Action Group

Description

Action Groups are an automation feature that can be assigned to a monitoring check. They fire when that check generates an alarm.

Typically, action groups are used to determine who receives alert notifications when Netreo detects a problem. They also provide a way to tell Netreo what actions it should take automatically (if any) in response to that problem.

Details

Action groups are assigned to the Netreo checks monitoring your devices and applications. When a check fails and an incident is created, any action groups assigned to the failing check tell the incident who should be alerted, when, and how—as well as what actions Netreo should take. Non-alert actions that Netreo can be instructed to take include such things as rebooting a device or restarting a service or server, generating a service ticket using an external alerting API such as ServiceNow or OpsGenie, or broadcasting a message across your network using an SNMP trap.

The structure of action groups is somewhat complex, given their purpose. Action groups consist of three basic components:

1. The action group itself.
2. One or more actions that are contained within that action group.
3. One or more methods that are contained within each action.

Basically, action groups are groups of actions. And, actions are groups of methods.

Components

Action Group

An action group is essentially a container for actions.

You may add any number of action groups to a check or to the host alert contact list of a device.

An action group has three attributes that give it functionality within Netreo.

• It is assignable to any Netreo monitoring check. An action group may also be chosen as a host alert contact for a device.
• It has a name. Action groups are chosen by their name, so each action group must be given a unique name.
• It has a configurable access level. In addition to being used automatically by incidents, action groups may also send alerts and perform actions when used manually by a user. The access level determines what users may use an action group manually.

Action groups that have their access level set to any option other than None will allow any user with the corresponding or higher access level to run the action group from within an incident that is using it. Setting the access level to None prevents the action group from being used manually under any circumstances.

Create an Action Group

Follow the steps below to create a new action group in Netreo that may then be assigned to a monitoring check.

1. Log in to Netreo as a user with the SuperAdmin access level.
2. Go to the main menu and select Administration > Alerts > Actions to open the Actions Administration page.
3. Select Add a Group.
   1. Enter a name for your new action group.
   2. Choose a manual use access level.
   3. Select Add Group.
4. When you are prompted to add an action to the new group.
   1. Enter a name for the new action.
   2. Select Add Action.
5. When you are prompted to add a method to the new action.
   1. Choose the method type.
   2. Configure the method as necessary.
      • The payloads for SNMP traps, webhooks, PowerShell, and SSH must not exceed 1,020 characters in length.
   3. Choose a time frame for the notify hours (the time during which the method will be allowed to execute).
   4. Select Add Method.
6. You are returned to the Actions Administration page.

Modify an Action Group

Once created, you may then:

• Upload the action group to a cloud library
• Add an action to the action group
• Edit the action group
• Delete the action group

by selecting the appropriate icon at the top right of the group's panel.

by selecting the appropriate icon in its ACTIONS column.

Action

An action is nothing more than a container for methods. It has no attributes other than a name and is purely for organizational purposes.

You may add any number of actions to an action group.

Create an Action

Follow the steps below to create a new action and add it to an action group.

1. Log in to Netreo as a user with the SuperAdmin access level.
2. Go to the main menu and select Administration > Alerts > Actions to open the Actions Administration page.
3. Locate the action group to which you would like to add a new action.
4. Select the action group's add action icon in the ACTIONS column.
5. Enter a name for your new action.
6. Select Add Action.
7. You are returned to the Actions Administration page.

Modify an Action

Once created, you may then:

• Add a method to the action
• Edit the action
• Delete the action

by selecting the appropriate icon in its ACTIONS column.

by selecting the appropriate icon in its ACTIONS column.

Method

A method is the executable component of an action group. It sends alert notifications or communicates commands to your managed devices or external APIs. Without at least one method, your actions and action groups can do nothing.

There are many methods to choose from, but they all do basically the same thing—send a message to someone or something outside of Netreo.

The specifics of a given method may vary, but they all share the following two attributes.

• Method type - This determines what function the method performs. Method types are explained further down.
• Notify hours - This is a preconfigured time frame, outside of which the method will not execute. Commonly used to ensure that a given method only (or never) executes during (or after) business hours.

You may add any number of methods to an action, in any combination. This allows you to create a variety of multifunctional action groups that can be used for different purposes.

Method Types
The following method types are available.

• Email
  Sends an alert notification about an incident to a specified email address.
• SMS (via email)
  Sends an alert notification about an incident to a mobile device using the specified SMS email address.
• Mobile Notification
  Sends an alert notification about an incident to the Netreo mobile application using Netreo Cloud Services. These cloud-based alert notifications are sent from Netreo's cloud servers and are useful if your email systems are down along with your network. (This method is automatically added to all new actions by default, but can be removed if desired.)
• SNMP Trap
  Broadcasts an SNMP trap about an incident to devices configured to receive traps from Netreo.
• Webhook
  Sends commands to an external API such as a ticketing or alternative alerting system. Webhooks are limited to a maximum of 3 retries for each execution of a method (including manual execution). There is no delay between each retry. Any delays between retries is caused by server latency.
• Active Response Webhook
  An active response version of Webhook.
• Active Response Windows
  Sends PowerShell commands to Windows devices.
• Active Response SSH
  Sends SSH commands to non-Windows devices.

Commands incompatible with the device to which they are sent will simply be ignored by that device. Additionally, the methods in an action group are only run against the host device to which the failing check is assigned. This makes it safe to add multiple different command-based methods to a single action group that may then be assigned to a variety of devices.

Method Execution and Active Response
Most method types send their message repeatedly on a schedule until the incident running them has been acknowledged, at which point they stop. If that incident is unacknowledged, they will start running again. (The schedule on which methods are run is configured in the check to which their action group is assigned.)

However, this is not the case with active response methods. Active response methods execute only once, when an incident is first created and first uses an action group. They will never automatically execute again for the same incident. Although they can be manually executed again by a user with an appropriate access level.

Create a Method

Follow the steps below to create a new method and add it to an action.

1. Log in to Netreo as a user with the SuperAdmin access level.
2. Go to the main menu and select Administration > Alerts > Actions to open the Actions Administration page.
3. Locate the action group and action to which you would like to add a new method.
4. Select the action's add method icon in the ACTIONS column.
5. Choose the method type.
6. Configure the method as necessary.
   • The payloads for SNMP traps, webhooks, PowerShell, and SSH must not exceed 1,020 characters in length.
   • If configuring an email address results in an error indicating that the address is in an incorrect format, try retyping the address manually or copy/paste without formatting (Shift-CRTL-V in Windows), as non-printable, accented, or UNICODE characters can cause problems.
7. Choose a time frame for the notify hours (the time during which the method will be allowed to execute).
8. Select Add Method.
9. You are returned to the Actions Administration page.

Modify a Method

Once created, you may then:

• Edit the method
• Delete the method

by selecting the appropriate icon in its ACTIONS column.

Best Practices

Command Methods

Due to limitations in Netreo, only simple commands (restart, etc.) should be sent. If you wish to run complex commands, it’s better to write a script on the target device and then simply call the script through the appropriate command method.

When using PowerShell commands to restart Windows services or servers, it is imperative to use maintenance windows when conducting upgrades or during planned outages. Otherwise, Netreo will attempt to restart the services or systems when they appear to go down.

Netreo Incident Macros

When using the webhook, SNMP trap, and command methods, you may also include any of the built-in Netreo incident macros to access a wide variety of information about the associated incident or device.