Axonius
This integration is for fetching information about assets in Axonius. This integration was integrated and tested with version 3.9 of Axonius
#
Configure Axonius on Cortex XSOAR- Navigate to Settings > Integrations > Servers & Services.
- Search for Axonius.
- Click Add instance to create and configure a new integration instance.
Parameter | Description | Required |
---|---|---|
ax_url | Server URL (e.g. https://example.net\) | True |
ax_key | Axonius API Key | True |
ax_secret | Axonius API Secret | True |
insecure | Trust any certificate (not secure) | False |
proxy | Use system proxy settings | False |
- Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
axonius-get-devices-by-savedqueryGather device info by saved query
#
Base Commandaxonius-get-devices-by-savedquery
#
InputArgument Name | Description | Required |
---|---|---|
saved_query_name | The name of the devices saved query within Axonius. See https://docs.axonius.com/docs/saved-queries-devices | Required |
max_results | The maximum number of results to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Axonius.Devices.adapter_list_length | Number | The number of adapters with information about the asset |
Axonius.Devices.adapters | String | The specific adapter names with asset information |
Axonius.Devices.internal_axon_id | String | The internal unique Axonius identifier for the asset |
Axonius.Devices.hostname | String | The hostnames of the assset |
Axonius.Devices.name | String | The names of the asset |
Axonius.Devices.last_seen | Date | Last seen date/time of the asset |
Axonius.Devices.network_interfaces_macs | String | The MAC addresses of the asset |
Axonius.Devices.network_interfaces_ips | String | The IP addresses of the asset |
Axonius.Devices.os_type | String | The OS type (Windows, Linux, macOS,...) |
Axonius.Devices.labels | String | Tags assigned to the asset |
#
Command Example!axonius-get-devices-by-savedquery saved_query_name=example_query
#
Context Example#
Human Readable Output#
Results
adapter_list_length adapters aggregated_hostname aggregated_last_seen aggregated_name aggregated_network_interfaces_ips aggregated_network_interfaces_mac aggregated_os_type internal_axon_id 5 nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapterDC4 2020-09-08T06:44:31+00:00 Windows%20Server%202012%20r2%20dc4.TestDomain.test%20(Avidor),
DC4,
Windows Server 2012 R2,
Windows Server - 2012 - R2192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.6100:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3Windows d530db3cfef6a2220b315d54fa1901b2
#
axonius-get-users-by-savedqueryGather user info by saved query
#
Base Commandaxonius-get-users-by-savedquery
#
InputArgument Name | Description | Required |
---|---|---|
saved_query_name | The name of the users saved query within Axonius. See https://docs.axonius.com/docs/saved-queries-users | Required |
max_results | The maximum number of results to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Axonius.Users.adapter_list_length | Number | The number of adapters with information about the asset |
Axonius.Users.adapters | String | The specific adapter names with asset information |
Axonius.Users.internal_axon_id | String | The internal unique Axonius identifier for the asset |
Axonius.Users.username | String | Username of the asset |
Axonius.Users.mail | String | Email address of the asset |
Axonius.Users.is_admin | Boolean | If the asset has admin privileges |
Axonius.Users.last_seen | Date | Last seen date/time of the asset |
Axonius.Users.labels | String | Tags assigned to the asset |
#
Command Example!axonius-get-users-by-savedquery saved_query_name=example_query
#
Context Example#
Human Readable Output#
Results
adapter_list_length adapters aggregated_domain aggregated_is_admin aggregated_last_seen aggregated_username internal_axon_id 1 active_directory_adapter TestDomain.test false 2018-11-01T14:48:59+00:00 test_ldap_login_user 4d5f47f067388e8ffc53b6bbe8a10800
#
axonius-get-users-by-mailGather user info by email address
#
Base Commandaxonius-get-users-by-mail
#
InputArgument Name | Description | Required |
---|---|---|
value | The user email address to search for within Axonius. | Required |
max_results | The maximum number of results to return. | Optional |
fields | Comma separated list of Axonius fields to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Axonius.Users.adapter_list_length | Number | The number of adapters with information about the asset |
Axonius.Users.adapters | String | The specific adapter names with asset information |
Axonius.Users.internal_axon_id | String | The internal unique Axonius identifier for the asset |
Axonius.Users.username | String | Username of the asset |
Axonius.Users.mail | String | Email address of the asset |
Axonius.Users.is_admin | Boolean | If the asset has admin privileges |
Axonius.Users.last_seen | Date | Last seen date/time of the asset |
Axonius.Users.labels | String | Tags assigned to the asset |
#
Command Example!axonius-get-users-by-mail value=Administrator@testdomain.test
#
Context Example#
Human Readable Output#
Results
adapter_list_length adapters aggregated_mail aggregated_username internal_axon_id 1 active_directory_adapter Administrator@testdomain.test Administrator a6f0d051a30d401b7f73416fbc90a3cf
#
axonius-get-users-by-usernameGather user info by username
#
Base Commandaxonius-get-users-by-username
#
InputArgument Name | Description | Required |
---|---|---|
value | The username to search for within Axonius. | Required |
max_results | The maximum number of results to return. | Optional |
fields | Comma separated list of Axonius fields to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Axonius.Users.adapter_list_length | Number | The number of adapters with information about the asset |
Axonius.Users.adapters | String | The specific adapter names with asset information |
Axonius.Users.internal_axon_id | String | The internal unique Axonius identifier for the asset |
Axonius.Users.username | String | Username of the asset |
Axonius.Users.mail | String | Email address of the asset |
Axonius.Users.is_admin | Boolean | If the asset has admin privileges |
Axonius.Users.last_seen | Date | Last seen date/time of the asset |
Axonius.Users.labels | String | Tags assigned to the asset |
#
Command Example!axonius-get-users-by-username value=test_ldap_login_user
#
Context Example#
Human Readable Output#
Results
adapter_list_length adapters aggregated_username internal_axon_id 1 active_directory_adapter test_ldap_login_user 4d5f47f067388e8ffc53b6bbe8a10800
#
axonius-get-devices-by-hostnameGather device info by hostname
#
Base Commandaxonius-get-devices-by-hostname
#
InputArgument Name | Description | Required |
---|---|---|
value | The hostname to search for within Axonius. | Required |
max_results | The maximum number of results to return. | Optional |
fields | Comma separated list of Axonius fields to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Axonius.Devices.adapter_list_length | Number | The number of adapters with information about the asset |
Axonius.Devices.adapters | String | The specific adapter names with asset information |
Axonius.Devices.internal_axon_id | String | The internal unique Axonius identifier for the asset |
Axonius.Devices.hostname | String | The hostnames of the assset |
Axonius.Devices.name | String | The names of the asset |
Axonius.Devices.last_seen | Date | Last seen date/time of the asset |
Axonius.Devices.network_interfaces_macs | String | The MAC addresses of the asset |
Axonius.Devices.network_interfaces_ips | String | The IP addresses of the asset |
Axonius.Devices.os_type | String | The OS type (Windows, Linux, macOS,...) |
Axonius.Devices.labels | String | Tags assigned to the asset |
#
Command Example!axonius-get-devices-by-hostname value=DC4
#
Context Example#
Human Readable Output#
Results
adapter_list_length adapters aggregated_hostname aggregated_network_interfaces_ips aggregated_network_interfaces_mac aggregated_network_interfaces_subnets internal_axon_id 5 nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapterDC4 192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.6100:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3x.x.x.x/24 d530db3cfef6a2220b315d54fa1901b2
#
axonius-get-devices-by-ipGather device info by IP address
#
Base Commandaxonius-get-devices-by-ip
#
InputArgument Name | Description | Required |
---|---|---|
value | The IP address to search for within Axonius. | Required |
max_results | The maximum number of results to return. | Optional |
fields | Comma separated list of Axonius fields to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Axonius.Devices.adapter_list_length | Number | The number of adapters with information about the asset |
Axonius.Devices.adapters | String | The specific adapter names with asset information |
Axonius.Devices.internal_axon_id | String | The internal unique Axonius identifier for the asset |
Axonius.Devices.hostname | String | The hostnames of the assset |
Axonius.Devices.name | String | The names of the asset |
Axonius.Devices.last_seen | Date | Last seen date/time of the asset |
Axonius.Devices.network_interfaces_macs | String | The MAC addresses of the asset |
Axonius.Devices.network_interfaces_ips | String | The IP addresses of the asset |
Axonius.Devices.os_type | String | The OS type (Windows, Linux, macOS,...) |
Axonius.Devices.labels | String | Tags assigned to the asset |
#
Command Example!axonius-get-devices-by-ip value=192.168.20.17
#
Context Example#
Human Readable Output#
Results
adapter_list_length adapters aggregated_hostname aggregated_network_interfaces_ips aggregated_network_interfaces_mac aggregated_network_interfaces_subnets internal_axon_id 5 nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapterDC4 192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.6100:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3x.x.x.x/24 d530db3cfef6a2220b315d54fa1901b2
#
axonius-get-devices-by-macGather device info by MAC address
#
Base Commandaxonius-get-devices-by-mac
#
InputArgument Name | Description | Required |
---|---|---|
value | The MAC address to search for within Axonius. | Required |
max_results | The maximum number of results to return. | Optional |
fields | Comma separated list of Axonius fields to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Axonius.Devices.adapter_list_length | Number | The number of adapters with information about the asset |
Axonius.Devices.adapters | String | The specific adapter names with asset information |
Axonius.Devices.internal_axon_id | String | The internal unique Axonius identifier for the asset |
Axonius.Devices.hostname | String | The hostnames of the assset |
Axonius.Devices.name | String | The names of the asset |
Axonius.Devices.last_seen | Date | Last seen date/time of the asset |
Axonius.Devices.network_interfaces_macs | String | The MAC addresses of the asset |
Axonius.Devices.network_interfaces_ips | String | The IP addresses of the asset |
Axonius.Devices.os_type | String | The OS type (Windows, Linux, macOS,...) |
Axonius.Devices.labels | String | Tags assigned to the asset |
#
Command Example!axonius-get-devices-by-mac value=00:0C:29:B6:DA:46
#
Context Example#
Human Readable Output#
Results
adapter_list_length adapters aggregated_hostname aggregated_network_interfaces_ips aggregated_network_interfaces_mac aggregated_network_interfaces_subnets internal_axon_id 5 nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapterDC4 192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.6100:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3x.x.x.x/24 d530db3cfef6a2220b315d54fa1901b2