Perform Actions on Agents

You are here:
Estimated reading time: 1 min
In this article

Trigger-it supports wide range of native actions that could be performed directly on managed endpoints, by default Trigger-it supports the following actions:

General Actions

  • Run EXE or CMD file.
  • Run PowerShell Script
  • Run VBS Script
  • Download a file from HTTP URL
  • Download a file from HTTP URL then execute it.
  • Terminate a process.
  • Backup a folder to Azure storage
  • Activate Windows
  • Restart a device
  • Shutdown a device
  • Lock-down a device, See Trigger-it Lock-down feature.

Updates Actions

  • Trigger Windows Update Scan Cycle
  • Trigger Windows Update Scan cycle and download
  • Trigger Windows Update Scan cucle, then download then reboot.

Windows Registry Actions

Trigger-it supports editing HKLM registry hive as following:

Windows Services Actions

  • Stop a service
  • Start a Service
  • Restart a Service

Security Actions

  • Generate a Privilege Access management token, See Understanding Privilege Access Management
  • Sandbox a file with Cuckoo Integration, See Sandboxing Integration

Testing a sample action on a managed device

Let us test running a sample EXE file on a managed device, to do so, perform the following steps:

  • Select the desired endpoint from the list, then right click on it.
  • Select Run EXE or Command
  • The Action screen will be opened where you can enter the EXE path which could be a local path on the managed endpoint or a UNC share located on the network, to simplify the path selection you can click the browse button and select a file either locally or on a share
  • Enter any arguments that you would like to pass to the EXE.
  • If you are regularly using this command, you can save it a template for later use.
  • Click on Trigger-it Button.

The command will be executed immediately on the managed endpoint.

Performing a group action

You can select multiple devices and perform a single action on them, the flow is slightly different but it is the same as the above process.

  • To perform a group action, select multiple devices from the list and click the desired action
  • The group action wizard will be opened and you can review the devices in the selected list, you can right click on the list and remove a device from the list.

  • Enter the command and pass its arguments then click on Trigger-it
  • Close the wizard once completed.
Was this article helpful?
Views: 53
Have questions? Search our knowledgebase.