Cole McDonald

  • Content Count

  • Joined

  • Last visited

  • Days Won


Community Reputation

14 Good


About Cole McDonald

  • Rank
    Thought Leader

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. From the Device perspective, what do the three(?) elements of the sdtstatus mean? Looking at a device, I see "none-none-none" or something like "none-SDT-none" where one of the elements is replaced with SDT. @Sarah Terry?
  2. I've implemented this in the past as a dataSource for tracking number of failed connection attempts against a server over a 5 minute period. Powershell that grabs the last 5 minutes of 4625 from the windows security log where the message contains the status for bad username or bad password. It just returns a count rather than individual events. This let me drive a NOC widget of devices to show brute force intrusion attempts. This could potentially be added like a cluster alert using the existing eventSource though and help to combine individual events into a single actionable alert to
  3. I'm not sure where it came from. I'm no longer at Beyond Impact, so don't have access to that deployment any longer. I didn't actually perform the deployment of LM at that location, so I'm not sure how it got in the DS list there. It was originally written by an LM developer, but the code above should allow you to create your own implementation of it from scratch.
  4. Thanks guys. Will this allow me to add customProperties or am I locked into accessing existing customProperties?
  5. Has anyone had any success using the v2 of the REST API to push a PATCH to add a customer property to an object (in this case /device/groups/##### without wiping out any other custom properties that have already been set? We've run into a curious behavior while trying to add a property to feed out integration to our ticketing system. It seems to replace the whole of the custom properties object, not just the child object within the customproperties level of the json: { `"customProperties`" : [{ `"name`" : `"connectwisev2.companyid`", `"value`" : `"$($integrationID.Tr
  6. Here's the link: and yes? I don't quite recall how to have it return a NaN, but I have done it in the past, so I know it's possible. unkn() is a constant for it, that may have been how I did it... so: if(maxrtt>100,1,unkn()) ?
  7. If you have a website built that will take a URL structure that can be married to device/instance property values, you can have the alert generate the URL form the inciting instances properties to direct you to the appropriate page. You may need to build out a redirection page within your site that receives and interprets those URLs for you. ##DATASOURCE## might be the right token to use for building that decision/redirection tree.
  8. ACK should be removable if determined it was checked incorrectly by a user.
  9. That's what I've been doing currently. Any change to it though means you have to change, then distribute that change manually still. So it's pretty much set in stone once you've produced it at scale. The templating would be a way to make changes without having to take this process to that extreme.
  10. You would bring in the ping as a "do not display" value, then make a virtual datapoint that uses an if() to evaluate the >100 and return a NAN for the false condition.
  11. The alerts take you to a specific instance, so it should be possible. URL structure is this: https://<companyName><deviceInstanceNumber> You should be able to derive the instance # from the REST API... but you state that you're a bit of a novice. Might be ##system.instanceid## or just ##instanceID##
  12. My ability to edit the previous post timed out (annoying)... here's the final thing I was going for: if (get-date -format HH -eq 10) { if ( test-path "\\servername\C$\Path\To\File.txt" ) { write-output "1" } else { write-output "0" } } Just checks the 24hr Hour to see if it's 10. Have it fire once an hour.