# Run page

On the Run page you can configure and run Procedures, dig into Procedure output, and review Procedure history for an Operation.

Use the steps below to configure and run an Operation.

1. Filter the list of agents displayed in the Agents field group.

   • From the first drop-down list, select the Platform: All Agents, Windows, Linux, or MacOS.

   

   • From the second drop-down list, select the agent connection status: All Agents or Active Agents.

   

2. Select an optional procedure or a playbook from the Select Procedure or Select Playbook drop-down lists on the Plan tab.

   

   To view procedures grouped by tactics, playbooks, or tags, select the Tree View icon next to the Select Procedure field to display the Add Procedures dialog box -> select the filter to the right of the All filter and select Tactics, Playbooks, or Tags.

   

   As you add procedures and/or a playbook, all the procedures selected (or associated with the playbook) display in the Plan table below the Select Procedure drop-down list.

   

3. Select any Procedure row to display its details to the right of the Plan fields.

   

   From here you can edit the visibility on the Visibility tab, view the procedure details and activity log, upload files, view related tags, and modify the settings. Each procedure will have different settings depending on its particular requirements.

4. Select the blue Run button. Once the Operation begins to run, focus moves to the Execute tab, where you can see the status of your queued Procedures.

5. Once the Procedures have run, select the History tab to view the result.

6. Select a Procedure to see the results on the right side along with the Details and Settings.

   The results include:

   • The time it was run, how long it took to run, the Execution and Operation status.
   • The Detection Categories
   • Agent details
   • Verbose Output

# Integrations event viewer

The integrations event viewer displays JSON formatted results your integrations detected during an operation's run.

The high-level steps to configure an operation to work with your integration are as follows:

1. Install an agent.
2. Navigate to Run page and select your agent.
3. Run the operation.
4. Navigate to the History tab and follow the steps in the section below.

# Using the integrations wizard

Use the steps below to configure the integrations wizard and view detection results attributable to your integrations configured in the BAS module.

1. Navigate to the Run page in the BAS module and select an already-run operation.

2. Select an agent on the History tab for which you'd like to view detection results provided by your integration.

3. Select the Visibility tab and select the Edit icon to make the Data Sources row editable.

4. Select the Add Using Integration Wizard link on the Visibility tab to display the integration wizard.

   

   The integration wizard lets you configure detections by security vendor.

   

5. Select each desired integration tab to set the log viewing time, the detection name, and the data source.

6. Add multiple data sources as desired, review them, and select Save and Close when complete.

   

7. Select an agent to run the plays/procedures.

   BAS allows you to select multiple agents when running them. Single-clicking more than one agent adds them to a group of selected agents. Single-clicking a selected agent will remove only that agent from the selected group.

8. The Visibility tab for that operation will now include results based on that integration's detections in JSON format after the operation runs.

See the Integrations documentaiton section for this module for details on setting up BAS integrations.