Skip to main content

Event Actions

About event actions (exit traps)

Bravura Security Fabric can be interfaced to IT Service Management (Ticket) systems so that records are automatically generated or updated, and email is sent to administrators, when certain events occur on the Bravura Security Fabric server.

In the target type listing on the Target system information page, these systems are listed as IT Service Management systems . They are also known as Ticket systems.

Bravura Security Fabric 's standard interface facility can:

  • Exchange data with IT Service Management (Ticket) systems when an event transpires on the Bravura Security Fabric server, such as user authentication, account creation, security violations, and successful or failed operations.

  • Support comprehensive business logic with static or dynamic workflow and performing different actions when different events take place.

  • Update information about existing records in other systems in real time.

  • Create new call records in your ticket system in real time.

  • Send SMTP email.

  • Execute programs on the Bravura Security Fabric server.

Using email integration, Bravura Security Fabric can notify:

  • Users that their requested security change or update has been successful

  • Users that there has been a problem with their attempted change – sending them information about policies such as password rules, or which system failed with what error messages

  • System administrators of persistent problems on their systems

  • Help desk staff that a user is having difficulty with Bravura Security Fabric , and asking them to proactively contact the user with assistance

  • Security staff of repeated failed attempts to authenticate as a user or Bravura Security Fabric support operator

Interface architecture

The event actions interface is based on a defined set of Bravura Security Fabric settings that provide interaction with ticket systems through a set of ticket management connectors and their associated configuration script files.

The ticket management connectors, sometimes known as exit trap or interface programs, are installed and modified with Connector Pack .

The programs are located in the interface directory, and sample scripts are located in the samples directory. The scripts are written in PSLang, although Python variants may be available. You can modify the scripts to suit your requirements and place them in the \ <instance> \ script \ directory so that they will be detected and used by Bravura Security Fabric . For more information on PSLang, see the PSLang Reference Manual (pslang.pdf) .

Note

You can specify an alternative interpreter to execute event action scripts using the Manage the system > Workflow > Options > Plugins > PLUGIN PROGRAM setting. See Specifying a program to run plugins for more information.

In the Bravura Security Fabric web interface, event action settings, sometimes referred to as exit traps, commonly begin with Program to execute when …. The interface allows you to configure an action to be bound to an event. The event action is to call one or more programs and to execute them. The programs are executed based on the instructions their respective script files provide them.

Many event types are available, and each may trigger the same or a different program. For instance, it is possible to populate tickets in one ticket system for some events and in another ticket system for other events. All event action settings can be configured to run multiple programs.

The event types that can trigger Bravura Security Fabric to notify a ticket system are listed in System options that can trigger external programs .

Whenever a defined event type takes place:

  1. The Bravura Security Fabric server checks whether an action has been associated with this event; and if one has, it executes the interface program.

  2. The interface program reads input that contains session data relating to that event.

  3. The interface program parses a script file.

  4. The interface program finds the subsection in the script for the particular event.

  5. The interface program carries out the instructions for that subsection.

This includes the ability to search for data in the ticket system, add data to the ticket system, iterate through the information from the event log, send email messages, and so on.

Exit trap programs are asynchronous. That is, Bravura Security Fabric starts the interface program and does not wait for a response.

Example interface

The example below illustrates how the interface works:

Business requirement

When a user attempts to access Bravura Security Fabric , and fails to authenticate, the following events should take place:

  1. Search session data for previous failed authentication attempts by the same user.

  2. If there is a previous failed attempt, send an email to a security officer, warning that the event may be an attempted intrusion.

  3. Open a ticket, detailing relevant information such as the date, time, and user ID.

Interface details

This interface is implemented by defining one or more settings in the Manage the system (PSA) module for the event type LOGIN FAILURE where the setting’s value is the name of a program, or list of programs, to execute.

The event action setting is used to run a standard interface program – for example, Remedy ARS uses pxrem – which executes the LOGIN FAILURE script procedure.

In this section: