How to Automate Investigation of Active Directory Security Breaches

Author: Guy Nadivi

It’s estimated that 90% of organizations around the world use Active Directory as their primary identity service for authentication and authorization. Hackers know this, which is why Active Directory has become one of their favorite targets. Of course, it isn’t just hackers looking for vulnerabilities in order to gain access to your network resources. It’s also insiders.

Regardless of whether your attacker is external or internal, if successful, they can cause enormous damage to your enterprise, both financial and reputational. Automation can help accelerate investigation of these security breaches, and as a result, greatly reduce an organization’s exposure from attacks on corporate Active Directory deployments.

What makes Active Directory so popular among organizations?

One obvious thing is that it’s published by Microsoft, which makes Active Directory the default choice for Windows environments.

Active Directory is also very configurable and customizable, making it popular for organizations with very specific identity access requirements.

Additionally, Active Directory is very adept at centralizing management of compute resources and identity access, which eases the administrative burden on technical staff. A major benefit!

Finally, it’s fairly easy to manage Active Directory since it has a familiar Windows interface.

It turns out though that all the same benefits which make Active Directory so popular with System Administrators, also makes it popular with a couple of other demographics.

I’m referring of course to outside hackers, working either as individuals, or as part of crime syndicates, or even under state sponsorship from an adversarial nation.

Increasingly, Active Directory is also being targeted by disgruntled employees, or insiders motivated to commit harm against YOUR organization. One spectacular recent example of that is Edward Snowden, the former NSA employee who stole hundreds of thousands of incredibly sensitive classified documents that were subsequently leaked to the public. His case illustrates what can happen to an organization even as hyper-security conscious as the NSA if it focuses too much on defending against outsiders – it gets blindsided by an insider.

There are many best practices that security experts recommend to protect your Active Directory from people with nefarious intentions like outside hackers or disgruntled employees. I won’t go into depth about those recommendations, but I do want to mention one you’re probably already familiar with that’s very important: Least-Privilege Administrative Model.

This is the principle of restricting access rights for users, accounts, and computing processes to just the resources absolutely required to perform their job. For example, if all a particular user needs for their function is to read documents, then there’s no need to also give them access to write documents.

That’s why the Least-Privilege Administrative model is considered a simple concept that’s easy to understand.

If you implement the Least-Privilege Administrative model, it’s going to be effective at reducing risk for your enterprise, which in turn will increase security. Sounds great so far, right?

As it turns out though, the Least-Privilege Administrative model is rarely implemented by organizations. Despite the general consensus about its positive benefits, it’s considered too difficult and tedious to actually use.

Coincidentally, I found an interesting quote about implementing least-privilege administrative models in a document published by the organization which knows better than anyone about Active Directory’s security vulnerabilities – Microsoft!

The first part of the document reads “…..in assessing Active Directory installations, we invariably find excessive numbers of accounts that have been granted rights and permissions far beyond those required to perform day-to-day work.”

A little further down in this document it talks about the sophistication of those attacking Active Directory and says “Unfortunately, the path of least resistance in many environments has proven to be the overuse of accounts with broad and deep privilege.”

If you’re interested, and especially if you’re tasked with securing Active Directory, I recommend reading this Microsoft document yourself (“Implementing Least-Privilege Administrative Models”).

Those administrating Active Directory as part of their job role know that implementing the Least-Privilege Administrative Model is the best option in terms of effectiveness, but it’s also difficult to implement. What then should one do?

Ayehu proposes that you consider a modified Least-Privilege Administrative Model that applies to all administrator accounts, and relies on automation to ensure strict compliance.

How would that work? Conceptually something like this.

In Active Directory, there would be tiers of privilege for various administrative accounts based on the tasks a given administrator type would need to carry out. However, in accordance with our model, those accounts would receive the least amount of privilege needed to accomplish those tasks, and nothing more. Every administrator account would then be assigned to a given tier.

Ayehu’s automation platform would integrate with Active Directory to automate much of the enforcement of these strict tiers.

When there is any movement between the tiers, or even a new account created, Ayehu would provide automated detection, investigation, and triage services to the appropriately designated SysAdmin via a simple Slack interface, and would furthermore document all of this activity in a standard ServiceNow ticket.

If implementing a full Least-Privilege Administrative model is impractical at your organization, using this approach allows you to at least deploy it for your admin accounts. That way, you can leverage Ayehu’s enterprise-grade automation to tie together all these components into an effective unified defense for Active Directory.

With an estimated 90% of organizations using Active Directory as their primary identity service for authentication and authorization, it’s just a fact of life that AD is going to be under relentless assault, from both external and internal attack.

There is no one solution that can completely protect Active Directory from all the different angles those attacks vector in from. However, automation does have a role to play as an important defensive tool for Active Directory by making implementation of a modified Least-Privilege Administrative model for your admin accounts a far more feasible option than it might otherwise be.

If you’re interested in test driving Ayehu NG and seeing how it can help secure your Active Directory deployment, please visit our website and download your very own free 30-day trial version today by clicking here.

Automating Remediation of Splunk Alerts with Ayehu

Author: Guy Nadivi

Many of our customers use Splunk, the market leader in their space. Due to the large volume of alerts Splunk generates, we often get asked how Ayehu can help offset some of the laborious manual work involved in remediating those alerts. We’re going to answer that question with a great use case many of you will find very familiar – freeing up disk space on a server (with a slight twist).

Remediating low disk space is on our list of top 10 highest value automation use cases. Ayehu can automate the toil out of that particular process using a combination of Splunk, ServiceNow, Slack, and Ayehu NG.

Let’s talk a bit about Splunk. It will come as no surprise to most of you that Splunk continues to be a market leader in its category. Here’s Gartner’s 2020 Magic Quadrant for the SIEM market showing Splunk just edging out IBM as the highest entry in that upper rightmost LEADERS square.

Just in case it’s difficult to read, the y-axis where they’re higher than everyone is a measurement of Ability to Execute.

The x-axis measures vendors by their Completeness of Vision, and Splunk’s doing pretty good on that metric as well.

This is clearly one reason Splunk is viewed as a market leader.

Being a market leader often translates into higher market share. Not surprisingly, Splunk is now #1 in market share with 16.5%. They recently dethroned IBM which is #2 with 13.2%. And rounding out the top 3 is Microsoft with 8.4%.

As of the end of Fiscal Year 2019, Splunk reports 19,400 customers.

According to Gartner, Splunk has an astounding 30.4% growth rate.

And 92 of the Fortune 100 are Splunk customers.

The reason Splunk is doing so well, as a lot of you already know, is because they’re great with machine data.

Splunk captures data, from logs, web servers, and lots of other places. Then it indexes that data to facilitate flexible searching and fast data retrieval. Splunk can then begin to correlate that data, which will often reveal relationships between seemingly unrelated events, and help accelerate root cause analysis. Splunk can also visualize this data into dashboards, graphs, and other outputs.

However, the biggest output from Splunk that most people in IT operations are probably familiar with is the alerts. Boy, oh boy can Splunk generate a lot of alerts!

And you know what that often leads to? Alert fatigue. Let’s face it, prior to the pandemic your service desk was already pretty overwhelmed. Now with the added burden of everyone working from home, they’re having a hard time keeping up.

Just how serious is alert fatigue? I’m going to address that with this brief quote:

‘There are too many security alerts coming in, and not enough people and time to deal with them all. In fact, approximately 64% of security tickets generated per day are not being worked. Let that sink in. The majority of security alerts received by security teams are not being analyzed and resolved. This is the essence of “alert fatigue”.’

And who is that quote from? Splunk themselves. They posted those exact words on their website earlier this year (Splunk Blogs – January 17, 2020).

Now this is a quote specifically about security tickets, but everyone knows it’s the exact same story in network operations where you have alerts flying at you from every direction 24×7.

The solution to alert fatigue, and really the solution to freeing up people from a lot of the laborious, repetitive, predictable tasks that comprise so much of IT operations, is automation.

Automation is going to:

  • Deflect tickets away from your service desk, which in turn allows technicians to focus on higher value projects
  • Reduce and/or eliminate errors which has the added benefit of reducing and/or eliminating rework, an often overlooked but significant drain on resources
  • Save time and money for the service desk, the IT department, and ultimately your organization
  • Almost certainly increase IT’s customer satisfaction scores, which is becoming an increasingly important KPI, in many cases linked directly to individual bonus compensation

BTW, many of you I’m sure are familiar with PwC also known as PricewaterhouseCoopers. They’re one of the Big Four accounting firms and 2nd largest professional services network in the world. Since March of 2020, they’ve been regularly surveying CFOs around the globe to track their sentiments in response to the COVID-19 crisis. In their most recent survey, during the weeks of June 1 and June 8 they asked 989 CFOs from 23 countries or territories around the world about their top priorities going forward.

The response from the CFOs was that “…50% report they plan to accelerate automation and new ways of working.“

So that’s the direction things are going in – automation. Actually, many of you know firsthand it was already going in that direction, but COVID-19 has unexpectedly expedited things.

Speaking of automation, Ayehu doesn’t just automate activities in Network Operations Centers.

Many of our customers use the Ayehu NG platform to also automate activities in their Security Operations Centers.

That makes sense, right? Splunk can send an alert notifying you about low disk space on a network drive, and Splunk can also send an alert that a ransomware attack is underway on a server. In both cases, that alert can come to Ayehu NG, where you can run an automated workflow, or playbook if you prefer, that automates the remediation response.

In fact, when it comes to security, many of the attacks themselves are automated, and there’s simply no way humans can respond quickly enough.

So if the attack is automated, shouldn’t the response to defend against it be automated too?

It should be, and you can automate all these kinds of things for both domains from a single pane of glass with Ayehu NG.

If you’re interested in test driving Ayehu NG and reducing alert fatigue in your organization, please visit our website and click here to download your very own free 30-day trial version today.

What’s new with Ayehu? Overview of Ayehu NG 1.7

Overview of Ayehu NG 1.7
Author: Guy Nadivi

This latest release of Ayehu NG has some critical and advanced new features, most notably the ability to deliver more self-service incident remediation and request fulfillment to end users via our new MS-Teams integration.

Earlier this year, we did a webinar which flashed a graphic from Statista about the number of Microsoft Teams Daily Active Users. The chart’s numbers have been updated, but it’s worth a quick revisit to get a sense of growth for MS-Teams over the last year.

In July of 2019, just a bit over a year ago, Microsoft’s worldwide user count stood at 13 million.

Then by November of last year, they had experienced a little over 50% growth and their user count stood at 20 million.

Between November last year and March 12th of this year, they gained another 12 million users for a worldwide total of 32 million. The critical date to take into account there is on your left, March 10th. That’s when Microsoft began giving away MS-Teams for free in response to the pandemic forcing many people to work from home. A very shrewd move by Microsoft marketing.

Within one week, from March 12th to March 19th, the worldwide number of daily active users for Microsoft Teams exploded from 32 million to 44 million. A mind-boggling increase of 37.5% in just 7 days! Remember, less than a year ago they only had 13 million total.

And then the floodgates burst open. As of April 2020, Microsoft reported having 75 million users worldwide! That’s a 477% growth rate from basically just a year ago, which is literally off the charts.

This graphic illustrates the importance of having connectivity with Microsoft Teams. It’s the chatbot interface of choice for so many enterprises and people around the world, and it’s clearly where the market is going.

It’s also where Ayehu is going, because we always want to be where our customers want to go.

The headline story then for v1.7 of Ayehu NG is our integration with MS-Teams, which allows you to easily provide automation services for MS-Teams users. All 75 million of them.

Ayehu’s integration is immensely useful for end-users who are in a hurry and don’t have time to wait for the Help Desk to remediate their incident or fulfill a request.

It’s great for the Help Desk as well because it redirects calls and tickets away from technicians. This in turn frees up technicians to work on more complex issues, enabling them to add greater value than just fixing L1 incidents.

The MS-Teams integration allows you to architect structured conversations with simple button choices for end users to select from. This makes it very easy for them to do a number of things that previously would have required a technician.

As always, it’s super simple to create automations like these. Just go into Ayehu NG’s Workflow Designer, and look for the MS-Teams activities. Drag and drop the ones you need right into the workflow you’re building, then configure a few parameters. No coding required!

What kinds of specific incidents and fulfillment requests would you use MS-Teams to deflect from your help desk? Here are some sample use cases our clients have told us about:

  • A user can type “I need to reset my Salesforce password”, and MS-Teams integrated with Ayehu NG v1.7 will reset the password for them.
  • A user can report that a specific server is down, and request that it be restarted. Teams and Ayehu take care of the rest.
  • A user can check on the status of a ticket in ServiceNow, or just about any ITSM platform.
  • A user can tell MS-Teams they can’t get into email, and that will trigger the same remediation process usually performed by a technician.
  • A user can ask how much space is left on their hard drive, then request that it be cleaned up, which might include automatically deleting some files, compressing some files, and moving other files somewhere else.
  • A user can also ask about possible malware and inquire if it’s a problem.

These of course, are just examples. The only real limit is your imagination, but the Ayehu integration for MS-Teams stands ready to make whatever kinds of automation you imagine come to life.

Another feature v1.7 delivers is an improvement in the NG to NG Migration function many of you started using immediately when it first debuted with v1.6.

In v1.7 this NG to NG Migration has been improved to accommodate those times when you’ve already migrated a workflow from your dev or test environment to your production environment once, and now want to do it again without duplicating the production workflow.

We accomplish this by introducing the Migration Overwrite function. During the migration process, if an existing workflow is identified by an identical name, you will now be presented with an option to overwrite the existing workflow with the incoming workflow. This will update the workflow in the destination (production) environment with the new changes. There will also be overwrite options for most entities within the workflow, such as devices, templates, error handlers, and more.

The last major new feature in v1.7 is Azure Active Directory Sync.

For organizations that don’t want to manage local users in Ayehu NG, the Azure Active Directory Users Synchronization activity can be utilized in v1.7 to sync users and groups from your company’s Azure AD tenant. 

This functionality gives any Ayehu NG user who can create workflows, as well as manage logins, the ability to sync users and groups from Active Directory into NG, and then create login users and login groups from them as appropriate.

It’s a great new tool that customers using Azure cloud will really get a lot of benefit from.

If you’re interested in test driving Ayehu NG v1.7 with these cool new features, download your very own free 30-day trial version today by clicking here.

Essential Use Cases to Jump Start Your IT Process Automation

At any given organization, there are always many, many manual IT processes that make great candidates for automation. From time to time though, we run across some process automation candidates that deliver noticeably higher ROI. As people started working from home due to the Coronavirus pandemic, and more staff needed to start using ZOOM, we stumbled upon a manual process that really stood out as an excellent use case to help jump start automation at organizations.

Ayehu keeps track of the highest value automation use cases with the broadest applicability to our customers. We display those on our website where you can drill down and get more information on each one. That list is updated from time to time when we come across great new uses of Ayehu to automate toil out of a process. The use case we’ll be talking about today is one of those examples, and we think you’ll be intrigued by how it involves Ayehu NG tying together ServiceNow, ZOOM, Active Directory, and a chatbot in a very timely way.

We’re just about 6 months or so into the pandemic, so scenes like this ought to be pretty familiar to most everyone by now.

A lot of you, maybe even all of you, are working from home. Being remote and away from the office necessitated a big shift in how employees, contractors, and staff interacted with each other.

That left the door wide open for a company called ZOOM to step in and fill that interaction gap previously provided by the in-office experience. So suddenly, it seems the entire world is using ZOOM.

BTW – One way you can tell a product has really entrenched itself in the minds of consumers is when its name becomes a verb. Right?

You don’t just hail a ride-share to the coffee shop, you Uber to Starbucks.

You don’t just edit that image, you Photoshop it.

And now, we don’t just put together a web conference, we setup a Zoom call.

Now in case you’re unaware just how much Zoom usage has increased; I’d like to share a few metrics with you that might leave you stunned.

In the past, ZOOM was criticized for being a platform only small organizations used. In their financials, they report on how many customers with more than 10 employees are using their service.

A little over a year ago at the end of Q1 2019, they had 59,400 customers with more than 10 employees

One year later at the end of Q1 2020, they had 265,400. That’s a growth rate of 347%!

It’s not just smaller firms using ZOOM though. There’s a banking firm that deployed around 175,000 new ZOOM seats in Q1 and a global law firm called Baker McKenzie with over 6,000 attorneys worldwide adopted ZOOM as well.

Here’s another great visualization of ZOOM’s growth.

Back in 2013, ZOOM had just 3 million daily meeting participants.

That’s grown dramatically, and as of the end of March 2020, they now have 300 million daily meeting participants. I’m betting that number will go up when their Q2 financials are released.

Here’s the metric that made my jaw drop to the floor.

In January 2020, the number of meeting minutes ZOOM’s customers were consuming on an annualized basis was 100 Billion. That’s right 100 Billion meeting minutes.

Can you see the “bar” representing that number? No? Let’s zoom in, no pun intended.

100 Billion meeting minutes is that razor thin sliver of a yellowish vertical line that’s thinner than the grey border representing the y-axis of this bar graph. Why does 100 Billion meeting minutes look almost invisible on this bar graph?

Because just 3 months later in April 2020, ZOOM was on a run rate to consume 2 Trillion annualized meeting minutes (see previous graph). So while 100 Billion may sound like a lot, it’s a drop of water compared to the ocean that is 2 Trillion. This is a growth rate that must’ve left their DevOps team gasping for air the entire first quarter of 2020.

And what has all that growth in customers, meeting participants, and meeting minutes done? It’s led to a lot more of this.

It seems like ZOOM is everywhere and everyone is using it all the time.

That in turn has led to a problem for IT Operations in provisioning ZOOM accounts efficiently, while also documenting their distribution and assignment.

So I’d like to give you an overview of the workflow powering the use case we think is a great way to jump start your IT process automation efforts. It highlights Ayehu NG’s ability to be that single pane of glass tying together so many different pieces in your environment.

It’s going to start with an end user sending a request through Slack that they would like a ZOOM account.

The request goes directly to Ayehu, which looks up the manager that user directly reports to on Active Directory.

When the manager is identified, Ayehu passes along the user’s request to the manager, and awaits an approval or a denial.

In our use case, the manager approves the request, which BTW – is all done through email.

Ayehu then does three things:

  • It provisions an account on ZOOM
  • Sends the user an update via Slack that their request for a ZOOM account was approved
  • It also emails the user their new ZOOM credentials

Finally, Ayehu opens a ticket in ServiceNow, and documents every aspect of this request, automatically creating a complete record of everything that transpired.

That’s it. If you wanted the whole thing to run completely on auto-pilot, without requiring manager approval, you could easily configure it to do that too.

If you’re interested in test driving Ayehu NG to easily provision ZOOM accounts for your end users, download your very own free 30-day trial version today by clicking here.

How to Securely Automate Privileged Credentials Usage

Malicious use of privileged credentials remains one of the biggest threats to enterprise security. That’s a real dilemma for IT operations who need access to privileged accounts on servers, routers, and other devices in order to carry out routine tasks like regularly-scheduled maintenance jobs.

The question then is how can privileged information be best protected without obstructing IT operations from performing its vital function to keep the information infrastructure running smoothly?

Every year, different organizations issue their annual list of Top 10 cybersecurity threats or security issues for the year ahead. Here’s Gartner’s Top 10 list from 2019.

Although the cybersecurity landscape is constantly changing, you’ll note that privileged access management always seems to feature prominently on most top 10 security lists, and this one’s no exception.

Securing privileged access is a bit of a specialty in the cybersecurity field, but it applies to every server, operating system, file system, application, database, and IoT device in your environment. Today’s threat landscape demands that not only do all these elements of your infrastructure need strong passwords, but they need to be changed frequently. In the case of highly sensitive infrastructure or data, the best practice is to change the password after every use!

Now if you have a smaller environment with just a few servers, applications, databases, etc., then perhaps you’re not too worried about dealing with privileged access management because it’s just another manual task you do that might be inconvenient, but doesn’t hold you up too much.

Then again, if you are in an enterprise environment, you’re probably dealing with hundreds if not thousands of servers, applications, databases, etc. Now you’ve got a very serious issue to contend with. How do you maintain proper security for every single component AND continue performing IT operations tasks as efficiently as possible?

Well, that really is the CIO’s dilemma in all of this. He or she must perform a precarious balancing act that maximizes security without compromising productivity.

On the one hand, the CIO must do everything necessary to comply with an alphabet soup of regulatory regimes and standards, such as HIPAA, PCI-DSS, GDPR, CCPA, Sarbanes Oxley, and so many more that if they were all listed here, would require a lot more scrolling on this blog post.

On the other hand, the CIO can’t compromise on preserving uptime, and dealing with shifting infrastructure priorities such as the recent and sudden switchover to working from home. They’ve also got to continue advancing the enterprise’s digital transformation, all while dealing with reduced budget and/or headcount due to the economic conditions brought on by the pandemic. And of course, there’s the growing concern about the widening skills gap.

According to Gartner, there is a solution (and we endorse it wholeheartedly).

In a paper published June 18, 2020 (ID G00376315), Gartner recommended that organizations “Create and expand automation for privileged access activities and integration with other enterprise platforms, such as identity governance and administration and IT service management.” This recommendation actually constitutes one of the 4 pillars of Gartner’s Privileged Access Management strategy.

In the same publication, Gartner points out that “Automation includes increasing reliability and security by removing the ‘human’ element. This increases efficiency by enabling privileged tasks to be run by more junior administrators with less experience or by software agents”. In other words, by taking privileged access management out of people’s hands and letting it be automated, you’re actually making your infrastructure more secure.

And just for good measure, there was one more worthwhile tidbit from this same Gartner paper, which BTW is entitled “Best Practices for Privileged Access Management Through the Four Pillars of PAM”.

Gartner offers suggestions on what privileged access management tasks to consider automating. They write “Good targets for automation are predictable and repeatable tasks, such as simple configuration changes, software installations, service restarts, log management, startup and shutdown.”

To that, we would also add routine health checkups, which is a great use case Ayehu has available for demonstration with popular privileged access management solutions such as CyberArk’s.

In summary, there are 3 main value propositions derived from automating privileged access management.

First and foremost, it’s simply more secure using a vault. That’s a bit obvious, but we shouldn’t lose sight of that.

Secondly, if you’re following best practices on frequency of password changes, then automating privileged access management means you never have to worry about password changes disrupting operations. In other words, if you’ve got a scheduled task to run on a server whose password just changed, it won’t be an issue, because both the changing of the password and its retrieval from the privileged access management solution are automated.

Finally, and this is the one every CIO loves, automating privileged access management lets you run a streamlined IT operation while simultaneously maintaining security, adherence to industry regulatory regimes, and your own enterprise best practices.

If you’re interested in test driving Ayehu NG to securely automate your privileged credentials usage, click here to download your very own free 30-day trial version today.

Free Must Have Resources for Every Automation Pro – GitHub

Free Must-Have Resources for Every Automation Pro – Ayehu Automation Academy
Author – Jacky Leybman, Product Manager @ Ayehu

Ayehu maintains its own repositories on GitHub, the world’s #1 open-source community for software development, source code management, and version control. This is a free resource for Ayehu community members interested in:

  • Shorter time to value through reuse of existing, pre-built workflows
  • Shorter time to value through customization of open source activities
  • Free access to peer-developed workflow templates and activities

Let’s breakdown everything this great resource has to offer.

What is GitHub?

At a high level, GitHub is a website and cloud-based service that helps developers store and manage their code, as well as track and control changes to their code.

Essentially, it allows individuals and teams to easily collaborate, leveraging already published code while constantly giving back to ensure the community is growing and everyone can benefit from each other.

Anyone can sign up and host a public code repository for free as well as view other available repositories – as you can see here on our Ayehu GitHub page.

The social networking aspect of GitHub (available here) is probably its most powerful feature, allowing projects to grow more than just about any of the other features offered. Each user on GitHub has their own profile that acts like a resume of sorts, showing past work and contributions to other projects via pull requests. Project revisions can be discussed publicly, so a community of experts can contribute knowledge and collaborate to advance a project forward.

In our case (as seen in the graphic above) we already have 6 public repositories that can be viewed by anyone, and 3 of them are for custom content, which can then be shared by anyone wishing to become a Collaborator.

What kind of content do each of these repositories have?

The ones on the lower row are activities/workflows/integrations that are already available in any installed instance of Ayehu NG. Now you may wonder then, why do we need those on GitHub?

The advantage of having this content shared on GitHub is to provide you with visibility into the code behind the activities, allowing you to easily leverage them for your organization’s specific needs. You can modify any of these activities or create a completely new activity using the existing code as your foundation.  The same applies to any of the workflow-templates and integrations.

Additionally, we have 3 public repositories for custom content. These are shared by the user community, and the only place you can find them is on GitHub, as they’re not part of the product itself.

The custom-scripts repository has different user-created scripts that can be shared among the community. For example, here you can find a utility that eliminates the need for writing a program from scratch, or a script to manually send HTTP POST and GET requests to an Ayehu NG server.

The custom-workflows repository has different workflows created by users using the Workflow Designer. Here you can find multiple workflows for different 3rd-party applications. For example, SolarWinds Remediation. Each workflow is basically an XML file, which is the format it’s exported in from NG when you use the built-in Export functionality.

Last but not least is the custom-activities repository, which in my opinion is the most compelling one because it’s constantly growing. As of this blog post’s publication, we already have more than 300 different activities published for about 30 different 3rd-party applications, such as Amazon S3, Azure AD, Beyond Trust, Google Cloud, PagerDuty, SharePoint, Zendesk, etc. representing a wide variety of platforms including ITSM, messaging, and cloud services. Usually each 3rd-party application’s folder has around 5-10 activities, as you can see below in the FreshDesk folder, for example.

How easily can you leverage this content in your NG environment?

In order to start using any of the activities available on Ayehu’s GitHub page, which as a reminder can be easily browsed by anyone, you must have Ayehu NG version 1.5 or higher running. This is the version that first introduced the Activity Designer feature, which is a necessary prerequisite for building and deploying customer activities.

To learn more about the Activity Designer, please visit Ayehu’s Automation Academy. This is another great free resource Ayehu provides to its community. There you’ll find a couple courses explaining how to use the Activity Designer to build custom activities suited to your company’s specific needs, and which don’t require the need for Ayehu’s involvement. We strongly recommend completing these courses to better understand how the Activity Designer works, and to learn about the two code components each activity has.

Let’s look at the example below where we can see the AYH file, which is an export of the activity created by the Activity Designer’s built-in Export functionality. The other two files are the JSON, which is the frond-end code for the activity that drives its look and feel in the UI, and the CS, which is the back-end code of the activity. This file can not only be CS but also VB and Python as all those are currently supported languages for the back-end code of any activity.

To use this specific activity, I can either use the AYH file or copy-paste the code files. Let me show you how it works by opening Ayehu NG and going to the Activity Designer tool.

First, I’ll choose to Import from the Activity Designer.

I’ll browse and select to import the AYH file we just looked at.

After importing the FreshDesk Create Ticket activity, I can view its code:

All that’s left to do is click the Enabled checkbox in the upper right and then save the activity:

Next, we’ll navigate to the Workflow Designer, start a new workflow, and bring in the FreshDesk Create Ticket as our first activity:

This activity can now be configured just like any of Ayehu’s other activities:

Alternatively, instead of importing we could have also just copied the FreshDesk Create Ticket activity code from GitHub, and pasted it directly into the Activity Designer.

The custom-workflows repository works in a similar fashion. Just select one of the workflows there, download it, then go back to NG and navigate to Workflow Designer -> Open Workflow -> Import From File, and select the workflow you just downloaded.

How simple it is to give back to the community

As previously mentioned, one of GitHub’s most valuable and important features is community collaboration. That’s a mechanism for enabling everyone to benefit from each other while contributing knowledge and cooperating to advance IT Automation forward.

Let’s say you worked on improving one of the existing activities on GitHub to allow additional inputs, or you created a completely new activity. You can easily share your accomplishment with others by clicking on Add File->Upload files.

First though, you must export your activity from the Activity Designer by clicking the export icon in the upper right. You should also copy code for both the JSON and the backend into appropriately-named files, then upload these 3 files along with a short README file explaining what the activity does so that anyone on GitHub can easily understand what it’s supposed to do.

An AYH file will be the easiest way for someone to import your activity. Uploading code files is also important though as it gives visibility into the code, as well as an option to track changes without importing each one of the activities into Ayehu NG.

Once all these files are in a folder, clicking Add File->Upload files on GitHub creates a Pull Request by creating a new branch. Each repository can have one or more branches, which is essentially a unique set of code changes with a unique name. These Pull Requests are then reviewed by our team. As long as everything meets a few basic requirements (further explained below), your work will be published and you will become a Collaborator. This basically means from that point on, you can push code freely to that specific repository.

As you might expect, workflows can also be shared in almost the exact same manner. Just go to the Workflow Designer, open up one of your workflows, then click on Export. This will generate an XML file which can be uploaded to GitHub by simply clicking Add File->Upload Files, and creating a new branch, exactly as we did with custom-activities.

What are the official requirements to create a Pull Request?

Each of the custom repositories has their own Contributing guidelines but are conceptually the same. The guidelines for custom-activities are shown below.

If you’re ready to join a growing community in a thriving field, and you don’t already have an account on GitHub, sign up today. It’s quick, usually taking no more than a few moments. You can also access Ayehu’s GitHub community by clicking here.