How to create custom components for monitoring devices and automating IT tasks
Panda Systems Management's comprehensive RMM solution for centralized and remote management, control and maintenance of corporate networks, devices and IT infrastructure allows administrators to create their own specific components for monitoring devices and automating their IT tasks. Consider the example of creating such a component.
Detailed product information and free registration of the trial version of Panda Systems Management on the site . You can also test the service in your IT environment.
How to quickly implement a solution in your IT environment can be found in our review article .
If you already have a Panda Systems Management license, click the address of the management console.
What is a component?
The component is an extension to the Panda Systems Management (PSM) platform that allows administrators to add monitoring and troubleshooting features to the PSM agent.
Depending on who develops the components, they are of the following types:
- Components developed by the administrator (or his IT team) of a company that uses Panda Systems Management as a tool for remote management, control and maintenance to solve its own specific tasks
- Components developed by Panda Security and offered free of charge to all users of the Panda Systems Management solution through the built-in component store ComStore .
Components developed by the administrator
Three types of components are possible, depending on their purpose, behavior and launch method:
β’ Applications
The components used to implement software within the corporate network. We described in more detail about such components in the article How to centrally and remotely install software on PCs and mobile devices in a company .
These are scripts that are usually executed only once or under certain circumstances. External files may be associated with them (if we are talking about components for software installation, then the distribution file of the required program for installation on the user's device can be such a file).
β’ Monitor
Monitoring policies always include a component designed to monitor user device performance. Panda Systems Management by default offers a wide range of various on-board monitors that track various aspects of device operation, such as CPU, memory or hard disk usage. However, it is possible that the administrator will need to keep track of aspects that are not supported by the default platform. In this case, you need to create your own monitor component in order to loan it to the policy.
β’ Scripts
These are small programs developed in the language of scripts and run on user devices. They can be executed once or periodically depending on the schedule settings of the task that launches them.
Below you can see a table with a brief overview of the types of components developed by the administrator:
| Component type | Where does it start | Startup frequency | Purpose |
|---|---|---|---|
| Applications | Quick job or Scheduled job | At a certain time or when creating a component or a scheduled task | Centralized implementation and installation of software. For more information, see the article How to centrally and remotely install software on PCs and mobile devices in a company. |
| Monitors (Monitors) | Site or account policy | 60 seconds (fixed interval) | Device monitoring |
| Scripts | Quick job or Scheduled job | At a certain time or when creating a component or a scheduled task | Run applications / processes developed by the administrator |
| Network monitors (Network monitors) | Device level policy | 60 seconds (fixed interval) | Monitoring devices that are not compatible with the PSM agent |
Monitors, applications and scenarios are almost identical in their internal structure. The type of the component is determined only by the way it is integrated into the Panda Systems Management console. Thus, tasks use components of the Application or Scenarios type, while monitoring policies use only components of the Montor type.
Component Development
Component development allows the administrator to create new tasks for the automated launching of the required processes on users' devices, and the components developed by him expand the already almost unlimited possibilities of the Panda Systems Management platform, allowing it to be more flexibly adapted to its own needs.
Although Panda Systems Management provides default component stores (ComStore), which extend its basic functionality, it may still be necessary to develop specific components to perform specific tasks on users' devices or enhance the monitoring capabilities implemented in the solution, for devices that are not support the installation of the PSM agent.
What are the requirements for component development?
To develop components, you need basic programming knowledge in one of the supported scripting languages:
| Tongue | Included as standard in | Manufacturer |
|---|---|---|
| Batch | All versions of Windows | Microsoft |
| Visual | Windows 98 and above Windows NT 4.0 Option Pack and above | Microsoft |
| Javascript (jscript) | Windows 98 and above Windows NT 4.0 Option Pack and above | Microsoft |
| Powershell | Windows 7 and up | Microsoft |
| Python | Mac OS X 10.3 (Panther) | Python Software Foundation |
| Ruby | - | Yukihiro matsumoto |
| Groovy | - | Pivotal & Groovy Community |
| Unix (Linux, Mac OSX) | Linux, Mac OS X | Various manufacturers |
In addition, a parser associated with the selected scripting language must be installed and running on the user's device.
* Some parsers like Python or Groovy should be installed. Thus, the operation of components created in these languages ββon computers with recently installed Windows is not guaranteed.
Before launching a component developed in a language that is not directly supported by the user's device, it is recommended to run an automatic task for remote deployment of the parser. How to do this, see the article How to centrally and remotely install software on PCs and mobile devices in a company . *
Example of creating a component of type Monitor
Description of the component being created
So let's try to create a monitor and distribute it to a specific group of devices in the company (at the site level in Panda Systems Management terminology).
The component we want to develop is designed so that quarantine can be easily and simply managed in the corporate Panda Endpoint Protection endpoint security solution. Quarantine stores suspicious files that may contain malware, as well as files that are identified as viruses. For this reason, the administrator needs to know how many objects are quarantined at any time.
Of course, Panda Endpoint Protection provides certain tools for working with centralized quarantine, but in our case we want to show something different with this example: how to easily adapt and integrate new monitors for other software products.
Below is an overview of the parameters of the developed component:
| Parameter | Description |
|---|---|
| Devices for which the component is being developed | All devices with Windows 7 as part of a site called Home |
| Selected language | Visual basic script |
| Frequency of sending information | Every 10 minutes, provided that the number of objects in quarantine has increased |
| Actions to be taken by Panda Systems Management | Send an administrator a monitoring email. Notification will be generated automatically |
As you may have noticed, there is one nuance here: the PSM agent will execute the script every 60 seconds, but at the same time, it must send information every 10 minutes.
Required Items
In order for the component developed in our example to work, it is necessary that there is a license for Panda Endpoint Protection, and the agent of this solution must be installed on the required devices. However, since the objects added to quarantine by the Panda Endpoint Protection solution are files stored in a specific folder on the device, this example can also be used in relation to another folder in the system.
Panda Endpoint Protection is an easy-to-use, complete cloud-based security solution that uses the full power of the cloud-based knowledge base. Collective Intelligence to provide maximum protection against real-time threats to computers, servers, laptops, as well as mobile devices and Exchange mail (in the Plus version) .
The component is developed in Visual Basic Script, and therefore it is necessary to install a Wscript.exe or Cscript.exe parser on the user's device. This parser comes standard in all versions of the Windows operating system.
The communication protocol between the component and the cloud
Almost all components require information from the cloud (from the central PSM server), as well as sending back to the cloud the result of their execution. Our example is no exception. All information exchange between the cloud and the component will be carried out using environment variables created on the device.
These environment variables are automatically created by the PSM agent when the component starts. However, it is quite normal for the script to manually create environment variables for sending requests to the cloud, which will be collected and added to the centralized web management console.
In our case, we need three variables.
| Variable name | Direction | Purpose |
|---|---|---|
| PCOP_PATH | Reading | The script restores the path from the cloud, where Panda Endpoint Protection stores quarantine on each user device |
| Result | Record | Send data to the cloud every 10 minutes via standard output |
| Errorlevel | Record | Script error code. If it is 0, then the cloud understands that there are no monitoring results, and therefore there is no need to collect data from the standard output. But if the value is 1, then the cloud understands that monitoring has worked, and therefore it is required to take data from the standard output (Result variable) and process it. |
The parameters required to run the component on the user's devices will be the path to the folder you want to monitor. This path can be hard coded in the source code of the script, but in our example we will use the value that the administrator entered in the web management console to add even more flexibility to the component we create.
The Errorlevel variable will inform the cloud whether it should process the script response (the Result variable) or not: if the number of files in quarantine remains the same or has decreased (until the quarantine is completely empty), Errorlevel will send the value 0 . However, if the number of files in quarantine has increased, then this variable will send the value 1 , and the corresponding information will be recorded in the standard output (the Result variable). In order for the cloud to correctly interpret the standard output and emit the contents of the component Result variable, the following format should be used:
Line 1: <- Start Result->
Line 2: Result = (variable value)
Line 3: <-Completion Result->
If Batch is selected as the script language, then it is necessary to insert the β^β symbol in front of each β<β or β>β symbol. For example, ^ <- Start Result - ^> .
Result will be the variable from which the cloud will retrieve data to complete the execution of the component. All that is written to the right of β=β is the content that the cloud will store and process.
Script source code
So, the script code has been created.
You can read it here .
How to work with the Monitor component
1. Downloading a component monitor in Panda Systems Management
In the Panda Systems Management web administration console, select the Components section in the main menu, then click New Component .
- On the first page of the component creation wizard, select the category of the Device Monitors component to add, and also specify the name of the component and its description (if necessary)
- On the second page of the add component wizard in the Sites section, select the Selected Sites value (since we want to apply this component only to a specific group of devices in the Home site), then select your Home site on the right and click the Include button.
In the Script section, select the used scripting language (in our case VBScript) and paste the script code. Also set the maximum execution time for this component, after which the PSM agent will interrupt its execution.
It is recommended to develop very lightweight components that run very quickly.
- In the Variables section, set the input and output variables. In our case, PCOP_PATH will contain the path to the quarantine folder of Panda Endpoint Protection. Result will contain the output of the script.
- After that, click the Save button, and the component will be saved and added to the component repository.
2. Implementing a monitor component through account or site level policies
If you implement the monitor as in our example, then you need to create a policy at the level of the entire account or site. In our example, we will do this at the site level.
- In the main menu, select Sites , then click on the desired site ( Home ) and on the page that opens, go to the Policies tab. Click on the New Site Policy button ...
- Specify a filter for selecting Target devices (for our example, select the pre-installed MS Win 7 filter)
- Add a monitor with the Component Monitor category.
- Select a newly created component.
Here you can also specify the severity level of the alert that Panda Systems Management should create if the monitor returns an error condition, and after what time the alert will automatically close.
- If you want the system to generate an email if new objects appear in the quarantine, set up sending the letter to the required recipient address (for example, administrator). In this case, the contents of the Result variable will be emailed to the specified address.
In the last step of the Add Monitor wizard, specify whether you want to automatically create a ticket in the referral service. More about tickets, we wrote an article . In our example, we did not configure this option, but immediately clicked the Next button.
- After adding a monitor, it will appear in the list of monitors associated with this policy.
Do not forget to click on the Save button.
After the monitor has been added, it will appear in the list of policies in the Site Policies section on the Policies tab. Do not forget that if you create a monitor at the account level, the created monitor will then appear in the Account Policies section, respectively.
- To implement the monitor, click on the button Push changes . As a result, the policy will be applied, and the monitor will be implemented and executed on the required devices.
3. Creating environment variables and starting the component every 60 seconds.
Once the monitor has been deployed on the required devices, it will fire every 60 seconds. To do this, it calls the script parser associated with it, reads the required environment variables and writes the corresponding response.
Let's go over the source code of our script and see how it is programmed in the script.
Line 24 reads the environment variable PCOP_PATH and returns an object of type FileSystemObject , which points to the quarantine folder.
Lines 25-30 in the source code verify that the environment variable is defined. If it has not been defined in the web management console, an error is returned in the Result variable, and the script execution ends with the value 1 for the Errorlevel variable (line 34).
In lines 44-51 of the source code, the number of objects in the monitored folder is recorded in the device registry. Since the script runs every 60 seconds, and we want to make comparisons every 10 minutes, then 10 entries are written to the registry with a value registered every 60 seconds.
The component runs on the user's device "atomically": the state between two successful executions of this script is not saved. If the same script must be executed several times to get the correct result, then the intermediate state should be saved on the device and read every time the component is executed.
It is recommended to use the registry to store state between two or more component executions on the device, although temporary files can also be used.
When the counter is 9 (10 entries in the Registry, 10 minutes), then the initial value will be compared with the final (line 57). If it is higher in lines 59, 60 and 61, then the difference will be sent, and the script will put the value 1 for the Errorlevel variable.
When the last cycle is completed, all records will be deleted from the Registry (lines 64-66), and the last record will be copied as the first to continue the process.
4. Sending standard output every 10 minutes and processing in the Panda Systems Management platform
If the script completes execution with a value of 0 for the Errorlevel variable, then the cloud will not take this response into account. If it ends with a value of 1 for the Errorlevel variable, then the cloud will read the standard output in the search for the value of the Result variable between the lines β<-Start Result->β and β<-End Result->β . Based on this information, the actions that were configured for this monitor will be performed.
How to use global variables
If you develop new scripts quite often, then it is likely that you will want to have common data in them, such as paths to certain folders on the user's hard disk, letters of shared disks on servers, or even common registration data to perform certain tasks.
A possible solution is to add all the data needed for each script, but in this case, if the data changes, then each developed script will need to be updated manually and again distributed to the required devices.
However, the most preferable option is to set global variables at the site or account level, which can be used directly by scripts. To do this, select in the main menu Setup -> Account settings (if you need to create global variables at the account level) or Site -> required site -> Settings (if you create at the site level), and then you can configure global settings on the page that opens in the Variables section variables that will be available from the scripts you create when they are executed on user devices.
In the case of storing sensitive data, such as user names or passwords, you can enable the mask checkbox to replace the variable value with asterisks when displayed in the Panda Systems Management web management console.
When implementing a script, the cloud will send the value of a global variable to the agent, which will create environment variables on the user's device, which in turn will be easily accessible to the scripts you create.
Creating a Script Component (Script)
And although today's example was devoted to a monitor component, we still say a few words about creating components of the Script type (script).
A script component is created in the same way as a monitor component.
In the main menu, select Components , and then click New Component .
On the Add Component page, in the Category list, select the category of the Scripts component.
- The script component settings page differs from the monitor component settings page only in the information collection section: in this case you cannot adjust output variables, but instead you can adjust the strings that will be searched in the standard output ( stdout ) or in the output errors ( stderr ) for displaying alerts in the web management console.
- To use a script component, first mark it as a favorite in the list of components by clicking on the icon with an asterisk. As a result, it will appear in the component lists when creating quick tasks and scheduled tasks.
Component editing
Components that have been imported or added from the ComStore cannot be directly modified, so to change them, you must first go to the list of components (main menu Components ) and click on the copy component button, and then on the component edit page make all the required changes.
But if a component is created by you, then you can directly make the required changes in it, simply by clicking on its name in the list of components.
So if in the Components list in the Components section, the name of the component is represented as a link, then you can directly change it, and if not, first you need to copy it, and only then make changes.
Conclusion
The capabilities of Panda Systems Management's cloud-based RMM solution are virtually limitless because, in addition to the wide range of default features offered, you can create your own components for remote and centralized monitoring of devices and automating specific IT tasks. All this allows the maximum flexibility to adapt this solution and achieve its maximum efficiency.
Do more by doing less!
')
Source: https://habr.com/ru/post/353720/
All Articles