This is probably more of a feature request, but I can’t believe it’s not already there…
I just noticed that when I delete a script, it also deletes all the runs of that script from the script history in the Asset. Is there anywhere else this history can be accessed, or is the evidence that a script was run on an Asset simply gone?
I know others have suggested adding an Alert or writing to a Custom Field to track scripts, but I’m thinking more about a malicious script run by a disgruntled employee or hacker, who aren’t likely to be kind enough to add a tracking line to their scripts. Surely Syncro has some way to track at least the fact that a script was run??!?
I had noticed this too a while back. We brought it to supports attention, for very similar reasons and were told the issue was being raised with development. The Tech seemed to think this was not as intended behavior.
Never did hear back about that, so thanks for the reminder.
Create your own event log and always write a record of your scripts to the event log on the machine. I do this for various reasons and I use lets say event ID 5 for success, 10 for failures, etc.
If a hacker or disgruntled employee is writing a malicious script, I cannot see them recording in the event log of the endpoint that the script ran.
Really surprised like others this isn’t in situ like others have suggested if something malicious happens they aren’t going to write to the event log and then the history’s gone.
Usually when I retire a script, I just prepend it with ZZ_ or something so that it is at the end of the list and just take it out of any categories/favorites, etc.
Decent workaround for those who want to keep the script history when they knowingly delete a script, but it’s not likely that a malicious actor will just “retire” their script rather than delete it to cover their tracks.