Create a Workflow
• 5 min to read •
Syxsense Cortex is a powerful and intuitive automation framework that allows you to create custom task sequences within the Syxsense console. Most of the prebuilt tasks available within the Syxsense Console can be deployed out as Cortex workflows.
Syxsense Cortex is currently supported on Windows and Linux endpoints.
When creating Cortex workflows there are a few important best practices to follow. These steps will drastically decrease the opportunity of outages or other unfavorable outcomes:
① Save Often When deploying cortex workflows, remember to save often, to avoid losing work if access to the console is lost.
② Test Often When deploying workflows, test new steps before adding additional steps. This will reduce the complexity of the troubleshooting process.
③ Test Carefully When testing cortex workflows, avoid Run Now against 'All Devices' and instead target either a single endpoint or a test lab environment. It is useful to have a virtualized test environment with target devices that have snapshot points enabled. After a Run Now deployment of a Cortex workflow, roll back the virtual machines to the snapshot before the deployment of the Cortex workflow.
An action can have one or many outcomes, you may link different actions to each outcome.
You can create a Cortex workflow by clicking the corresponding button in the Cortex tab. Templates for all possible actions are placed to the left from the creation field, and you can just drag and drop all the needed ones configuring their custom setting and organizing a required action sequence. Syxsense allows you to modify all action steps in the Properties tab. You can also create custom variables and add them to workflows.
Each step can have just one result. So, if you need the same outcome from different steps, you can clone the outcome field as many times as you need by right-clicking on it.
Cortex Workflows are scheduled to Run Now, via Tasks or as a Publish Policy. Check our guided walk-through below.
Video Tutorials: How to create a workflowVideo Tutorials: How to create a workflow
Watch examples of workflow creation:
Create Event Viewer Workflow Video
Create Patching Workflow Video
How to Stage Patches Video
Create Remediation Workflow Video
Create a RAM usage alert Video
Create a CPU usage alert Video
Run Cortex Workflow in a local time zone Video
Publish Cortex Policy within a Maintenance Window Video
Discovery: Syxsense Cortex Workflow EditorDiscovery: Syxsense Cortex Workflow Editor
 |
From the Syxsense Cortex menu click 'Create' to create a Workflow |
 |
Saves current Workflow |
 |
Cancels last modification |
 |
Settings This is where you enable Advanced Actions. |
 |
Automatically re-arrange the designer. This change cannot be undone. |
 |
Pre-built variables which can be integrated into actions within the Cortex workflow. In addition to the pre-built variables, user generated variables can also be created. For example, if a PowerShell script requires a dynamic variable in order to initialize a configuration, the variable can be called from the Syxsense Cortex variables and introduced into the PowerShell script at runtime. More information can be found at Cortex Variables page. |
 |
All available Actions which can be dragged into the designer. Use drag-and-drop onto the designer page linking actions to the right side of the action. Each action is arranged within a family of actions, such as Reboot actions or Patching actions. Some families of actions are static in nature, and only contain a set number of actions. Other families, such as the Software Management family and Logic family (available as an advanced workflow) are dynamic and will expand or contract as new application deployments or Cortex workflows are added to the Syxsense console. To find out more about all existing actions, check out Actions page. |
Guided walk-through: How to Run a WorkflowGuided walk-through: How to Run a Workflow
| ❶ |
Click You may also click the |
| ❷ | Select a single or multiple devices to run the job on > click 'Run Now'. |
| ❸ |
Click 'Execute all' If a job has a pause configured, the 'Execute All' function allows all devices to run the next action in the Job instead of executing them one by one. |
from within a ready Syxsense Cortex Workflow. 
button from within the Cortex Workflows list.Policies are set to run on a device state basis.
Policies can be applied to any Syxsense Cortex Workflow and can be launched on the set schedules. Check the available options in the table below.
You will need an Admin Account Setup before you start.
| ❶ | Publish Policy | Click 'Publish Policy' from within a Syxsense Cortex Workflow. | |
| ❷ | Name | Add name and description of the task for easier identification. | |
| ❸ |
Trigger |
Daily |
Start run every day at the set time. 'Allow Later Start' setting permits to start run at a time later than initially scheduled, giving additional flexibility. |
| Interval | Run every day / hour / minute / second | ||
| Maintenance window | Run in a specific timeframe during which the task is allowed to occur without causing interruptions or conflicts with other activities | ||
| Network Change | Run when a change in the network is detected, such as a device connecting or disconnecting | ||
| Once | Run once | ||
| User logon | Run when a user logs into a system | ||
| ❹ | Blackout Hours |
Ignore Blackout Hours Run even if the Global Blackout hours are in effect. Device blackout hours will still cause the task to be ignored if true. |
|
|
Fail if Black Hour When enabled, ensures that a policy will fail to run during designated black hours. |
|||
| ❺ | Select Devices | Select which devices to run the Policy on > click 'Save'. | |
After the policy is published, it can be edited. To edit the existing policies go to Cortex - Policies, choose an already created policy from the list and double click it. The 'Edit' button on the toolbar allows you to modify the actions of the policy. After making changes click 'Republish policy and Close' on the toolbar. This policy will be pushed to every single device that is managed in that policy.
Potential reasons why a device might appear in the 'Paused' state in Cortex Workflow.
- The task or policy is assigned to a maintenance window, and the end user is postponing the reboot until the end of the window. However, the device does not reboot at the end of the maintenance window, preventing the workflow from proceeding to the next step.
- The end user independently reboots or shuts down the computer when prompted, causing a disconnection. This unexpected disconnection disrupts the task in progress.
- The devices were rebooted, but they do not immediately reconnect. The workflow continues with subsequent actions, but the server still shows 'Paused' in the console because the devices haven't updated the server.
- Any agent disconnection, not necessarily due to a reboot, prevents devices from sending results of post-reboot actions. 'Paused' becomes the last status update in the console.
- If any processes involved in the workflow crash, it could prevent the devices from completing the workflow successfully.
- The process managing the reboot (PowerOffCMS.exe) is flagged as malicious by endpoint protection software, leading to premature termination and disruption of the workflow.
Last Update: Mar 12, 2024
Copyright ©2024 by Syxsense, Inc. All Rights Reserved