Overview of Actions and Actions Workflows

What Are Actions? #

Lucidum includes a feature called Actions. Actions are automations that are triggered by query results.

Actions include sending email messages, posting a message to slack, creating tickets, isolating infected devices, or making changes to Active Directory, among other options.

For example, you can define an action that sends an email to the IT team if Lucidum discovers one or more assets without endpoint protection.

Lucidum also includes a type of action for webhooks. For details on webhooks, see the manual Running Headless with Webhooks.

Structure of Actions #

Actions include two pieces

• A configuration that provides the connection and authorization information to communicate with the external solution.

• An action that specifies the task to execute, the data to include in the action, and how frequently to execute the action.

Viewing the Actions page #

The Actions page lists all the Action integrations and displays information about the configured actions.

1. Errors pane. If an action type has at least one enabled configuration and one or more actions with an error, the action type appears in the Errors.
2. Red icon that displays the number of actions that are enabled and have errors.
3. Disabled pane. If an action type has one at least one enabled configuration, all actions are disabled, and no actions with errors, the action type appears in the Disabled
4. Gray icon that displays the number of actions that are disabled.
5. Enabled pane. If an action type has at least one enabled configuration, one enabled action, and no actions have errors, the connector appears in the Enabled
6. Green icon that displays the number of actions that are enabled and do not have errors.
7. Available pane. These action types do not have a configuration.
8. Filter Actions by Category. View action types by category, like Asset Management, Identity Access Management, Risk Management..
9. Search. Search for action types by name.

Viewing the Configured Actions page #

The Configure Actions page displays information about configured actions for an integration.

1. Name and Description of the connector.

2. Page Click this icon to view documentation about the action type. The documentation appears on a new page.

3. Plus-sign icon. Add a new action.

4. Pencil Edits the selected action.

5. Trashcan Click this icon to delete a profile. If action is disabled, you can delete it.

6. Two pages Clones the action.

7. Page of text View logs for the action.

8. Airplane icon. Executes the action on-demand (now).

9. Red toggle icon. Action is enabled and has errors.

10. Green toggle icon. Action is enabled and does not have errors.

11. Gray toggle icon. Action is disabled.

12. Orange toggle icon. Action is currently running.

13. Calendar icon. Actions executes after ingestion.

14. Two arrows Recurring action that executes on a schedule.

15. 1X icon. Actions executes once, upon saving.

16. Red Last Run Time. Action had errors during last run.

17. Blue Next Run Time. Action is scheduled to run in the future.

18. Green Last Run Time. Action executed successfully during last run.

19. Orange Last Run Time. Action is currently running.

20. Configuration. Displays the Manage Action Configuration page, where you can view, edit and create Configurations for each Action. A Configuration provides the connection and authorization information to communicate with the external solution.

    • For general steps to create a Configuration, see Workflows for Creating Configurations and Action in Lucidum.

    • For details about creating a Configuration for a specific type of action, see the documentation for the action. For example, to create a Dynatrace Configuration, see the documentation on Dynatrace Actions.

21. Tokens. Displays the Manage Action Tokens page, where you can view the list of Action Token and create new Action Tokens. Action Tokens allow a Lucidum account to access the /CMDB/v2/data/ldg endpoint and make API requests to that endpoint. For details, see Generating a Bearer Token for /CMDB/v2/data/ldg Endpoint.

List of Actions #

To find an action, search the alphabetical list of third-party vendors.

The published list of Actions is a living document. Lucidum releases new Actions according to customer needs.

The current list of Actions reflects all the Actions currently in production at customer sites. If you need an Action that does not appear on the list, please contact your Lucidum Account Representative.

Workflow for Creating Configurations and Actions in Lucidum #

Create a New Configuration #

To create a new configuration:

1. Choose Actions from the left pane.

2. In the Actions page, click on an icon in the right pane.

3. To create a configuration for the action, click the Configuration (gear) icon in the upper left. A configuration provides the connection and authorization information to communicate with the external solution.

4. In the Manage Action Configurations page, you can either click the Add Configuration icon (plus sign) or edit the Default configuration by clicking the Edit icon (pencil).

5. In the Manage Action Configurations page, supply values in the fields.

6. Save the configuration.

7. Click the Configuration (gear) icon.

8. In the Manage Action Configurations page, find your new configuration. Click its Test icon (page with checkmark) to test authentication and the connection.

Create a New Action #

To create a new action:

1. Choose Actions from the left pane.

2. In the Actions page, click an icon in the right pane.

3. To create an action, click the Create New Action (+) icon in the Configure Actions pane. An action specifies the task to execute, the data to include in the action, and how frequently to execute the action.

4. Lucidum displays the Add a New Action page.

5. Provide values in each page and click the Next (>) icon.

6. Save the action.

7. Lucidum uses the Luci LLM to automatically populate the Description field and the Business Value field. You cannot edit the values in these fields.

8. Lucidum automatically sets the action to Enabled. You can disable the action using the enable/disable toggle in the Configured Actions pane.

9. Lucidum automatically tests the action when you save it and automatically executes the action at the time and recurrence you defined in the action.

You can apply an existing configuration to more than one action. If a configuration already exists, you might be able to re-use the existing configuration and might not need to create a new one.

Workflow Using Clone to Create a New Action #

To create a new action using the Clone feature:

1. Choose Actions from the left pane.

2. In the Actions page, choose from the action types in the Categories pane or click on an icon in the right pane.

3. To clone an action, in the Configured Actions pane, find the action you want to clone and click the clone icon (two pages). An action specifies the task to execute, the data to include in the action, and how frequently to execute the action.

4. Lucidum displays the Clone Action page.

5. Provide a new name in the Action Name field.

6. Edit one or more values in one or more pages and click the Next (>) icon.

7. Save the action.

NOTE: Save is not enabled until you provide a new name for the action.

8. Lucidum automatically sets the action to Enabled. You can disable the action using the enable/disable toggle in the Configured Actions pane.

9. Lucidum automatically tests the action when you save it and automatically executes the action at the time and recurrence you defined in the action.

NOTE: You can apply an existing configuration to more than one action. If a configuration already exists, you might be able to re-use the existing configuration and might not need to create a new one.

Alternative Workflow for Creating an Action #

You can also create an action when viewing the results of a query. To do this:

1. Create a query from the Query button. For details, see the chapter on Creating Queries.

2. Click the Show Results (checklist) icon to open the Query Result page

3. The Query Results page displays a the results of query.

   

4. In the Query Results page, click the Create a recurring action (arrows) icon.

5. In the Send to Actions page, select an action type.

   

6. Lucidum displays the Create a New Action page, with the query already loaded in the Filters page.

   

7. Follow the steps in the section on Creating an Action. You can skip the steps about defining Filters, because the filter is now populated.

Workflow for Editing a Configuration #

To edit an existing configuration , follow these steps:

1. Choose Actions from the left pane.
2. In the Actions page, click an icon in the right pane.
3. To create a configuration for the action, click the Configuration (gear) icon in the upper left. A configuration provides the connection and authorization information to communicate with the external solution.
4. In the Manage Action Configurations page, find the configuration you want to edit and click its Edit (pencil) icon.

   

5. You can edit one or more fields in the configuration.
6. Click Save to save your changes.

Workflow for Editing an Action #

To edit an existing actions, follow these steps:

1. Choose Actions from the left pane.

2. In the Actions page, choose from the action types in the Categories pane or click on an icon in the right pane.

3. In the Configured Actions pane, find the action you want to edit. Click its Edit (pencil) icon.

   

4. You can edit fields in the General page, the Filters page, the Schedule page, or the Details page.

5. Click the Save Profile (disc) icon to save your changes.

Workflow for Creating an Action Token #

In the Lucidum API, the /CMDB/v2/data/ldg endpoint retrieves only enriched data from the Lucidum Data Group. This endpoint provides a more focused set of results for each asset or user.

To authenticate with the /CMDB/v2/data/ldg endpoint, you must use an action bearer token. This bearer token allows a Lucidum account to access the /CMDB/v2/data/ldg endpoint.

NOTE: For all other API endpoints, you must generate a standard bearer token associated with your Lucidum user account. The action bearer token is used only with the the /CMDB/v2/data/ldg endpoint.

For details on creating an Action Token, see Generating a Bearer Token for /CMDB/v2/data/ldg Endpoint.

Viewing Status of an Existing Action and Executing an Action On-Demand #

To view information about an existing action:

1. Choose Actions from the left pane.
2. In the Actions page, click an icon in the right pane.
3. The Configured Actions pane displays information about the status of each action and provides options to execute the action on-demand:

1. Red toggle icon. Action is enabled and has errors.
2. Green toggle icon. Action is enabled and does not have errors.
3. Gray toggle icon. Action is disabled.
4. Orange toggle icon. Action is currently executing.
5. Red Last Run Time. Action had errors during last run.
6. Blue Next Run Time. Action is scheduled to run in the future.
7. Green Last Run Time. Action executed successfully during last run.
8. Orange Last Run Time. Action is currently executing.
9. Airplane icon. Executes the action on-demand (now).

Action Results #

You can view general logs and detailed logs about each Lucidum actions.

To view these logs:

1. Choose Actions from the left pane.
2. In the Actions page, click an icon in the right pane.
3. In the Configured Actions pane, select the View Results (page) icon.
4. The Action Results modal page appears:

   

5. The Action Results modal displays:
   • Status. Specifies whether the last execution of the action was successful (green) or failed (red).
   • Triggered At. The date and time the action was last triggered.
   • Number of Records. Number of records included in the action.
   • Actions. Download the log file for the last execution of the action.
6. To download a detailed log file for an execution of the action, click on the Preview Records (eye) icon in the Actions column.
7. Choose either Preview as CSV or Preview as JSON.
8. After viewing the file, click the Download (down arrow) icon.
9. Lucidum downloads a .csv or .json file to your local computer. The  file includes the payload for the action. You specify this payload in the Output Fields field of the action.
10. An example log file looks like this:

    

• • This action found nine assets that match the Filter in the Filters page.
  • For each of those assets, the action sent the values from the fields specified in Output Fields in the Details page to Tenable Vulnerability Management . In our example, the fields in the payload are Data Sources, First Time Seen, IP Address, Last Time Seen, Lucidum Asset Name, and Lucidum User Name.

Action Limits in Lucidum #

• Each action can include up to 5,000 records.
• You can trigger actions to run as frequently as every 5 minutes.