Skip to main content
Version: 5.0

EDR Task Integration

Integration of BI.ZONE EDR tasks with the Incident Manager is performed by the utility add_task_actions.py. The utility is provided in the smart_edr_ko_maker package, located in the bin directory, and automates the processes of:

  1. Creating active actions in Smart Monitor for BI.ZONE EDR tasks
  2. Generating a ready deployment package
  3. Preparing the environment for executing EDR tasks as active actions

Installation Sequence

1. Generating the Directory of Available Tasks

  1. Log in to the Smart Monitor Web interface
  2. Go to the task list: Navigation Menu - Job Scheduler - Jobs List
  3. Select the task Directory: Tasks: Task example
  4. Copy the query and execute it to generate an up-to-date task list: Query example

2. Creating a BI.ZONE EDR API Token

  1. Go to the section My Profile - API Tokens
  2. Create an API token and copy it for further use in the add_task_actions.py utility

3. Running the add_task_actions.py Utility

  1. In the smart_edr_ko_maker builder, navigate to the bin directory
  2. Run the utility add_task_actions.py

Execution Parameters

Mandatory parameters:

ParameterDescription
--sm_hostSmart Monitor host (one of the cluster nodes)
--sm_userSmart Monitor user
--sm_passwordSmart Monitor password
--bizone_edr_hostBI.ZONE EDR host
--bizone_edr_tokenBI.ZONE EDR API token

Optional parameters:

ParameterDefaultDescription
--sm_port9200Smart Monitor port
--bizone_edr_port9993BI.ZONE EDR port

Full Execution Example

python add_task_actions.py \
  --sm_host open-search-host-1.my_company.ru \
  --sm_user admin \
  --sm_password securepass \
  --bizone_edr_host bi-zone-edr.my_company.ru \
  --bizone_edr_token api_token_123 \
  --sm_port 9200 \
  --bizone_edr_port 9993

4. Installing Active Actions

After executing add_task_actions.py, a build directory is created:

  1. smart_edr_actions.tar.gz - archive containing:
    • executable scripts (run_job_handler.py, run_task.py)
    • configuration files
    • Python dependencies
  2. add_actions.sh - installation script
  3. Transfer the contents of build to the Smart Monitor Web server
  4. Transfer the active actions:
warning

Executing the commands will restart Smart Monitor Web.

chmod +x add_actions.sh
./add_actions.sh
systemctl restart opensearch-dashboards

5. Environment Preparation

EDR tasks are executed on the Smart Monitor Web server. To launch active actions from the Smart Monitor interface, the following is required:

  1. Install Python 3.7+ on all Smart Monitor Web
  2. Make the installed python interpreter system-wide
  3. Install libraries required for active actions: 
    cd /app/opensearch-dashboards/config/actions
    pip install -r requirements.txt

Verifying Configuration Application

In the Active Actions section (Main Menu - System Parameters - Module Settings - Incident Manager - Active Actions), EDR tasks with the required set of parameters are displayed:

Example