Action Governance Tab
The Action Governance tab displays all Actions on the Master that can be run. On the Master system, you can import new Actions into a folder on the Master System that are awaiting approval. You can then test them to make sure you want them to run. Once you complete testing, you can approve an Action, which moves the Action file from the pending area to another folder on the Master System that allows endpoint systems to download them onto their systems. All endpoint systems receive all Actions that run on their operating systems.
Actions
An action is the file that contains executables, PowerShell scripts, Python files, and more. Whatever the file contains, the concept is that you have a file that will run at some point based on some conditions.
Actions can have multiple purposes. Default actions that are provided in the product are for a single purpose. They include one script or one executable.
-
Import the action.
-
Approve the action. We have security checks along the way to ensure that the action is not malicious.
You can enable and disable actions. By default when you import an action it is enabled. When you disable it, it isn't removed from your instance, but it is removed from your endpoints.
After an action is approved, you can't revert. You can only delete at that point.
Private and Public Keys
Each Action file is signed via XML with a paired private and public key by the publisher (the person or entity who creates the Action). The public key is created when the publisher creates the private key. A publisher should only have one public/private key pair. The private key is used to create the signature against the contents of the metadata file. The signature prevents anyone from being able to edit or tamper with the Action’s files. If someone does edit the Action, it will no longer be valid and will not run.
When you then approve an Action, it verifies the signature of the Action against the public key to make sure that no modifications took place. If the Action passes the validation, it is added to a Master metadata file, where endpoint systems can verify again that no modifications took place before downloading them. Therefore, from the moment you create an Action, if an attempt is made to modify it, it will not run. This ensures that when you run an Action, you know exactly what you are running and can be sure that it was not modified in any way.
Import Actions
Import an Action with the Import icon. You can also import Actions via Kits.
Delete Actions
To delete an Action, select it in the Actions table and click the Delete icon. It will be removed entirely from the Master system. The next time the endpoint configuration updates, it will delete the Action from itself.
Approving, Enabling, and Disabling Actions
Approving an Action means that Action will move from a pending area on the Master system to an area from which endpoint systems can download it. To approve an Action, select the Action in the Actions table, mark the Approved checkbox, and click Save Changes.
Enabling an Action means that the Action will be downloaded on endpoint systems. To do so, select the Action in the Actions table, mark the Enabled checkbox, and click Save Changes.
Disabling an Action means the Action will be temporarily paused until you enable it again. While disabled, the Action remains on the Master system, but is removed from the endpoint systems. To disable an Action, select the Action in the Actions table, clear the Enabled checkbox, and click Save Changes.
You can approve all Actions at once in the table (or undo the approval of all Actions in the table) by marking or clearing the Mark/Unmark All For Approval checkbox.
You can enable or disable all Actions at once in the table by marking or clearing the Mark/Unmark All As Enabled checkbox.
On This Page