Habitat Local Administrators group Monitor (LAGM)

Detailed descriptions and imagery explaining each tool available inside Habitat. Feel free to post feature requests under each tools forum post if you would like to see something added or changed in the tools.
User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Local Administrators group Monitor (LAGM)

Post by Cubert »

Yes, the monitors are just internal monitors in Automate that use RAWSQL to query for changes in database.

If you were to enable the monitors, go into internal monitors and copy the monitors created by plugin to a new name and the disable the monitors in the plugin it will leave you copied monitors alone.

You can then go in to monitor and modify the RAWSQL to also exclude where agent ID's = xyz or you can use other identifiers to exclude any agents you wanted.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Local Administrators group Monitor (LAGM)

Post by Cubert »

Cubert wrote: Thu Oct 15, 2020 1:50 pm Yes, the monitors are just internal monitors in Automate that use RAWSQL to query for changes in database.

If you were to enable the monitors, go into internal monitors and copy the monitors created by plugin to a new name and the disable the monitors in the plugin it will leave you copied monitors alone.

You can then go in to monitor and modify the RAWSQL to also exclude where agent ID's = xyz or you can use other identifiers to exclude any agents you wanted.
I misspoke when speaking about internal monitors. This tool does not use internal monitors but uses a set of checks done inside our automation processes. It then fires off scripts to alarm with appropriate messages ,tickets and emails.

I have found a flaw in the system where it could be possible that the administrator group scan is taking place at the same time the monitor is checking the state of activity which could lead to a false positive alarm.

We are trying something new where we moved the scans out to their own process, set for a different time segment then the monitors. We hope this will fix the issues with false alarms activity some MSPs have reported.


Sorry for the confusion about internal monitors, so many plugins doing different things we sometimes forget who's do what.. ;)

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Local Administrators group Monitor (LAGM)

Post by Cubert »

The new release should be out today and updates over night.

JvdMaat
Posts: 42
Joined: Wed Feb 21, 2018 1:31 am
6

Re: Habitat Local Administrators group Monitor (LAGM)

Post by JvdMaat »

How can I manipulate this Monitor?
We have Automate linked to CW Manage, and we do not look at tickets in Automate at all. We have Ticket Categories set, which map to CW Manage and create tickets there.
How do I set the Ticket Category on these tickets so that they create tickets in CW Manage for us?

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Local Administrators group Monitor (LAGM)

Post by Cubert »

The tickets are created inside the LAGM script inside the scripts\maintenance script folder in Automate. There is a sub function in the script that when called from script creates the ticket. You can edit this function changing the values where it creates and modifies the ticket.



Capture.PNG
Capture.PNG (21.76 KiB) Viewed 7763 times

JvdMaat
Posts: 42
Joined: Wed Feb 21, 2018 1:31 am
6

Re: Habitat Local Administrators group Monitor (LAGM)

Post by JvdMaat »

Is there a way to rethink this and have tickets/alerts created from an actual monitor?
We use CW Manage PSA integration, and use CWM for our ticketing.
But not all CWA tickets go to CWM. We do it based on the Ticket Category. And we've found we were unable to set the Category on a script-created ticket (If you adjust the category after ticket creation, that does not affect the CW Manage plugin. So the ticket has to be created with the correct category). So these LAGM tickets live in Automate only where we won't see them.

Having this be on an internal monitor (with a SQL query against the LAGM Habitat table maybe?) would allow us to set this to an alert template and ticket category that will send it to our ticketing system.

(It would require a bit of retooling, as the autorestore is built into the ticketing/alerting. So you'd potentially lose the ticket when you have autorestore enabled. (Or just get the CWA ticket/alert)

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Local Administrators group Monitor (LAGM)

Post by Cubert »

Let me have a look to see if we can add in a option.

Post Reply

Return to “Habitat Documentation Forum”