Search another article?
Main Concept
A package is a box that contains many preconfigured items for a specific vendor or functionality.
Typically a package may contains:
- pattern
- class
- template
- dashboard
- profiles and vendors association
- playbook
In a multitenant environment, a package must be updated tenant by tenant.
Package Installation
You can check the package list to retreive and install pre-configured objects to integrate in you appliance. To install a package you can reach the page from SCM -> Applications -> Packages
Select the package that you need to install and start the process with “Install” button, a popup will appear. To confirm the installation
you need to select the button “Download and Install”
Once downloaded the package, you must associate it with the hosts, to permit the system to automatically associate these hosts to the correct Class, Template, Vendor, and other related objects to permit to parse the log and convert it into events.
Package content preview and filter objects installation
To view the content of the package before the install to Hosts, you can select the button “Customize” near the “Install Button” to view all
the objects inside it. You can also select only objects that you need.
Installation re-run
If you want to associate other hosts after the first package wizard, you can re-run the wizard with the “play” ▶ button near the related
package.
With this options you can: – Add new Host – Configure a different e-mail for all the Rules and Actions – Review the package content with “Customize”)
Package Update
If a new package version is available, a new icon appear under the “play” icon, with double arrows in circle 🔁.
You can review the package content and then update it.
❗ Update Note: please remind that every items in the package may be overwritten (ID of the object as reference) when confirm the updating. This may include name modification, action reset in the LCE Rule or Event Queries actions and so on.
Package removal
To remove a package you can select the “Trash” 🗑 icon then confirm the deletion in the next popup.
Removal Note: Please remind that the removal do not remove the associated active elements, these must be removed manually.
Custom package
In multitenant or multimanagement environment, you can create a custom package. A custom package must be uploaded manually on every tenant and mantain low IDs on the object.
Creation
To create a package you need to go on SCM -> Actions -> Packages
Next you can select elements to include in the package:
- An already present package to start from. This is used mainly to produce official package.
- Multiple elements to include like patterns, class, dashboards, rules, templates, event queries, playbook, profiles and vendors.
- Actions like
- Download package: with this option you can download the newly created package. With this option you must provide a name, short description and optional (but recommended) a logo (square format 1:1, any other aspect ratio will be stretched, no trasparent is recommended to provide theme compatibility). The package will start download in encrypted format
- Export to tenants: option present only with impersonificated user in multitenant environment. This allow to share elements directly in other tenants. Once selected in the next popup you can select the tenants where to share objects.
Note: pay attention to the objects dependencies (eg. dashboard with widget come from Template or EQ), these are not shown in the page during creation, due to flexibility in the creations steps.
New Package Export
This section describes how to use the new version of the page that allows you to export a set of objects in a package, or transfer them to other tenants of a Multi tenant environment.
The main innovation of the new version of the package export page is the ability to show all types of objects together. When you first open the page, you see all existing objects, with a maximum of 1000 displayed. Then, you can filter the list by:
- Package(s): to see all the objects contained in one (or more, combined) package already installed on SGBox.
- Name and description: write any text to see all the objects that contain it, in their name or description.
- Types: to see only objects of certain types (e.g. dashboard, patterns).
- Tags: to see only objects associated with the selected tags.
All filters can be combined, so you can see, for example, all Classes and Patterns named like “Watchguard”. You have to click on the FILTER button to apply the filters.
The FILTER button does not apply to the package selection filter, which works immediately and also pre-selects the objects contained in the package(s). This allows you to edit an existing package, by simply adding new objects or deselecting the ones you want to remove from the package.
Objects can be selected if it has the switch enabled, to include it in the package that will be exported. If an object cannot be selected, it’s just for display; it will be automatically included in the package if related to selected objects. When you select an object, the systems highlights with a check icon all the other objects that are related to the selected one. Those related objects will be included in the package too. without need to be manually selected.
As the related objects may not be visible immediately in the list, the button PREVIEW at the bottom right of the page can be used to show, at any time, all the objects that will be included in the package.
The search icon next to any object that can be selected, allows you to see a preview of all the objects related to the one you clicked, to see what would be included in the package if that object was selected.
Upload on tenant
Once downloaded the package in encrypted format, you can upload it in other tenants by enter in the target tenant and upload it via
SCM -> Applications -> Upload App.
Once uploaded a new Section in the application will appear “Custom”
Update custom package
When update a custom package, the package match the object by the name and/or ID of the object already present in the appliance, so pay attention by renaming objects already exported or recreating it.