Action1 Integration

Action1 is a risk-based patch management platform trusted by thousands of organizations globally. Action1 helps to discover, prioritize, and remediate vulnerabilities to prevent security breaches and ransomware attacks. It automates patching of third-party software and operating systems, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.
We have created a step-by-step guide to help you integrate it with your Emsisoft Endpoint Protection. 

Configuring Endpoints 

1. Go to Endpoints and click New Group.
   
   
2. Enter the Name and Description of the group then click the Create button.
   
3. After successfully creating the group go back to Endpoints and click the Install Agents button.

4. There are two ways to download the install agent, one is by downloading It directly by clicking the Download Agent button and two is by copying the download URL. After installing the agent on the target device, click the NEXT STEP button.

5. The endpoint device where the agent is installed will now appear on the list. You may install more agents on other devices and once done, click on the FINISH button. 

6. After installing the agents, go to Emsisoft group and click on Add Endpoints.

7. Select the endpoints that you want to add to Emsisoft group then click the Add button.

8. The newly added endpoints will now appear under Emsisoft group.

Adding Scripts to the Script Library 

You need to download the scripts first. There are four scripts and three of them will be added to the script library namely Emsisoft_Setup.ps1, Set_Emsisoft_Group.ps1 and Unset_Emsisoft_Group.ps1. Emsisoft_Compliance.ps1 will be used as the script for our Data Source. 

Emsisoft_Setup.ps1 script 

1. Go to Script Library under CONFIGURATION then click New Script.

2. In the General tab enter the Name and Description of the script as shown in the screenshot below. Click the NEXT STEP button once done.

3. In the Script tab, copy and paste Emsisoft_Setup.ps1 script into the script box. Click the Add Parameter button then enter InstallToken as the Param Name and String as the parameter type. Click the NEXT STEP button once done.
   
   
4. In the Test tab, you may test the script by providing the endpoint name and then clicking the Run Script button. You can now save the new script by clicking the FINISH button. 

5. Follow steps 1 to 4 for the Set_Emisoft_Group.ps1 and Unset_Emisoft_Group.ps1 except in step 4 these scripts don’t have a parameter. Refer below for the name and description values. 

Running Scripts on Endpoints 

Installing Emsisoft 

1. Navigate to Endpoints and select Emsisoft group. From the list, select the endpoints where you want to run the script. After selecting, click on the Run Script button.

2. In the Run Script page click on Script Library.
   
   
3. Select Install Emsisoft Endpoint Protection from the script library then click Confirm.

4. After selecting the install script, you need to provide the install token parameter. Click the NEXT STEP button to continue.

5. In the Select Endpoints tab, click the Add Endpoints button.

6. You can run the script on an entire endpoint group, or you can select an individual endpoint. Click the Add button after selection has been made.

7. Once you have added all the endpoints where you want to run the script, click the NEXT STEP button.

8. In the Frequency tab, just leave everything to default settings which is Run Once / Run Now then click the FINISH button.

9. The run script operation is now being started and is now waiting for the endpoint to run the action. 

10. After the action has been executed successfully, the status of the operation is updated.

11. Do the same steps this when running Set_Emsisoft_Group.ps1 and Unset_Emsisoft_Group.ps1 scripts except that these scripts have no parameter. You only need to run the Set_Emsisoft_Group.ps1 on endpoints that are added to the Emsisoft group and run Unset_Emsisoft_Group.ps1 on endpoints that are removed from the Emsisoft group.

Configuring Compliance Alert 

Adding Data Source 

1. Go to Data Sources under CONFIGURATION then click New button.
   
   
2. In the General tab, enter the data source name then click the NEXT STEP button.
3. In the Script tab, copy and paste the Emsisoft_Compliance.ps1 script into the script box then click the NEXT STEP button.
4. In the Columns tab, search for an endpoint and then click the Detect button to detect the column names.
5. After detecting, the detected columns will be displayed together with its column value. Click the FINISH button to save the data source.

Adding Custom Report 

1. Go to Custom Reports under REAL-TIME REPORTS & ALERTS then click the Add button. 
2. In the General tab, set the Data Source to the newly created Emsisoft Endpoint Protection Compliance data source. Enter Report Name and Description as shown in the screenshot below. Click the NEXT STEP button once done. 
3. In the Columns tab, select Simple Report and then click on the Add Columns button. 
4. In the Adding columns form, select Endpoint Name and Compliance Result then click the Add button. 
5. After adding the columns, click the NEXT STEP button.
6. In the Filter tab, just click the FINISH button.

Creating Alert 

1. Go to Alerts under REAL-TIME REPORTS & ALERTS then click on new alert rule.

2. In the new alert rule page, search for Emsisoft compliance report by typing Emsisoft in the Search Reports input box and then clicking on the SEARCH button.

3. In the search results, click on the Emsisoft Endpoint Protection Compliance Report.

4. In the Create Alert Rule page, check Modified for Alert when something is setting. Provide an email address in the Send alerts to input box and then click the ADD FILTER button to filter compliance alerts specific only to Emsisoft group. Click the SAVE button to save this alert and start receiving it at the provided email address once it is raised.