The AlienApp for Forensics and Response supports an extensive list of system-level functions that you can execute on a host system. Many of the most common data collection functions are included in the forensic profile actions or as stand-alone actions. You can also use the Launch Query action to specify any of the supported functions and any needed parameters for the function.
You can use the Launch Query action when you need to perform one of the following tasks:
- Create a scheduled Forensics and Response job
- Launch a Forensics and Response action from an alarm or event
- Create a Forensics and Response orchestration rule
- Run an action from the AlienApp for Forensics and Response page
To define a Launch Query
- Set the App Action to Launch Query.
Specify the asset that you want to use as a target for the action.
You can start typing the name or IP address of the asset in the field to display matching items that you can select. Or you can click Browse Assets to open the Select Asset dialog box and browse the asset list to make your selection.
Enter the function Query parameter.
- (Optional.) If the function requires additional parameters, use the Parameter fields to enter the values in order.