Cortex Variables

Built-in Variables

Under the Variables tab you can find a list of pre-built variables which can be integrated into actions within the Cortex workflow.  You can simply drag and drop these variables onto existing actions for easy integration.

Built-In variables return data from every device.

• Inventory Variables

These are device-level variables. These variables relate to the inventory details of devices, providing valuable information that can be utilized in automation tasks. The Inventory Variables can be also implemented anywhere within Cortex, e,g. while executing PowerShell scripts or any other action.

Please, note that certain inventory categories are not available as variables:

• Add Remove Programs
• Cortex Variables
• Customer Support Agreement
• Groups
• Mobile Devices
• Syxsense
• Vulnerabilities

Example

While creating a Cortex Workflow a 'Send Email' or 'Email Approval' action can be added. This allows you to send a customized message to every specified customer from every device that you are managing when you run this workflow.

On the right of a workflow canvas you can choose stored inventory data, like company name, device name, device health info (like the date when the device was last patched), SiteName (to dynamically email the site that the target device is a part of) and drag it to the message.

A DateTime variable would be useful to fetch the current date and time from the agent's local timezone, providing a more localized and contextually relevant timestamp.

Variables can be dragged into the E-mail subject and body fields. Drop-down TitleDrop-down Title

• Workflow Variables

Workflow Variables are user defined variables that are discarded after the workflow is executed. Those variables are never stored anywhere, so you can use the same variable name in any workflow. They can have a default value or the value can be assigned to the variable at the start of every Cortex run.

On the right of a workflow canvas you can create a new variable. Set the variable name, alias, select type. Enable 'Request from User' and Save. Now the variable can be dragged and dropped to any action that supports variables.

When you run the workflow you’re requested to specify the variable value. You can use a different value on every run. Drop-down TitleDrop-down Title

Global Variables

Unlike the Workflow Variables, Global Variables are stored once created and can be read or updated from every other Cortex Workflow or Sequence. Global Variables are used to save detailed execution results of any action or custom values.

You can set the value of a particular variable in one workflow and then use the stored result in the subsequent workflow. This value is recorded regardless of the targeted device count. The value is stored locally on the device where it was recorded and exists beyond the scope of a specific Cortex. You can access the value of this variable during the execution of subsequent cortexes or directly through the Inventory tab of the device.

Global Variables in Cortex may store up to 3 values for each device:

• Output
• ErrorCode
• ReturnCode

Usually we're interested in the Output value, but additional information can also be recorded and used later.

There are 2 ways to create or update a Global Variable:

• Every cortex action has an 'Outcome' field in properties. By default it’s blank, but if you specify a variable name in the field – the action outcome is written to the Output value of the variable. If the variable didn’t exist before – it is created.

Actions like Execute PowerShell script can additionally populate ErrorCode and ReturnCode values.

• Set Variable Value action allows to assign up to 3 values to a new or existing variable: Output, ErrorCode and ReturnCode

Drop-down TitleDrop-down Title

There are 3 ways to read a Global Variable:

• If Variable Inventory action - allows to read the Output value of a variable
• If Variable (Beta) action - allows to read any of the 3 values of a variable: Output, ErrorCode or ReturnCode
• In actions that support variables (Execute PowerShell script, Send Email, etc.) by adding the references:

{%=Variable.MyVariable.ReturnCode%}

{%=Variable.MyVariable%} OR {%=Variable.MyVariable.Ouput%}

{%=Variable.MyVariable.ErrorOutput%}

Example

Workflow1 uses a PowerShell script that is expected to fail on certain devices. To get the detailed failure results the script has lines:

$error1= Get-Error

exit $error1

To store the results to a variable the Execute PowerShell script action has the variable name in the Outcome field: 'executionResult'

Drop-down TitleDrop-down Title

In Workflow2 we have If Variable (beta) action, that is reading the 'executionResult' variable output value. If the Output value is 'failed' – the Send Email action will be executed.

Drop-down TitleDrop-down Title

In the Send Email action we specify all available details for the failure:

{%=Variable.MyVariable.ReturnCode%}

{%=Variable.MyVariable.Ouput%}

{%=Variable.MyVariable.ErrorOutput%}

After Workflow1 is run we can run Workflow2 at any time and still get the results from the variable.

Additional Use Cases

Knowing the status of a device after running a PowerShell script and storing that information in a variable can be incredibly valuable for several reasons:

• Automation and Scripting Efficiency: By storing the device status in a variable, you can use it to make decisions within your PowerShell script, allowing for automated responses based on the outcome of the script's execution.
• Error Handling and Reporting: PowerShell scripts can encounter errors during execution. By capturing the device status in a variable, you can implement effective error handling and reporting mechanisms. This enables you to take appropriate actions or notify administrators when issues arise.
• Conditional Logic: Depending on the device status obtained from the script, you can apply conditional logic within your PowerShell script. This flexibility allows you to execute specific commands or follow distinct pathways.

Knowing the device status after running a PowerShell script and storing it in a variable empowers you with valuable insights and control over your IT infrastructure. It streamlines automation, enhances security, and allows you to make informed decisions, contributing to a more efficient and robust management of your network and devices.