Quickstart

Quickstart: Run Your First Workflow

This quickstart helps you to create your first workflow automation within Admyral. The workflow performs a simple URL check using the community version of VirusTotal.

Prerequisites:

Getting Started

You can create your first workflow within less than 10 minutes:

You can also clone the Admyral Quickstart Github Repo (opens in a new tab) to follow along.

Step 0: Verify your Setup

Admyral requires Python 3.12 to be installed. You can check whether you have Python 3.12 installed by running the following:

python --version

Additionally, Docker must be installed and should be running. You can verify that Docker is installed and the Docker daemon is running by executing the following command:

docker ps

Step 1: Installing and Starting Admyral

To install Admyral, simply install the Admyral pip package using your favorite dependency management tool:

pip install admyral
Optionally, specify custom ports for the needed services

Copy the content of .env.example file to a new file called .env:

cp .env.example .env

Open the .env file and adjust the ports as needed.

Source the .env file to load the environment variables:

source .env

To launch Admyral use the following command:

admyral up

You can open the Admyral UI by visiting http://localhost:3000 (opens in a new tab) in your browser. If a custom port was defined using ADMYRAL_WEB_PORT, use the defined port number instead of 3000.

Step 2: Tool and Secret Setup

Now, let's get a VirusTotal API Key. If you don't have a VirusTotal account, sign up here (opens in a new tab) for free. Then, click on your name on the top right, select API Key, and copy your API key.

With Admyral offering a CLI as well as a web UI, you can decide how you'd like to set up your VirusTotal secret.

To create a secret using the CLI, use the following CLI command:

admyral secret set secret_name --value key1=value1 --value key2=value2

For our quickstart, navigate in your terminal to your admyral repository and enter the following but replacing your_copied_virus_total_api_key with your copied API key:

admyral secret set virus_total --value api_key=your_copied_virus_total_api_key

Step 3: Create your workflow

With Admyral, you can decide whether you want to build your workflows with Code or No-Code.

We recommend to setup a Github project for managing your workflows. You can check out our Quickstart Github Repo (opens in a new tab). Feel free to clone it and use it for your setup or simply just get inspired.

Open your project with your favorite IDE and create a new Python file named virus_total_workflow.py for the workflow. Within this newly created file, your new workflow automation is being created using Python code.

Let's start with building your first workflow function. This function has the @workflow decorator and defines the the control flow of our workflow automation.

from admyral.workflow import workflow
from admyral.typings import JsonValue
 
@workflow
def virus_total_workflow(payload: dict[str, JsonValue]):
    # will be completed soon

The workflow function must always have the parameter payload: dict[str, JsonValue] defined. No other parameters for the workflow function are allowed.

The function name virus_total_workflow, also called workflow name, is used as an identifier for your workflow and must be unique across all your workflows.

Additionally, we need the corresponding imports. In this case, it is from admyral.workflow import workflow for the workflow decorator as well as from admyral.actions import virus_total_analyze_url for the integration action. For the latter, we are using the pre-built integration to analyze a URL which takes a URL as a string such as www.example.org and returns a JSON. The return value is the regular return value you'd receive from the VirusTotal Scan URL API (opens in a new tab). With this knowledge, we can now create the workflow using plain Python:

from admyral.workflow import workflow
from admyral.typings import JsonValue
from admyral.actions import virus_total_analyze_url
 
@workflow
def virus_total_workflow(payload: dict[str, JsonValue]):
    virus_total_analyze_url(payload["url"])

To use our previously stored secret for VirusTotal, we add the secret mapping secrets={"TOOL_SECRET": "secret_name"} as the last argument of an integration. In our case, it would look like the following:

from admyral.workflow import workflow
from admyral.typings import JsonValue
from admyral.actions import virus_total_analyze_url
 
@workflow()
def virus_total_workflow(payload: dict[str, JsonValue]):
    virus_total_analyze_url(
        url=payload["url"],
        secrets={"VIRUS_TOTAL_SECRET": "virus_total"}
    )

Performing the access payload["url"] implies that we always expect a JSON body which contains a field called url be sent to the webhook. For example:

{
    "url": "www.example.org"
}

For more information about secrets, please refer to Secrets Management.

Now, we add a trigger and a description (optional) to the workflow automation. Admyral supports event-based triggers (webhook) as well as scheduled triggers. Either has to be imported from admyral.workflow import Webhook for event-based execution or from admyral.workflow import Schedule for a scheduled workflow execution. You can also omit defining a trigger since you can always execute your workflows using manual execution via the CLI (admyral workflow trigger ...) or in the Admyral UI. In this quickstart, we opt to create a webhook:

from admyral.workflow import workflow, Webhook
from admyral.typings import JsonValue
from admyral.actions import virus_total_analyze_url
 
@workflow(
    description="Analyze a URL using VirusTotal",
    triggers=[Webhook()]
)
def virus_total_workflow(payload: dict[str, JsonValue]):
    virus_total_analyze_url(
        url=payload["url"],
        secrets={"VIRUS_TOTAL_SECRET": "virus_total"}
    )

Now, you have created the workflow. The last step is to push the workflow to the Admyral infrastructure. We use the following push command from the CLI to push the workflow:

admyral workflow push workflow_name -f path_to_your_workflow_file.py

If you saved your workflow in workflows/virus_total_workflow.py, the command is:

admyral workflow push virus_total_workflow -f workflows/virus_total_workflow.py

You can open the Admyral UI by visiting http://localhost:3000 (opens in a new tab) in your browser. If a custom port was defined using ADMYRAL_WEB_PORT, use the defined port number instead of 3000. There, you should find the workflow and can inspect the workflow inside the No-Code editor.

Finished!

Step 4: Execute Your Workflow

Upon building our workflow, you can activate and execute your workflow. Again, you have two options for each action: (1) Using the CLI or (2) using the Admyral UI.

Activate the workflow

To activate a workflow type in the CLI:

admyral workflow activate your_workflow_name

As we called the workflow function virus_total_workflow, use the following command:

admyral workflow activate virus_total_workflow

Execute the workflow

Upon activation, the workflow can be executed. The CLI command to trigger a workflow is:

admyral workflow trigger your_workflow_name

So similar to above, the command to use is:

admyral workflow trigger virus_total_workflow --payload '{
    "url": "www.example.org"
}'

Congratulations! You just built your first workflow in Admyral. With this quickstart, you covered the basics of Admyral. Checkout Automation-as-Code to learn more about workflow building in Python.

What now?

You can further explore Admyral in the following ways:

  • Checkout Automation-as-Code for more information about building your workflows in Python
  • Review Custom Actions for building your own actions with Python
  • Enhance the workflow you just created:
    • Add more URL checks using other enrichment tools such as AlienVault OTX
    • Add a Slack integration to share your results within an threat intelligence channel or within your team
    • Add a Jira integration to create a ticket with the findings
    • Add an AI Action to summarize the findings (add API key in env file)
  • Explore other example workflows (opens in a new tab)
  • Join the discussion on Discord (opens in a new tab)
  • Build additional workflows using our other guides (coming soon)