Incident Command Activity

An Incident Command Activity enables you to launch a specific command with or without arguments. The following fields from the incident associated with the workflow process may be used as input to the command:

DIP [Destination IP]

DIP:Port

RT1 (DeviceAttackName)

SIP [Source IP]

SIP:Port

Text (incident information in name value pair format)

NOTE: The command (or a batch file or script that refers to the command) must be stored in the %ESEC_HOME%\config\exec or $ESEC_HOME/config/exec directory on the iTRAC workflow server, usually the same machine where the Data Access Server (DAS) is installed.