Incident Command Activity

An Incident Command Activity enables you to launch a specific command with or without arguments. The following fields from the incident associated with the workflow process may be used as input to the command:

  • DIP [Destination IP]

  • DIP:Port

  • RT1 (DeviceAttackName)

  • SIP [Source IP]

  • SIP:Port

  • Text (incident information in name value pair format)

NOTE: The command (or a batch file or script that refers to the command) must be stored in the %ESEC_HOME%\config\exec or $ESEC_HOME/config/exec directory on the iTRAC workflow server, usually the same machine where the Data Access Server (DAS) is installed.