Seqrite XDR 3.0

Script Execution

Print Friendly, PDF & Email

Overview

In Seqrite XDR, generated alerts can be converted into incidents. For EDR-sourced incidents, you can execute scripts directly from the incident details panel. This feature allows administrators and analysts to run automated actions for investigation or remediation.

Accessing Script Execution

  1. Navigate to the Incidents section.
  2. Select an EDR-sourced incident.
  3. In the right-side panel, click the Execute script button.
  4. To preview the script before execution, click View script (eye icon).

Running a Script

  1. Provide the required $OUTPUT_path parameter.
  2. Click the EXECUTE button.
  3. During execution, a flag notification appears in the top-right corner of the screen to indicate progress and confirm success.
  4. Once executed, the list of scripts is displayed for review.

Prerequisites

Before running scripts, ensure the following environment requirements are met:

  • Windows, Linux, and macOS machines must have Python version 3.5 or later installed.
  • On macOS, the Xcode Developer Tools must be installed.

Key Notes

  • Script execution is only available for EDR-sourced incidents.
  • Always verify prerequisites before attempting execution to avoid errors.
  • Use the View script option to review the script logic before running it.
Was this page helpful?
Yes No