Overview of Actions and Actions Workflows

What Are Actions? #

Lucidum includes a feature called Actions. Actions are automations that are triggered by query results.

Actions include sending email messages, posting a message to slack, creating tickets, isolating infected devices, or making changes to Active Directory, among other options.

For example, you can define an action that sends an email to the IT team if Lucidum discovers one or more assets without endpoint protection.

Lucidum also includes a type of action for webhooks. For details on webhooks, see the manual Running Headless with Webhooks.

Structure of Actions #

Actions include two pieces

• A configuration that provides the connection and authorization information to communicate with the external solution.

• An action that specifies the task to execute, the data to include in the action, and how frequently to execute the action.

Viewing the Actions page #

The Actions page lists all the Action integrations and displays information about the configured actions.

1. Errors pane. If an action type has at least one enabled configuration and one or more actions with an error, the action type appears in the Errors.
2. Red icon that displays the number of actions that are enabled and have errors.
3. Disabled pane. If an action type has one at least one enabled configuration, all actions are disabled, and no actions with errors, the action type appears in the Disabled
4. Gray icon that displays the number of actions that are disabled.
5. Enabled pane. If an action type has at least one enabled configuration, one enabled action, and no actions have errors, the connector appears in the Enabled
6. Green icon that displays the number of actions that are enabled and do not have errors.
7. Available pane. These action types do not have a configuration.
8. Filter Actions by Category. View action types by category, like Asset Management, Identity Access Management, Risk Management..
9. Search. Search for action types by name.

Viewing the Configured Actions page #

The Configure Actions page displays information about configured actions for an integration.

1. Name and Description of the action.
2. Page Click this icon to view documentation about the action type. The documentation appears on a new page.
3. Plus-sign icon. Add a new action.
4. Menu icon. Opens the menu of options for the action.
5. Expanded Menu. Includes the following options:
   • Assign MetaBlocks. Assign the action to a MetaBlock. For details, see Adding Actions to MetaBlocks.
   • Clone. Create a copy of the action.
   • Delete. Delete the action.
   • Edit. Edit the action
   • Send Now. Executes the action immediately.
   • View Results. View the action results.
6. Calendar icon. Action executes after ingestion.
7. Two arrows Recurring action that executes on a schedule.
8. 1X icon. Actions executes once, upon saving. To create this type of action, see Alternative Workflow for Creating an Action.
9. Red toggle icon. Action is enabled and has errors.
10. Green toggle icon. Action is enabled and does not have errors.
11. Gray toggle icon. Action is disabled.
12. Orange toggle icon. Action is currently running.
13. Red Last Run Time. Action had errors during last run.
14. Green Last Run Time. Action executed successfully during last run.
15. Blue Next Run Time. Action is scheduled to run in the future.
16. Orange Last Run Time. Action is currently running.
17. Configuration. Displays the Manage Action Configuration page, where you can view, edit and create Configurations for each Action. A Configuration provides the connection and authorization information to communicate with the external solution.
    • For general steps to create a Configuration, see Workflows for Creating Configurations and Action in Lucidum.
    • For details about creating a Configuration for a specific type of action, see the documentation for the action. For example, to create a Dynatrace Configuration, see the documentation on Dynatrace Actions.
18. Tokens. Displays the Manage Action Tokens page, where you can view the list of Action Token and create new Action Tokens. Action Tokens allow a Lucidum account to access the /CMDB/v2/data/ldg endpoint and make API requests to that endpoint. For details, see Generating a Bearer Token for /CMDB/v2/data/ldg Endpoint.

List of Actions #

To find an action, search the alphabetical list of third-party vendors. See the section Viewing the Actions page.

The published list of Actions is a living document. Lucidum releases new Actions according to customer needs.

The current list of Actions reflects all the Actions currently in production at customer sites. If you need an Action that does not appear on the list, please contact your Lucidum Account Representative.

Workflow for Creating Configurations and Actions in Lucidum #

Create a New Configuration #

To create a new configuration:

1. Choose Actions from the left pane.
2. In the Actions page, click on an icon in the right pane.
3. To create a configuration for the action, click the Configuration (gear) icon in the upper left. A configuration provides the connection and authorization information to communicate with the external solution.
4. the Manage Action Configurations page appears.

   

5. In the Manage Action Configurations page, you can either click the Add Configuration icon (plus sign) or edit the Default configuration by clicking the Edit icon (pencil).
6. In the Manage Action Configurations page, supply values in the fields. The fields vary by Action type.
7. Save the configuration.
8. Click the Configuration (gear) icon.
9. In the Manage Action Configurations page, find your new configuration. Click its Test Configuration icon (page with checkmark) to test authentication and the connection.

Create a New Action #

To create a new action:

1. Choose Actions from the left pane.
2. In the Actions page, click an icon for the third-party vendo in the right pane.
3. To create an action, click the Create New Action (+) icon in the Configure Actions pane. An action specifies the task to execute, the data to include in the action, and how frequently to execute the action.
4. Lucidum displays the Add a New Action page.

   

5. Provide values in each page and click the Next (>) icon.
6. Save the action.
7. Lucidum uses the Luci LLM to automatically populate the Description field and the Business Value field. You cannot edit the values in these fields.
8. Lucidum automatically sets the action to Enabled. You can disable the action using the enable/disable toggle in the Configured Actions pane.
9. Lucidum automatically tests the action when you save it and automatically executes the action at the time and recurrence you defined in the action.

NOTE: You can apply an existing configuration to more than one action. If a configuration already exists, you might be able to re-use the existing configuration and might not need to create a new one.

Workflow Using Clone to Create a New Action #

To create a new action using the Clone feature:

1. Choose Actions from the left pane.
2. In the Actions page, choose from the action types in the Categories pane or click on an icon in the right pane.
3. To clone an action, in the Configured Actions pane, find the action you want to clone. Click the Menu icon. Choose Clone.

   

4. Lucidum displays the Clone Action page.
5. Provide a new name in the Action Name field.
6. Edit one or more values in one or more pages and click the Next (>) icon.
7. Save the action.
   NOTE: Save is not enabled until you provide a new name for the action.
8. Lucidum automatically sets the action to Enabled. You can disable the action using the enable/disable toggle in the Configured Actions pane.
9. Lucidum automatically tests the action when you save it and automatically executes the action at the time and recurrence you defined in the action.

NOTE: You can apply an existing configuration to more than one action. If a configuration already exists, you might be able to re-use the existing configuration and might not need to create a new one.

Alternative Workflow for Creating an Action #

You can also create an action when viewing the results of a query. To do this:

1. Create a query from the Query button. For details, see the chapter on Creating Queries.
2. Click the Show Results (checklist) icon to open the Query Result page
3. The Query Results page displays a the results of query.

   

4. In the Query Results page, click the checkboxes for records you want to include in the action.
5. In the Query Results page, click the Create a recurring action (arrows) icon or the Create a one-time action (1x) icon.
6. In the Send to Actions page, select an action type.

   

7. Lucidum displays the Create a New Action page, with the query already loaded in the Filters page.

   

8. Follow the steps in the section on Creating an Action. You can skip the steps about defining Filters, because the filter is now populated.

Workflow for Editing a Configuration #

To edit an existing configuration , follow these steps:

1. Choose Actions from the left pane.
2. In the Actions page, click an icon in the right pane.
3. To create a configuration for the action, click the Configuration (gear) icon in the upper left. A configuration provides the connection and authorization information to communicate with the external solution.
4. In the Manage Action Configurations page, find the configuration you want to edit and click its Edit (pencil) icon.

   

5. You can edit one or more fields in the configuration.
6. Click Save to save your changes.

Workflow for Editing an Action #

To edit an existing actions, follow these steps:

1. Choose Actions from the left pane.
2. In the Actions page, choose from the action types in the Categories pane or click on an icon in the right pane.
3. In the Configured Actions pane, find the action profile you want to edit. Click its Menu icon. Choose Edit (pencil).

   

4. You can edit fields in the General page, the Filters page, the Schedule page, or the Details page.
5. Click the Save Profile (disc) icon to save your changes.

Workflow for Creating an Action Token #

In the Lucidum API, the /CMDB/v2/data/ldg endpoint retrieves only enriched data from the Lucidum Data Group. This endpoint provides a more focused set of results for each asset or user.

To authenticate with the /CMDB/v2/data/ldg endpoint, you must use an action bearer token. This bearer token allows a Lucidum account to access the /CMDB/v2/data/ldg endpoint.

NOTE: For all other API endpoints, you must generate a standard bearer token associated with your Lucidum user account. The action bearer token is used only with the the /CMDB/v2/data/ldg endpoint.

For details on creating an Action Token, see Generating a Bearer Token for /CMDB/v2/data/ldg Endpoint.

Viewing Status of an Existing Action and Executing an Action On-Demand #

To view information about an existing action:

1. Choose Actions from the left pane.
2. In the Actions page, click an icon in the right pane.
3. The Configured Actions pane displays information about the status of each action and provides options to execute the action on-demand:

   

1. Red toggle icon. Action is enabled and has errors.
2. Green toggle icon. Action is enabled and does not have errors.
3. Gray toggle icon. Action is disabled.
4. Orange toggle icon. Action is currently executing.
5. Red Last Run Time. Action had errors during last run.
6. Green Last Run Time. Action executed successfully during last run.
7. Blue Next Run Time. Action is scheduled to run in the future.
8. Orange Last Run Time. Action is currently executing.
9. Menu icon. Opens the menu of options for the action.
10. Airplane icon. Executes the action on-demand (now).

Action Results #

You can view general logs and detailed logs about each Lucidum actions.

To view these logs:

1. Choose Actions from the left pane.
2. In the Actions page, click an icon in the right pane.
3. In the Configured Actions pane, select the Menu icon. Choose View Results.
4. The Action Results modal page appears:

   

5. The Action Results modal displays:
   • Status. Specifies whether the last execution of the action was successful (green) or failed (red).
   • Triggered At. The date and time the action was last triggered.
   • Number of Records. Number of records included in the action.
   • Actions. Download the log file for the last execution of the action.
6. To download a detailed log file for an execution of the action, click on the Preview Records (eye) icon in the Actions column.
7. Choose either Preview as CSV or Preview as JSON.
8. After viewing the file, click the Download (down arrow) icon.
9. Lucidum downloads a .csv or .json file to your local computer. The  file includes the payload for the action. You specify this payload in the Output Fields field of the action.
10. An example log file looks like this:

    

• • This action found nine assets that match the Filter in the Filters page.
  • For each of those assets, the action sent the values from the fields specified in Output Fields in the Details page to Tenable Vulnerability Management . In our example, the fields in the payload are Data Sources, First Time Seen, IP Address, Last Time Seen, Lucidum Asset Name, and Lucidum User Name.

Adding Actions to MetaBlocks #

Lucidum includes a feature called MetaBlocks. MetaBlocks allow you to group Dashboards, Connectors, Actions, SmartLabels, and Saved Queries, similar to how you would use a folder. You can store related items in a single MetaBlock.

To add an Action to a MetaBlock:

1. Choose Actions from the left pane.
2. In the Actions page, choose from the action types in the Categories pane or click on an icon in the right pane.
3. In the Configured Actions pane, find the action profile you want to edit. Click its Menu icon. Choose Assign MetaBlocks.

   

4. In the Assign MetaBlocks modal page, select one or more MetaBlocks to align with the Action profile.

   

5. Click Assign.

Viewing MetaBlocks Aligned with an Action #

To view the MetaBlocks associated with an Action profile:

1. Choose Actions from the left pane.
2. In the Actions page, choose from the action types in the Categories pane or click on an icon in the right pane.
3. In the Configured Actions pane, find the action profile you want to edit. Click its Menu icon. Choose Assign MetaBlocks.

   

4. In the Assign MetaBlocks modal page, the MetaBlocks field displays the list of MetaBlocks associated with the Action.

   

5. Click Assign.

Deleting Actions from MetaBlocks #

To delete an Action from a MetaBlock:

NOTE: This will not delete the Action or the MetaBlock. This action removes the relationship between the Action and the MetaBlock.

1. Choose Actions from the left pane.
2. In the Actions page, choose from the action types in the Categories pane or click on an icon in the right pane.
3. In the Configured Actions pane, find the action profile you want to edit. Click its Menu icon. Choose Assign MetaBlocks.

   

4. In the Assign MetaBlocks modal page, the MetaBlocks field displays the list of MetaBlocks associated with the Action.

   

5. To delete one of the MetaBlocks, click on its Delete (trash can) icon.
6. Click Assign.

Deleting an Action #

To delete an action:

1. Choose Actions from the left pane.
2. In the Actions page, click an icon in the right pane.
3. In the Configured Actions pane, find the action and configuration you want to delete

   

4. Click its Menu icon.
5. Click Delete.
6. In the modal, click Confirm.

Action Limits in Lucidum #

• Each action can include up to 5,000 records.
• You can trigger actions to run as frequently as every 5 minutes.