Microsoft SCCM is a systems management software product developed by Microsoft for managing large groups of computers. It provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.
This document provides information about the Microsoft SCCM connector, which facilitates automated interactions, with a Microsoft SCCM server using FortiSOAR™ playbooks. Add the Microsoft SCCM connector as a step in FortiSOAR™ playbooks and perform automated operations, such as pulling a list of software patches and deploying patches on Device Collections.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In CyOPs™, on the Connectors page, select the Microsoft SCCM connector and click Configure to configure the following parameters:
| Parameter | Description |
|---|---|
| Address | IP address of the Microsoft SCCM server to which you will connect and perform the automated operations. |
| Username | Username to access the Microsoft SCCM server. |
| Password | Password to access the Microsoft SCCM server. |
| WinRM Port | WinRM Port on the Microsoft SCCM server. |
| WinRM Protocol | Protocol used for the remote connection, choose between http or https. By default, https is used. |
| Do Not Fail On WinRM command failure | The default behavior is that all operations of the Microsoft SCCM connector fail if the corresponding Powershell command executed returns a non-0 status code. If you want to check the error message and take subsequent actions in the playbook based on the error, set this value to True. In such a case the connector operations do not fail and they return the following JSON response: {‘op_status’: -1, ‘result’: ‘<error message>’}. You can check the status and the result in the subsequent playbook step.By default, this option is set to False. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function | Description | Annotation and Category |
|---|---|---|
| Get All Software Updates | Fetches a list of Software Updates available on the SCCM server. | get_patches Investigation |
| Get All Device Collections | Fetches a list of Device Collections available on the SCCM server. | get_devices Investigation |
| Deploy Patch | Deploys a software patch that you specify on all clients belonging to a device group that you specify. | deploy_patch Remediation |
None.
The JSON output has the following format:
{
‘op_status’: <command exit status>,
‘result’: ‘<json list of all software update objects; or the error message in case of failure>’
}
Following image displays a sample output:
None.
The JSON output has the following format:
{
‘op_status’: <command exit status>,
‘result’: ‘<json list of all device collection objects; or the error message in case of failure>’
}
Following image displays a sample output:
| Parameter | Description |
|---|---|
| Software Patch Name | Name of the software patch that you want to deploy. |
| Device Collection Name | Name of the Device Collections to which you want the patch to be deployed. |
Note: For the deployment to be successful, the patch must have been download on the distribution point.
The JSON output has the following format:
{
‘op_status’: <command exit status>,
‘result’: ‘<json list of all deployment attributes; or the error message in case of failure>’
}
Following image displays a sample output:
The Sample - Microsoft SCCM - 1.0.0 playbook collection comes bundled with the Microsoft SCCM connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Microsoft SCCM connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Microsoft SCCM is a systems management software product developed by Microsoft for managing large groups of computers. It provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.
This document provides information about the Microsoft SCCM connector, which facilitates automated interactions, with a Microsoft SCCM server using FortiSOAR™ playbooks. Add the Microsoft SCCM connector as a step in FortiSOAR™ playbooks and perform automated operations, such as pulling a list of software patches and deploying patches on Device Collections.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In CyOPs™, on the Connectors page, select the Microsoft SCCM connector and click Configure to configure the following parameters:
| Parameter | Description |
|---|---|
| Address | IP address of the Microsoft SCCM server to which you will connect and perform the automated operations. |
| Username | Username to access the Microsoft SCCM server. |
| Password | Password to access the Microsoft SCCM server. |
| WinRM Port | WinRM Port on the Microsoft SCCM server. |
| WinRM Protocol | Protocol used for the remote connection, choose between http or https. By default, https is used. |
| Do Not Fail On WinRM command failure | The default behavior is that all operations of the Microsoft SCCM connector fail if the corresponding Powershell command executed returns a non-0 status code. If you want to check the error message and take subsequent actions in the playbook based on the error, set this value to True. In such a case the connector operations do not fail and they return the following JSON response: {‘op_status’: -1, ‘result’: ‘<error message>’}. You can check the status and the result in the subsequent playbook step.By default, this option is set to False. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function | Description | Annotation and Category |
|---|---|---|
| Get All Software Updates | Fetches a list of Software Updates available on the SCCM server. | get_patches Investigation |
| Get All Device Collections | Fetches a list of Device Collections available on the SCCM server. | get_devices Investigation |
| Deploy Patch | Deploys a software patch that you specify on all clients belonging to a device group that you specify. | deploy_patch Remediation |
None.
The JSON output has the following format:
{
‘op_status’: <command exit status>,
‘result’: ‘<json list of all software update objects; or the error message in case of failure>’
}
Following image displays a sample output:
None.
The JSON output has the following format:
{
‘op_status’: <command exit status>,
‘result’: ‘<json list of all device collection objects; or the error message in case of failure>’
}
Following image displays a sample output:
| Parameter | Description |
|---|---|
| Software Patch Name | Name of the software patch that you want to deploy. |
| Device Collection Name | Name of the Device Collections to which you want the patch to be deployed. |
Note: For the deployment to be successful, the patch must have been download on the distribution point.
The JSON output has the following format:
{
‘op_status’: <command exit status>,
‘result’: ‘<json list of all deployment attributes; or the error message in case of failure>’
}
Following image displays a sample output:
The Sample - Microsoft SCCM - 1.0.0 playbook collection comes bundled with the Microsoft SCCM connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Microsoft SCCM connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.