Custom Actions in RdpGuard. How to send an e-mail when IP address is blocked/unblocked.
RdpGuard
Intrusion prevention system for your Windows Server
 
Follow:
Share:

Custom Actions in RdpGuard


Custom Actions Overview

The Custom Actions feature enables you to perform one or multiple user defined actions when one of the RdpGuard events occur.

For example, you may configure RdpGuard to send you an e-mail each time the IP address is blocked and/or unblocked.

Events

The following Custom Action Events are supported:
Event Triggered
IP Blocked Each time RdpGuard blocks an IP address
IP Unblocked Each time RdpGuard unblocks an IP address
User Logged In Each time the user logs in
New Version Available Each 24 hours if you are not using the most recent RdpGuard release
Maintenance is about to expire Each 24 hours if your maintenance period ends in less than 30 days
Maintenance Expired Each 24 hours if your maintenance period is over

Custom Actions

The following Custom Actions are supported:

Variables

You may use the following variables in E-mail Subject/Body, HTTP POST Endpoint/Body or as arguments for program execution:

  • %IP% - IP address
  • %USER% - User name
  • %BLOCK_DATE% - Block date
  • %UNBLOCK_DATE% - Unblock date
  • %PROTOCOL% - Protocol (reason)
  • %TOTAL_IP_BLOCKED% - Total IP addresses currently blocked
  • %HOSTNAME% - The host name of the computer where RdpGuard installed
  • %NEW_VERSION_NUMBER% - New version number
  • %NEW_VERSION_LINK% - New version download link
  • %MAINTENANCE_DAYS% - Maintenance days remaining

Supported Custom Actions

Send E-mail

send email settings

Send Email Settings

This custom action allows you to send an e-mail using pre-defined SMTP server

The following configuration fields are available:

SMTP Server - use this drop-down list to specify SMTP server to use for sending e-mails.

You may add/edit SMTP servers using the Add/Edit button next to the drop-down list.

From - specify the sender's email address

To - specify the recipient's email address

Subject - specify message subject, you may use variables described above.

Body - specify message body, you may use variables described above.

Send HTTP Post

http post settings

Send HTTP POST Settings

This custom action performs HTTP POST request to user defined endpoint each time the event occur.

The following configuration fields are available:

Endpoint - specify the endpoint the request will be sent to, you may also specify port after the server name using the colon symbol, for example https://server.com:443/page.aspx

Enable Basic HTTP Authentication - use this option to enable password protected access to the endpoint. Please note that username/password is transmitted in plain form for this kind of authentication, so TLS/SSL connection is recommended if you enable this option.

Username - user name for Basic HTTP Aithentication

Password - password for Basic HTTP Aithentication

POST Body - specify the HTTP POST body you would like to receive on the server side, you may use variables described above.

Execute program

execute program settings

Execute Program Custom Action Settings

This custom action allows you to execute specified program with arguments.

The following configuration fields are available:

Program/script - Specify the program or script to execute

Arguments - Specify program arguments, you may use variables described above.

Report to AbuseIPDB

execute program settings

Report to AbuseIPDB Custom Action Settings

This custom action allows you to report blocked IP address to AbuseIPDB

The following configuration fields are available:

API key - enter your AbuseIPDB API key



To add Custom Action

1. Click Tools, Custom Actions/Notifications

Tools, Custom Actions/Notifications

Click Tools, Custom Actions/Notifications

The Custom Actions dialog will open:

Custom Actions dialog

Custom Actions dialog

2. Click Add (or press Ins)

The Add New Custom Action dialog will open:

Add New Custom Action dialog

Add New Custom Action dialog

3. Select the Event:

4. Select Custom Action

5. Configure Custom Action

6. Click "Add new custom action"



To edit Custom Action

1. Click Tools, Custom Actions/Notifications

Tools, Custom Actions/Notifications

Click Tools, Custom Actions/Notifications

The Custom Actions dialog will open:

Custom Actions dialog

Custom Actions dialog

2. Select Custom Action you would like to edit and click Edit (or press F2)

The Edit Custom Action dialog will open:

Edit Custom Action dialog

Edit Custom Action dialog

3. Edit Custom Action parameters

4. Click "Save changes"

You may also temporarily disable any Custom Action by unchecking corresponding check-box in the table.



To delete Custom Action

1. Click Tools, Custom Actions/Notifications

Tools, Custom Actions/Notifications

Click Tools, Custom Actions/Notifications

The Custom Actions dialog will open:

Delete Custom Action dialog

How to Delete Custom Actions

2. Select custom actions you would like to delete and click Delete (or press Del)

3. Click Save



Custom Action Event Settings

Some custom action events can be configured. For now the User Logged In event supports additional configuration.

By default RdpGuard triggers the User Logged In event for 4624 events from the Security event log only if:

  • Logon Type is 10
  • IP is valid
  • Target User Name is not ANONYMOUS LOGON

Up to the version 7.9.9 RdpGuard also filters out events with local IP addresses, but now this is up to you to exclude addresses you need.

In order to configure User Logged In event settings, please open the Add New Custom Action dialog, choose the User Logged In event and click the configure.. link under the Event drop-down list.

User Logged In event settings link

User Logged In event settings link

The User Logged In Event Exclusions dialog will open:

User Logged In Event Exclusions

The User Logged In Event Exclusions dialog

Here system event ID 4624 exclusions can be configured, please refer to the Exclusion Rules Syntax for more details about the rules syntax.

RdpGuard 9.4.5 Free Trial

RdpGuard protects:

Social Connection
RdpGuard Logo
 
People like RdpGuard!
Our customers say

"This sotware is really great. It's a relief. Because my server is constantly under attack. Thanks RdpGuard" - Joaquim De Sousa Marques

"Nice product. I used to implement something similiar in a low-tech and cumbersome manner via a script called TSBlock (not mine). This makes it much easier and is well worth the pricetag for SMB's." - J. Johnson

"Absolutely amazed at your product. We are a church in the North Dallas area, and I discovered this morning multiple failed logon attempts via our Remote Access Server. A friend suggested your product, so I immediately downloaded the trial. It had a list of about five blocked IP addresses in minutes, and that was enough to lead me to push the BUY button. Over the past 10-15 minutes the list is now about thirty with at least a third being international attempts to break into our system. Thanks for a great product. You may have just saved us much grief." - John Hallford

"Love the software. RDP on our Windows servers is just ridiculous. We would block it in the router but we have lots of old-time customers that would have issues." - Scott Hirsch

"Love the software! Makes it easier than tailoring VB Scripts!!" - Nick Brennan

"It's a great product - really stopping those RDP attackers :-)" - Dave, UK

"First of all: Your application is very (!!!) useful and I like it very much securing my 2012 R2 server. RdpGuard is the best solution, I found on the market and after 10 minutes of testing it I ordered the fully-featured version. :-)" - Carsten Baltes

Our Other Products
FastGlacier
Windows Client for Amazon Glacier - new low-cost storage for data archiving and backup.
Copyright © 2012-2024 NetSDK Software. All rights reserved.  Terms of Use.  Privacy Policy.