Re: [Zabbix-users] How to automatically create host macro by discovery rule for use with discovered items/triggers.

[Shawn B. <sh...@ba...>]

I don't believe there is a way to create marco's with a discovery rule. If
I was to do something like what you are talking about I would create a
template for piece of software that you are concerned about and apply those
templates to the host.  The real issue I see is maintaining those templates
with all the different vulnerable versions. Also be aware that some system
like RHEL patch the vulnerability but don't increment the major or minor
version numbers for that piece of software to maintain compatibility.

Good luck!

On Tue, Aug 24, 2021 at 10:35 PM Shane Corbin <sc...@ew...> wrote:

> Hi Guys,
>
>                 I currently have a template that I created that discovers
> installed software on Windows systems and creates items to monitor it’s
> existence and version.  I have a trigger that alerts me when a version
> number changes, essentially notifying me of updates, and it works quite
> well.  What I want to add to this, is the ability to monitor for vulnerable
> versions of each piece of discovered software.  For example, when the
> discovery rule finds a piece of installed software, it should create
> another trigger that alerts me if a program’s version number is below a
> certain number.  To make this vulnerable version number adjustable I need
> it also to create a macro on the host for each piece of software discovered
> called something like {$PROGRAMNAME_LAST_KNOWN_VULN_VERSION}.  I would have
> it default to something like 999999999 so that my trigger would be in the
> OK state by default, but then if I get a vulnerability notice on a piece of
> software, I can change this macro to the version number of the known
> vulnerable software version, and then my trigger would alert me if any of
> our machines are using a version that is equal to or less than the
> vulnerable version.
>
>
>
>                 Is it possible to create macros by discovery like this?
> Can’t find much documentation on it if it is possible.
>
>
>
> Shane Corbin
>
> Electrical Engineer/IT Administrator
>
> Direct: (217) 893-5526
>
> Office: (217) 892-4322
>
> Call via Teams <callto:sc...@ew...>
>
> Chat via Teams
> <https://teams.microsoft.com/l/chat/0/0?users=sc...@ew...>
>
>
> _______________________________________________
> Zabbix-users mailing list
> Zab...@li...
> https://lists.sourceforge.net/lists/listinfo/zabbix-users
>