I’m curious how many people use automated actions on prem? I found that I couldn’t modify or create new automated actions a while back and it’s really set our program back. I’m trying to discern whether this feature really isn’t broadly used or if it’s just that no one noticed?
These actions are an important part of how we keep up with a dynamic environment with students, faculty, researchers, etc. that are constantly on the move between buildings, parts of the city, or for that matter between countries especially through the use of DHCP action triggers. https://www.rapid7.com/blog/post/2019/02/11/automation-in-action-how-carnegie-mellon-university-combats-vulnerabilities-using-nexpose/
My case from September just states it impacts everyone and is in an engineering backlog? I don’t believe these features are API accessible from what I can find. Has anyone found a workaround for creating
or updating actions?
I’m pretty sure that page is more or less legacy and will eventually go away with the move to cloud native InsightVM. From what i understand, more work has been focused on Automation instead of the Automated actions. I think another reason for it being in dev backlog is the low priority of it with like I said, it eventually going away in the future.
I know this doesn’t specifically help you and your use case which is unfortunate.
However, if you have the insight Agents on all of these machines that should at least help with the majority of those issues. Out of curiosity, what action are you trying to kick off? Are you looking for automatic vuln scan on any new box when assigned a new IP through DHCP?
The longer story is in the third link but the answers come down to.
The chances that I’m going to get agents installed on a random NVidia Jetson controlling a bot that’s roaming the halls, an elevator control panel, or a random student laptop is slim to none. The same goes for a LOT of the issues that we scan for.
The most common actions that I make use of from DHCP triggers are adding systems to sites if they haven’t been seen before, scanning a device that we haven’t seen before, and enforcing a scan for anything that we see that hasn’t been scanned within a specified time frame based on the type of device. This capability has become a cornerstone of how we operate.
I have other Cases for why our cloud integration doesn’t work that haven’t gone anywhere and issues with the licensing changes imposed by insightVM that limits migration. All in all, in a not so great place as a customer.
This affects my organization as well and I opened a case with R7 back at the end of August and the case status is still Engineering Backlog. We also use the Automated Actions to help us identify when assets have their IP address change based on them moving around the organization. I hope it is something they will fix because we use it to help cover a regulatory requirement.