Rundeck

Rundeck is a runbook automation for incident management, business continuity, and self-service operations. The integration enables you to install software on a list of machines or perform a task periodically. Can be used when there is a new attack and you want to perform an update of the software to block the attack. This integration was integrated and tested with version 24 of Rundeck.

Configure Rundeck on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Rundeck.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
urlServer URL (e.g., https://soar.monstersofhack.com\)True
tokenAPI KeyTrue
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
project_nameProject NameFalse
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

rundeck-projects-list


Gets all existing projects on the server.

Base Command

rundeck-projects-list

Input

There are no input arguments for this command.

Context Output

PathTypeDescription
Rundeck.Projects.nameStringName of an existing project.
Rundeck.Projects.descriptionStringDescription of an existing project.

Command Example

!rundeck-projects-list

Human Readable Output

Projects List:

NameDescription
DemistoDemisto Test

rundeck-jobs-list


Gets a list of all the jobs that exist in a project.

Base Command

rundeck-jobs-list

Input

Argument NameDescriptionRequired
id_listA comma-separated list of job IDs.Optional
group_pathA group or partial group path to include all jobs within that group path.Optional
job_filterA filter for the job name. Matches any job name that contains this value. For example: To return 'testJob', set this argument to 'test'.Optional
job_exact_filterAn exact job name to match.For example: To return 'testJob', set this argument to 'testJob'.Optional
group_path_exactAn exact group path to match. If not specified, default is: "*".Optional
scheduled_filterWhether to return only scheduled jobs or only unscheduled jobs. Specify "true" for scheduled jobs only, or "false" for unscheduled jobs only.Optional
server_node_uuid_filterA UUID. Used to select scheduled jobs assigned to the server with the given UUID.Optional
max_resultsThe maximum number of results to return. Default is 100.Optional
project_nameThe name of the project from which to list its jobs.Optional

Context Output

PathTypeDescription
Rundeck.Jobs.idStringUUID of the job
Rundeck.Jobs.nameStringName of the job.
Rundeck.Jobs.groupStringGroup of the job.
Rundeck.Jobs.projectStringProject of the job.

Command Example

!rundeck-jobs-list scheduled_filter=false id_list={first_id},{second_id}

Human Readable Output

Jobs List:

IdSchedule EnabledScheduledEnabledGroupDescriptionProjectName
123truefalsetruejust a sample jobCortex XSOARArseny\'s Job

rundeck-job-execute


Executes a new job.

Base Command

rundeck-job-execute

Input

Argument NameDescriptionRequired
job_idID of the job to executeRequired
arg_stringExecution arguments for the selected job. For example: -opt1 value1 -opt2 value2Optional
log_levelThe log level. Possible values are: "DEBUG", "VERBOSE", "INFO", "WARN", and "ERROR".Optional
as_userThe name of the user who ran the job.Optional
node_filterNode filter string, or .* for all nodes.

Examples:
To select a specific node by its name:
nodeName1 nodeName2

To filter nodes by attribute value:
Include: attribute: value
Exclude: !attribute: value

To use regular expressions:
Hostname: dev(\d+).com

To use Regex syntax checking:
attribute: /regex/

For more information, see: https://docs.rundeck.com/docs/api/rundeck-api.html#using-node-filters
Optional
run_at_timeThe time to run the job. Possible values are: "1 hour", "1 day", and "1 week".
You can pass either the run_at_time_raw argument, the run_at_time argument, or neither argument.
When passing both the run_at_time_raw and run_at_time arguments, the default is the run_at_time argument.
Optional
optionsOptions for running the job.
For example, if you have the 'foo' and 'bar' options set for a job, you can pass values to them using the syntax: 'foo=someValue,bar=someValue'
Optional
run_at_time_rawA time to run the job in an ISO-8601 date and timestamp with the timezone. You can also optionally include milliseconds. For example, 2019-10-12T12:20:55-0800 or 2019-10-12T12:20:55.123-0800.

You can pass either the run_at_time_raw argument, the run_at_time argument, or neither argument.
When passing both the run_at_time_raw and run_at_time arguments, the default is the run_at_time argument.
Optional

Context Output

PathTypeDescription
Rundeck.ExecutedJobs.idNumberThe ID of the execution.
Rundeck.ExecutedJobs.statusStringThe status of the executed job.
Rundeck.ExecutedJobs.projectStringThe project name of the executed job.
Rundeck.ExecutedJobs.executionTypeStringThe type of execution
Rundeck.ExecutedJobs.userStringThe user who executed the job.
Rundeck.ExecutedJobs.datestarted.unixtimeNumberThe date of the job execution in Unix time.
Rundeck.ExecutedJobs.datestarted.dateDateThe date of the job execution.
Rundeck.ExecutedJobs.job.idStringThe ID of the executed job.
Rundeck.ExecutedJobs.job.averageDurationNumberThe average time for the job's execution.
Rundeck.ExecutedJobs.job.nameStringThe name of the job.
Rundeck.ExecutedJobs.job.groupStringThe job's group.
Rundeck.ExecutedJobs.job.projectStringThe project name of the executed job.
Rundeck.ExecutedJobs.job.descriptionStringA description of the executed job.
Rundeck.ExecutedJobs.job.optionsStringThe options for the job's execution.
Rundeck.ExecutedJobs.descriptionStringA description for the execution.
Rundeck.ExecutedJobs.argstringStringThe arguments for the job's execution.

Command Example

!rundeck-job-execute job_id={job_id} arg_string="-arg1 value1" as_user=galb log_level=ERROR

Human Readable Output

Execute Job:

IdStatusProjectExecution TypeUserDatestartedJobDescriptionArgstring
194runningDemistouserGalbunixtime: 123 date: 123id: 123 averageDuration: 463 name: Test Job group: project: Demisto description: just a sample job options: {"foo": "0"}123-foo 0

rundeck-job-retry


Retry running a failed execution

Base Command

rundeck-job-retry

Input

Argument NameDescriptionRequired
arg_stringExecution arguments for the selected job. For example: -opt1 value1 -opt2 value2Optional
execution_idID of the execution you want to retry execute.Required
log_levelThe log level. Possible values are: "DEBUG", "VERBOSE", "INFO", "WARN", and "ERROR".Optional
as_userThe name of the user who ran the job.Optional
failed_nodesWhether to run all nodes or only failed notes. Specify "true" to run all nodes, or "false" to run only failed nodes.Optional
optionsOptions for running the job. For example: 'foo=someValue,bar=someValue'.Optional
job_idThe ID of the job to execute.Required

Context Output

PathTypeDescription
Rundeck.ExecutedJobs.idNumberThe ID of the execution.
Rundeck.ExecutedJobs.statusStringThe status of the executed job.
Rundeck.ExecutedJobs.projectStringThe project name of the executed job.
Rundeck.ExecutedJobs.executionTypeStringThe type of execution
Rundeck.ExecutedJobs.userStringThe user who executed the job.
Rundeck.ExecutedJobs.datestarted.unixtimeNumberThe date of the job execution in Unix time.
Rundeck.ExecutedJobs.datestarted.dateDateThe date of the job execution.
Rundeck.ExecutedJobs.job.idStringThe ID of the executed job.
Rundeck.ExecutedJobs.job.averageDurationNumberThe average time for the job's execution.
Rundeck.ExecutedJobs.job.nameStringThe name of the job.
Rundeck.ExecutedJobs.job.groupStringThe job's group.
Rundeck.ExecutedJobs.job.projectStringThe project name of the executed job.
Rundeck.ExecutedJobs.job.descriptionStringA description of the executed job.
Rundeck.ExecutedJobs.job.optionsStringThe options for the job's execution.
Rundeck.ExecutedJobs.descriptionStringA description for the execution.
Rundeck.ExecutedJobs.argstringStringThe arguments for the job's execution.

Command Example

!rundeck-job-retry execution_id=122 job_id={job_id}

Human Readable Output

Execute Job:

IdStatusProjectExecution TypeUserDatestartedJobDescriptionArgstring
194runningDemistouserGalbunixtime: 123 date: 123id: 123 averageDuration: 463 name: Test Job group: project: Demisto description: just a sample job options: {"foo": "0"}123-foo 0

rundeck-job-executions-query


Gets all executions based on the job or execution details.

Base Command

rundeck-job-executions-query

Input

Argument NameDescriptionRequired
project_nameName of the project to query its executions.Optional
status_filterStatus of the execution. Possible values are: "running", "succeeded", "failed", and "aborted".Optional
aborted_by_filterName of the person who aborted the execution.Optional
user_filterName of the person who stated the execution.Optional
recent_filterA number and value used to filter executions that completed within the time period. The format is 'XY', where 'X' is a number and 'Y' can be: h - hour, d - day, w - week, m - month, y - year.
Example: 2w returns executions that completed within the last two weeks.
Optional
older_filterA number and value used to filter executions that completed after the specified period of time. The format is 'XY', where 'X' is a number and 'Y' can be: h - hour, d - day, w - week, m - month, y - year.
Example: 30d returns executions older than 30 days.
Optional
beginExact date for the earliest execution completion time.Optional
endExact date for the latest execution completion time.Optional
adhocWhether to return Adhoc executions. Specify "true" to include Adhoc executions.Optional
job_id_list_filterA comma-separated list of job IDs to filter by.Optional
exclude_job_id_list_filterA comma-separated list of job IDs to exclude.Optional
job_list_filterA comma-separated list of full job groups/names to include.Optional
exclude_job_list_filterA comma-separated list of full job groups/names to exclude.Optional
group_pathFull or partial group path to include all jobs within that group path.Optional
group_path_exactFull group path to include all jobs within that group path.Optional
exclude_group_pathFull or partial group path to exclude all jobs within that group path.Optional
exclude_group_path_exactFull group path to exclude all jobs within that group path.Optional
job_filterFilter for a job name. Include any job name that matches this value.
For example: To return 'testJob', set this argument to 'test'.
Optional
exclude_job_filterFilter for the job Name. Exclude any job name that matches this value.
For example: To exclude 'testJob', set this argument to 'test'.
Optional
job_exact_filterFilter for an exact job name. Include any job name that matches this value.
For example: To return 'testJob', set this argument to 'testJob'.
Optional
exclude_job_exact_filterFilter for an exact job name. Exclude any job name that matches this value.
For example: To exclude 'testJob', set this argument to 'testJob'.
Optional
execution_type_filterType of execution. Possible values are: "scheduled", "user", "user-scheduled"Optional
max_resultsThe maximum number of results to return. Default is 100.Optional
offsetThe offset for first result to include.Optional

Context Output

PathTypeDescription
Rundeck.ExecutionsQuery.paging.countNumberThe number of results
Rundeck.ExecutionsQuery.paging.totalNumberThe number of total executions
Rundeck.ExecutionsQuery.paging.offsetNumberThe number of the offset for first result to include.
Rundeck.ExecutionsQuery.paging.maxNumberThe maximum number of results to return.
Rundeck.ExecutionsQuery.executions.idNumberThe ID of the execution.
Rundeck.ExecutionsQuery.executions.statusStringThe status of the execution.
Rundeck.ExecutionsQuery.executions.projectStringThe project name of the execution.
Rundeck.ExecutionsQuery.executions.executionTypeStringThe type of the execution
Rundeck.ExecutionsQuery.executions.userStringThe name of the person executing the job.
Rundeck.ExecutionsQuery.executions.datestarted.unixtimeNumberThe date of the job execution in Unix time.
Rundeck.ExecutionsQuery.executions.datestarted.dateDateThe date of the job execution.
Rundeck.ExecutionsQuery.executions.dateended.unixtimeUnknownThe date of the end of job execution in Unix time.
Rundeck.ExecutionsQuery.executions.dateend.timeDateThe date of the end of job execution.
Rundeck.ExecutionsQuery.executions.job.idStringThe ID of the executed job.
Rundeck.ExecutionsQuery.executions.job.averageDurationNumberThe average time for the job's execution
Rundeck.ExecutionsQuery.executions.job.nameStringThe name of the job.
Rundeck.ExecutionsQuery.executions.job.groupStringThe job's group.
Rundeck.ExecutionsQuery.executions.job.projectStringThe project name of the executed job.
Rundeck.ExecutionsQuery.executions.job.descriptionStringA description of the job.
Rundeck.ExecutionsQuery.executions.job.optionsStringThe options for the job's execution.
Rundeck.ExecutionsQuery.executions.descriptionStringA description of the execution.
Rundeck.ExecutionsQuery.executions.argstringStringThe arguments for the job's execution.
Rundeck.ExecutionsQuery.executions.failedNodesStringA list of the failed nodes
Rundeck.ExecutionsQuery.paging.totalNumberIndicates the total results that were returned from the API.
Rundeck.ExecutionsQuery.paging.offsetNumberIndicates the 0 indexed offset for the first result to return.
Rundeck.ExecutionsQuery.paging.maxNumberIndicates the maximum number of results to return. If unspecified, all results are returned.
Rundeck.ExecutionsQuery.paging.countNumberIndicates the number of results that were actually returned, after filter them using the 'offest' and 'max' parameters.

Command Example

!rundeck-job-executions-query adhoc=false max_results=3 project_name=Demisto user_filter=galb status_filter=failed

Human Readable Output

Job Execution Query - got total results: 2

IdStatusProjectExecution TypeUserDatestartedDateendedJobDescriptionArgstringFailed Nodes
195failedDemistouserGalbunixtime: 123 date: 123unixtime: 123 date: 123id: 123 averageDuration: 463 name: Test Job group: project: Demisto description: just a sample job options: {"foo": "0"}123-foo 0localhost

rundeck-job-execution-output


Gets the metadata associated with the workflow step state.

Base Command

rundeck-job-execution-output

Input

Argument NameDescriptionRequired
execution_idThe ID of the executionRequired
return_full_outputDefines how to return the output. If 'true', the output is saved in a returned file and not in Cortex XSOAR context.
If 'false', the number of outputs is limited to 100 and the returned data is saved in context.
Default is 'false'.
Optional
max_resultsThe maximum number of results to return. Default is 100.Optional
aggregate_logWhether all of type 'log' are saved in Cortex XSOAR context under 'listEntry' in ExecutionsOutput under the execution you selected to run this command.Optional

Context Output

PathTypeDescription
Rundeck.ExecutionsOutput.idNumberID of the execution.
Rundeck.ExecutionsOutput.offsetStringByte offset to read from in the file. 0 indicates the beginning.
Rundeck.ExecutionsOutput.completedBooleanWhether to include all the available data."true" if the current log entries or request parameters include all of the available data. Otherwise, "false".
Rundeck.ExecutionsOutput.execCompletedBooleanWhether the execution finished.
Rundeck.ExecutionsOutput.hasFailedNodesBooleanWhether there are nodes that failed.
Rundeck.ExecutionsOutput.execStateStringThe execution state. Possible values are: "running", "succeeded", "failed", or "aborted".
Rundeck.ExecutionsOutput.lastModifiedStringThe timestamp of the last modification of the log file in milliseconds.
Rundeck.ExecutionsOutput.execDurationNumberThe duration of the execution in milliseconds.
Rundeck.ExecutionsOutput.percentLoadedNumberThe percentage of the output that was loaded by the parameters.
Rundeck.ExecutionsOutput.totalSizeNumberThe total bytes available in the output file.
Rundeck.ExecutionsOutput.retryBackoffNumberThe maximum number of times to retry an execution when the job is directly invoked.
Rundeck.ExecutionsOutput.clusterExecBooleanWhether there was a cluster execution.
Rundeck.ExecutionsOutput.compactedBooleanWhether a compacted form was requested and is used in the response.
Rundeck.ExecutionsOutput.entries.nodeStringThe name of the node.
Rundeck.ExecutionsOutput.entries.userStringThe name of the user who performed the execution.
Rundeck.ExecutionsOutput.entries.timeStringThe time of the output.
Rundeck.ExecutionsOutput.entries.levelStringThe log level
Rundeck.ExecutionsOutput.entries.typeStringThe output type
Rundeck.ExecutionsOutput.entries.absolutetimeDateThe absolute time of the output in the format "yyyy-MM-dd'T'HH:mm:ssZ".
Rundeck.ExecutionsOutput.entries.logStringThe log message.

Command Example

!rundeck-job-execution-output execution_id=118 aggregate_log=true

Human Readable Output

Job Execution Output:

IdOffsetCompletedExec CompletedHas Failed NodesExec StateLast ModifiedExec DurationPercent LoadedTotal SizeRetry BackoffCluster ExecCompactedEntries
693732truetruetruefailed1232371237380falsefalse{'node': 'localhost', 'step': '1', 'stepctx': '1', 'user': 'admin', 'time': '10:54:52', 'level': 'NORMAL', 'type': 'stepbegin', 'absolute_time': '123', 'log': ''}

Job Execution Entries View:

LogNodeStepStepctxUserTimeLevelTypeAbsolute TimeLog
localhost11admin10:54:52NORMALstepbegin

rundeck-job-execution-abort


Aborts an active execution.

Base Command

rundeck-job-execution-abort

Input

Argument NameDescriptionRequired
execution_idThe ID of the execution you want to abort.Required

Context Output

PathTypeDescription
Rundeck.Aborted.abort.statusStringThe status of the abort process. Possible values are: "pending", "failed", or "aborted".
Rundeck.Aborted.abort.reasonStringThe reason for the abort status.
Rundeck.Aborted.execution.idStringThe ID of the aborted execution.
Rundeck.Aborted.execution.statusStringThe status of the execution.

Command Example

!rundeck-job-execution-abort execution_id=65

Human Readable Output

Job Execution Abort:

AbortExecution
status: failed reason: Job is not runningid: 69 status: failed

rundeck-adhoc-command-run


Executes shell commands in nodes.

Base Command

rundeck-adhoc-command-run

Input

Argument NameDescriptionRequired
project_nameThe name of the project in which to execute the commandOptional
exec_commandShell command to run. For example "echo hello".Required
node_thread_countThe threadcount to use.Optional
node_keepgoingWhether to continue executing on other nodes after a failure.Optional
as_userThe name of the user who ran the command.Optional
node_filterNode filter string, or .* for all nodes.

Examples:
To select a specific node by its name:
nodeName1 nodeName2

To filter nodes by attribute value:
Include: attribute: value
Exclude: !attribute: value

To use regular expressions:
Hostname: dev(\d+).com

To use Regex syntax checking:
attribute: /regex/

For more information, see: https://docs.rundeck.com/docs/api/rundeck-api.html#using-node-filters
Optional

Context Output

PathTypeDescription
Rundeck.ExecuteCommand.messageStringA message regarding the execution progress.
Rundeck.ExecuteCommand.execution.idStringThe execution ID.

Command Example

!rundeck-adhoc-command-run exec_command="echo hello" as_user=adhocTest project_name=Demisto node_keepgoing=true

Human Readable Output

Adhoc Run:

MessageExecution
Immediate execution scheduled (196)id: 196

rundeck-adhoc-script-run


Runs a script from file.

Base Command

rundeck-adhoc-script-run

Input

Argument NameDescriptionRequired
entry_idCortex XSOAR ID of the uploaded script file.Required
project_nameThe name of the project in which to execute the script.Optional
arg_stringThe arguments to pass to the script when executed.Optional
node_thread_countThe threadcount to use.Optional
node_keepgoingWhether to continue executing on other nodes after a failure.Optional
as_userThe name of the user who ran the script.Optional
node_filterNode filter string, or .* for all nodes.

Examples:
To select a specific node by its name:
nodeName1 nodeName2

To filter nodes by attribute value:
Include: attribute: value
Exclude: !attribute: value

To use regular expressions:
Hostname: dev(\d+).com

To use Regex syntax checking:
attribute: /regex/

For more information, see: https://docs.rundeck.com/docs/api/rundeck-api.html#using-node-filters
Optional
script_interpreterCommand to use to run the script fileOptional
interpreter_args_quotedWhether the script file and arguments will be quoted as the last argument to the script_interpreter.Optional
file_extensionExtension of the script file,Optional

Context Output

PathTypeDescription
Rundeck.ExecuteScriptFile.messageStringA message regarding the execution progress.
Rundeck.ExecuteScriptFile.execution.idStringThe execution ID.

Command Example

!rundeck-adhoc-script-run entry_id=@121 as_user='test'

Human Readable Output

Adhoc Run Script:

MessageExecution
Immediate execution scheduled (196)id: 196

rundeck-adhoc-script-run-from-url


Runs a script downloaded from a URL.

Base Command

rundeck-adhoc-script-run-from-url

Input

Argument NameDescriptionRequired
project_nameThe name of the project from which to execute the script.Optional
script_urlThe URL of the script file.Required
node_thread_countThe threadcount to use.Optional
node_keepgoingWhether to continue executing on other nodes after a failure.Optional
as_userThe name of the user who ran the script file.Optional
node_filterNode filter string, or .* for all nodes.

Examples:
To select a specific node by its name:
nodeName1 nodeName2

To filter nodes by attribute value:
Include: attribute: value
Exclude: !attribute: value

To use regular expressions:
Hostname: dev(\d+).com

To use Regex syntax checking:
attribute: /regex/

For more information, see: https://docs.rundeck.com/docs/api/rundeck-api.html#using-node-filters
Optional
script_interpreterCommand to use to run the script fileOptional
interpreter_args_quoted'true', the script file and arguments will be quoted as the last argument to the script_interpreter. 'false' otherwise.Optional
file_extensionExtension of the script fileOptional
arg_stringArguments to pass to the script when executed.Optional

Context Output

There is no context output for this command.

Command Example

!rundeck-adhoc-script-run-from-url script_url='URL' node_keepgoing=true

Human Readable Output

Adhoc Run Script From Url:

MessageExecution
Immediate execution scheduled (196)id: 196

rundeck-webhooks-list


Gets a list of all existing webhooks

Base Command

rundeck-webhooks-list

Input

Argument NameDescriptionRequired
project_nameThe name of the project for which to get its webhooks.Optional
max_resultsThe maximum number of results to return. Default is 100.Optional

Context Output

PathTypeDescription
Rundeck.Webhooks.idNumberThe ID of the webhook.
Rundeck.Webhooks.uuidStringThe UUID of the webhook.
Rundeck.Webhooks.nameStringThe name of the webhook.
Rundeck.Webhooks.projectStringThe name of the project the webhook relates to.
Rundeck.Webhooks.enabledStringWhether the webhook is enabled.
Rundeck.Webhooks.userStringThe user name of the webhook user.
Rundeck.Webhooks.creatorStringThe user name of the webhook creator.
Rundeck.Webhooks.rolesStringThe roles of the webhooks.
Rundeck.Webhooks.authTokenStringThe auth token of the webhook.
Rundeck.Webhooks.eventPluginStringThe plugin that is being used.
Rundeck.Webhooks.config.jobIdStringThe ID of the job related to the webhook.

Command Example

!rundeck-webhooks-list project_name="TEST"

Human Readable Output

Webhooks List:

IdUuidNameProjectEnabledUserCreatorRolesAuth TokenEvent PluginConfig
1123Test hookDemistotrueadminadmin123123webhook-run-jobjobId: 123 argString: 123

rundeck-webhook-event-send


Send webhook event

Base Command

rundeck-webhook-event-send

Input

Argument NameDescriptionRequired
auth_tokenThe auth token of the webhook.Required
optionsData you want to post to the webhook endpoint. For example: 'op1=val1,op2=val2'.
You can pass either the 'options' or 'json' argument.
Optional
jsonJSON you want to post to the webhook endpoint.
You can pass either the 'options' or 'json' argument.
Optional

Context Output

PathTypeDescription
Rundeck.WebhookEvent.jobIdStringThe ID of the executed job.
Rundeck.WebhookEvent.executionIdStringThe ID of the execution.

Command Example

!rundeck-webhook-event-send json={"test":1} auth_token={auth_id}

Human Readable Output

Webhook event send:

Job IdExecution Id
123199