Documentation forSecurity Event Manager

Use the Append Text to File active response in SEM

Use the Append Text To File active response to append static or dynamic text to a flat text file on your network. This action is useful for keeping a running list of deployed SEM Agents or tracking certain types of activity across several users and computers. You can automate this response with a SEM rule, or execute it manually from the Respond menu in the SEM console.

Requirements

To use this active response, ensure that the file you want to append already exists. Follow these guidelines when creating the file:

  • Use a .txt file, or a similar flat-text file format.

  • Avoid using spaces in the file path or name.

  • Note the complete file path and name, because you will need it to configure the active response.

Configure the Append Text to File active response and Windows active response connectors on each SEM Agent on which you want to be able to use this active response.

Configure the Append Text to File Active Response connector on a SEM Agent

  1. In the SEM Events Console, click the Nodes tab.
  2. Select your agent node, and then click Manage node connectors.
  3. In the search box, enter append.
  4. Select the Append Text to File Active Response connector, and then click Add Connector.
  5. Enter a new name, or keep the default.
  6. From the How to append drop-down list, select Newline to append the text to a new line, or No Newline.
  7. Specify a Maximum file size, or accept the default, and then click Add.
  8. Under Configured connectors, select your connector, and then click Start.

Configure the Append Text to File action in a rule

  1. In the SEM Events Console, click the Rules tab.
  2. Select an existing rule that triggers on a specific event, click Edit, and then click Next.
  3. Under Actions, click Add new action.
  4. Select Append Text to File, and then click Next.
  5. Under Define action, begin typing to locate the event defined in your rule definition.
  6. Fill in the directory structure in the File Path, indicating the name of the file.
  7. The Text field will contain the text that you are inserting into the file. If using plain text, select String from the drop-down list.
  8. Click Add, and then click Save.