Create a Workflow 

• 5 min to read •

Syxsense Cortex is a powerful and intuitive automation framework that allows you to create custom task sequences within the Syxsense console.  Most of the prebuilt tasks available within the Syxsense Console can be deployed out as Cortex workflows.

Syxsense Cortex is currently supported on Windows and Linux endpoints.

When creating Cortex workflows there are a few important best practices to follow. These steps will drastically decrease the opportunity of outages or other unfavorable outcomes:

① Save Often When deploying cortex workflows, remember to save often, to avoid losing work if access to the console is lost.

② Test Often When deploying workflows, test new steps before adding additional steps. This will reduce the complexity of the troubleshooting process.

③ Test Carefully When testing cortex workflows, avoid Run Now against 'All Devices' and instead target either a single endpoint or a test lab environment. It is useful to have a virtualized test environment with target devices that have snapshot points enabled. After a Run Now deployment of a Cortex workflow, roll back the virtual machines to the snapshot before the deployment of the Cortex workflow.

An action can have one or many outcomes, you may link different actions to each outcome.

You can create a Cortex workflow by clicking the corresponding button in the Cortex tab.  Templates for all possible actions are placed to the left from the creation field, and you can just drag and drop all the needed ones configuring their custom setting and organizing a required action sequence. Syxsense allows you to modify all action steps in the Properties tab. You can also create custom variables and add them to workflows.

Each step can have just one result. So, if you need the same outcome from different steps, you can clone the outcome field as many times as you need by right-clicking on it.

Cortex Workflows are scheduled to Run Now, via Tasks or as a Publish Policy. Check our guided walk-through below.

 

Video Tutorials: How to create a workflowVideo Tutorials: How to create a workflow

Watch examples of workflow creation: 

Create Event Viewer Workflow  Video

Create Patching Workflow   Video

How to Stage Patches  Video

Create Remediation Workflow  Video

Create a RAM usage alert  Video

Create a CPU usage alert  Video

Run Cortex Workflow in a local time zone  Video

Publish Cortex Policy within a Maintenance Window  Video

Discovery: Syxsense Cortex Workflow EditorDiscovery: Syxsense Cortex Workflow Editor

   From the Syxsense Cortex menu click 'Create' to create a Workflow
Saves current Workflow
Cancels last modification

Settings

 This is where you enable Advanced Actions.

 

Automatically re-arrange the designer.

 This change cannot be undone.

 

Pre-built variables which can be integrated into actions within the Cortex workflow. In addition to the pre-built variables, user generated variables can also be created.

For example, if a PowerShell script requires a dynamic variable in order to initialize a configuration, the variable can be called from the Syxsense Cortex variables and introduced into the PowerShell script at runtime.  

More information can be found at Cortex Variables page.

 

All available Actions which can be dragged into the designer.

Use drag-and-drop onto the designer page linking actions to the right side of the action.

Each action is arranged within a family of actions, such as Reboot actions or Patching actions. Some families of actions are static in nature, and only contain a set number of actions. Other families, such as the Software Management family and Logic family (available as an advanced workflow) are dynamic and will expand or contract as new application deployments or Cortex workflows are added to the Syxsense console.

 To find out more about all existing actions, check out Actions page.

Guided walk-through: How to Run a WorkflowGuided walk-through: How to Run a Workflow

Click from within a ready Syxsense Cortex Workflow.  

You may also click the  button from within the Cortex Workflows list.

Select a single or multiple devices to run the job on > click 'Run Now'.

Click 'Execute all'

If a job has a pause configured, the 'Execute All' function allows all devices to run the next action in the Job instead of executing them one by one.

Guided walk-through: How to Publish Syxsense Cortex WorkflowGuided walk-through: How to Publish Syxsense Cortex Workflow

Policies are set to run on a device state basis.  

Policies can be applied to any Syxsense Cortex Workflow and can be launched on the set schedules. Check the available options in the table below.

You will need an Admin Account Setup before you start.

Publish Policy Click 'Publish Policy' from within a Syxsense Cortex Workflow. 
Name Add name and description of the task for easier identification. 

Trigger
 
 

Daily

Start run every day at the set time.

 'Allow Later Start' setting permits to start run at a time later than initially scheduled, giving additional flexibility.

Interval Run every day / hour / minute / second
Maintenance window Run in a specific timeframe during which the task is allowed to occur without causing interruptions or conflicts with other activities
Network Change Run when a change in the network is detected, such as a device connecting or disconnecting
Once Run once
User logon Run when a user logs into a system
Blackout Hours

Ignore Blackout Hours

Run even if the Global Blackout hours are in effect.  Device blackout hours will still cause the task to be ignored if true. 

Fail if Black Hour

When enabled, ensures that a policy will fail to run during designated black hours.

Select Devices Select which devices to run the Policy on > click 'Save'. 

 After the policy is published, it can be edited. To edit the existing policies go to Cortex - Policies, choose an already created policy from the list and double click it. The 'Edit' button on the toolbar allows you to modify the actions of the policy. After making changes click 'Republish policy and Close' on the toolbar. This policy will be pushed to every single device that is managed in that policy.

Potential reasons why a device might appear in the 'Paused' state in Cortex Workflow.

  • The task or policy is assigned to a maintenance window, and the end user is postponing the reboot until the end of the window. However, the device does not reboot at the end of the maintenance window, preventing the workflow from proceeding to the next step.
  • The end user independently reboots or shuts down the computer when prompted, causing a disconnection. This unexpected disconnection disrupts the task in progress.
  • The devices were rebooted, but they do not immediately reconnect. The workflow continues with subsequent actions, but the server still shows 'Paused' in the console because the devices haven't updated the server.
  • Any agent disconnection, not necessarily due to a reboot, prevents devices from sending results of post-reboot actions. 'Paused' becomes the last status update in the console.
  • If any processes involved in the workflow crash, it could prevent the devices from completing the workflow successfully.
  • The process managing the reboot (PowerOffCMS.exe) is flagged as malicious by endpoint protection software, leading to premature termination and disruption of the workflow.

Last Update: July, 2024

Copyright ©2024 by Syxsense, Inc. All Rights Reserved