Documentation forSolarWinds Platform Self-Hosted

Approve alert actions executing a script

New alert actions that require executing an external program or VB script require an approval by a system administrator.

  • On upgrades to 2023.2 all existing execute an external program/VB script actions are automatically approved.
  • On fresh installs, all out-of-the box execute an external program/VB script actions are automatically approved.

Running external programs or scripts can pose remote code execution risks if not properly configured or maintained. See Risks of using external scripts in the SolarWinds Platform.

Approve an alert action executing a script in the Database Manager

When a user creates a new alert action that requires executing a script, the user must contact a SolarWinds Platform administrator. The administrator must complete the following steps to approve the action. Without the approval, the action will not execute.

  1. Log in to the server hosting your SolarWinds Platform and open the Database Manager.

  2. In the Database Manager, click Action Approval.

  3. Click Enable table editing and review the list of actions.

  4. Review the script in the ActionPath column and if you consider it secure, select the box in the Approved column.

See alert actions that need approval

  1. In the SolarWinds Platform Web Console, click Alerts & Activity > Alerts, and click Manage Alerts in the upper right corner.

  2. On Manage Alerts, click the Action Manager tag.

  3. Use filters in the Group By drop-down to see alerts that need approval or that have already been approved.

Risks of using external scripts in the SolarWinds Platform

Privilege abuse

Running scripts or programs with elevated privileges can lead to remote code execution if an attacker modifies the script or its execution path.

Impact: An attacker could gain administrator-level access, create new users, access sensitive data, or attack other machines on the network.

Mitigation: Restrict script execution to trusted users and monitor changes to script files.

Script path manipulation

If a script path is defined using a variable and not as an absolute path, such as %MY_SCRIPT_DIR%\script.bat, changes to the variable can redirect execution to a different, potentially malicious script.

Impact: You may unknowingly run an untrusted script.

Mitigation: Use absolute paths when defining script locations.

Mutable script files

Scripts defined in actions such as Execute external script or Execute external program can be modified after approval.

Scenario: An administrator approves a script path. Later, a user with write access changes the script content, potentially introducing malicious behavior.

Impact: Legitimate scripts can be turned into malicious attacks. These changes are difficult to detect.

Mitigation: Use version control or file integrity monitoring. Limit write access to approved users only.

ACL misconfiguration

Access control lists (ACLs) determine who can read or modify script files. Misconfigured ACLs may allow unauthorized users to alter scripts.

Impact: Malicious modifications can occur without detection.

Mitigation: Apply strict ACLs to script folders or individual files. Use “deny all” by default and explicitly allow access only to trusted users.