An Incident Command Activity enables you to launch a specific command with or without arguments. The following fields from the incident associated with the workflow process may be used as input to the command:
DIP [Destination IP] DIP:Port RT1 (DeviceAttackName) |
SIP [Source IP] SIP:Port Text (incident information in name value pair format) |
NOTE: The command (or a batch file or script that refers to the command) must be stored in the %ESEC_HOME%\config\exec or $ESEC_HOME/config/exec directory on the iTRAC workflow server, usually the same machine where the Data Access Server (DAS) is installed.