Executing patterns manually
Patterns are generally triggered by specific events or changes that occur during a discovery run. Sometimes you might want to run a pattern outside a discovery run (for example, you might be developing patterns against already scanned hosts). To do so, you can run a pattern against the nodes contained in a group.
Running a pattern manually is not the same as triggering it as a result of scanning. Discovery calls can be made from the pattern, but it does not undertake full discovery. If you have changed your discovery credentials or configuration, rescan before running patterns manually.
The following topics are covered in this section:
To select hosts or other nodes
You can select hosts or other nodes by adding them to a group.
From a view node (including host) page, select Groups from the Actions list and add the node to a group. Or, from a report or other search result, select the required items and then select Groups from the Actions list and add the nodes to a group.
Node types against which patterns can be run
Add nodes to your group of the kind that the pattern triggers on (for example, if the pattern triggers on a DiscoveredProcess, add DiscoveredProcess nodes). However, the system can expand host nodes in an intelligent fashion such that it is possible, for example, to simply add a host even though the pattern requires a DiscoveredProcess.
The following table lists the complete set of traversals used to expand from host nodes to other node kinds. Where more than one traversal is shown, the traversal steps are followed one after the other.
Required | Traversal(s) |
|---|---|
Discovered Process |
|
Discovered Listening Port |
|
Software Instance |
|
Business Application Instance |
|
Device Info |
|
Host Info |
|
Cluster |
|
Host Container |
|
To run a pattern
- From the main menu, select Manage > Knowledge.
The Knowledge Management page opens. - Select the pattern module containing the pattern that you want to run.
From this page, you can edit the pattern source or configuration, if necessary. Editing the pattern is described in Viewing and editing a pattern module.
After the pattern is edited, the Knowledge Management page opens, showing a Save Pattern Module Edit - Complete panel. - From the Pattern Module list, select the pattern module that you want to run.
The Pattern Module page opens. - In the heading table, click the Pattern link.
- From the Actions list, select Run Pattern.
From the Run against Group list, select the group that you want to run the pattern against, and then choose the settings for the pattern run. Set Expand, Execution Logging, and Additional Discovery.
The following table describes the settings.
Field | Description |
|---|---|
Run against Group | Provides the list to select the group to run the pattern against. If you do not have any working sets, the check box for showing only working sets is disabled. If you do have at least one working set, clearing this check box enables you to choose groups that are not in your working set. The text beneath shows the number of nodes in the group that are the correct node kind to match the pattern's trigger. If the group contains a host node, select the Expand check box to check the host for additional nodes that match the pattern's trigger. |
Execution Logging | Select the logging level for this pattern run: Debug, Info, Warning, Error, or Critical. |
Additional Discovery | Choose whether discovery commands that perform additional discovery should perform live discovery. For example, the
|
While the pattern is running, the results page is displayed.
Comments
Log in or register to comment.