables, see Appendix A.

Custom NMAP Action Parameters

Custom NMAP action types accept the following parameters:

Paramter	Input type	Description
host	string	The hostname or IP address to include in the NMAP command. You can use the substitution variable "%a" to specify the IP address of the current device.
options	string	The options string to include in the command. See the parameters for specific NMAP actions earlier in this section.

The pipe (|) and semi-colon (;) characters are not permitted as input to the "host" and "options" parameters.

Using Substitution Values. The host and options inputs can contain substitution values that match the keys in EM7_VALUES.

The special %_monitored_ports_% substitution variable is supported for the "Run NMAP" and "Run IPv6 NMAP" action types. This variable replaces a comma-separated list of ports from the monitoring policies aligned to the triggering device.

For more information about substitution variables, see Appendix A.

Custom NMAP Action Examples

For example, for the following settings, the equivalent NMAP command string would be:

nmap -p 22 192.168.1.1

host. 192.168.1.1
options. -p 22

The equivalent JSON structure would be:

{

"host": "192.168.1.1"

"options": "-p 22"

}

Suppose you want to scan a range of ports. In this example, we're scanning the ports from 1 to 100. For the following settings, the equivalent NMAP command string would be:

nmap -p 1-100 192.168.1.1

host. 192.168.1.1
options. -p 1-100

The equivalent JSON structure would be:

{

"host": "192.168.1.2"

"options": "-p 1-100"

}

Customizing SNMP Actions

The Network Connectivity Automation PowerPack includes an automation action type that can be used to create automation actions that run the SNMP walk command. To do this, you specify the host, OID, and SNMP credential in the Action Policy Editor modal.

Custom SNMP Walk Action Parameters

The SNMP Walk action type accepts the following parameters:

Paramter	Input type	Description
host	string	The hostname or IP address to include in the SNMP command. You can use the substitution variable "%a" to specify the IP address of the current device.
oid	string	The OID to walk. You can use substitution characters in this field.
credential_id	integer	The ID of the SNMP credential to use when running the command. The SNMP credential specifies the SNMP version, community string, timeout, and other connection parameters. If you specify "0" (zero) in this field, the SNMP Read credential setting of the device associated with the triggering event will be used.

Using Substitution Values. The host and oid inputs can contain substitution values that match the keys in EM7_VALUES.

For more information about substitution variables, see Appendix A.

Custom SNMP Action Examples

For example, settings to walk the System MIB using the IP address and SNMP Read credential of the device associated with the triggering event, the parameters would be::

host. %a
oid. .1.3.6.1.2.1.1
credential_id. ID of the SNMP credential to use when running the command.

The equivalent JSON structure would be:

{

"host": "%a"

"oid": ".1.3.6.1.2.1.1"

"credential_id": 0

}