Axonius

This integration is for fetching information about assets in Axonius. This integration was integrated and tested with version 3.9 of Axonius

Configure Axonius on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Axonius.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
ax_urlServer URL (e.g. https://example.net\)True
ax_keyAxonius API KeyTrue
ax_secretAxonius API SecretTrue
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

axonius-get-devices-by-savedquery


Gather device info by saved query

Base Command

axonius-get-devices-by-savedquery

Input

Argument NameDescriptionRequired
saved_query_nameThe name of the devices saved query within Axonius. See https://docs.axonius.com/docs/saved-queries-devicesRequired
max_resultsThe maximum number of results to return.Optional

Context Output

PathTypeDescription
Axonius.Devices.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Devices.adaptersStringThe specific adapter names with asset information
Axonius.Devices.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Devices.hostnameStringThe hostnames of the assset
Axonius.Devices.nameStringThe names of the asset
Axonius.Devices.last_seenDateLast seen date/time of the asset
Axonius.Devices.network_interfaces_macsStringThe MAC addresses of the asset
Axonius.Devices.network_interfaces_ipsStringThe IP addresses of the asset
Axonius.Devices.os_typeStringThe OS type (Windows, Linux, macOS,...)
Axonius.Devices.labelsStringTags assigned to the asset

Command Example

!axonius-get-devices-by-savedquery saved_query_name=example_query

Context Example

{
"Axonius": {
"Devices": {
"adapter_list_length": 5,
"adapters": [
"nexpose_adapter",
"esx_adapter",
"active_directory_adapter",
"solarwinds_orion_adapter",
"crowd_strike_adapter",
"esx_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"esx_adapter"
],
"aggregated_hostname": [
"DC4"
],
"aggregated_last_seen": "2020-09-08T06:44:31+00:00",
"aggregated_name": [
"Windows%20Server%202012%20r2%20dc4.TestDomain.test%20(Avidor)",
"DC4",
"Windows Server 2012 R2",
"Windows Server - 2012 - R2"
],
"aggregated_network_interfaces_ips": [
"x.x.x.x",
],
"aggregated_network_interfaces_mac": [
"00:0C:29:B6:DA:46",
"00:50:56:91:DE:BB",
"00:50:56:91:3A:EC",
"00:50:56:91:33:E2",
"00:50:56:91:21:B3"
],
"aggregated_os_type": [
"Windows"
],
"internal_axon_id": "d530db3cfef6a2220b315d54fa1901b2"
}
}
}

Human Readable Output

Results

adapter_list_lengthadaptersaggregated_hostnameaggregated_last_seenaggregated_nameaggregated_network_interfaces_ipsaggregated_network_interfaces_macaggregated_os_typeinternal_axon_id
5nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapter
DC42020-09-08T06:44:31+00:00Windows%20Server%202012%20r2%20dc4.TestDomain.test%20(Avidor),
DC4,
Windows Server 2012 R2,
Windows Server - 2012 - R2
192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.61
00:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3
Windowsd530db3cfef6a2220b315d54fa1901b2

axonius-get-users-by-savedquery


Gather user info by saved query

Base Command

axonius-get-users-by-savedquery

Input

Argument NameDescriptionRequired
saved_query_nameThe name of the users saved query within Axonius. See https://docs.axonius.com/docs/saved-queries-usersRequired
max_resultsThe maximum number of results to return.Optional

Context Output

PathTypeDescription
Axonius.Users.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Users.adaptersStringThe specific adapter names with asset information
Axonius.Users.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Users.usernameStringUsername of the asset
Axonius.Users.mailStringEmail address of the asset
Axonius.Users.is_adminBooleanIf the asset has admin privileges
Axonius.Users.last_seenDateLast seen date/time of the asset
Axonius.Users.labelsStringTags assigned to the asset

Command Example

!axonius-get-users-by-savedquery saved_query_name=example_query

Context Example

{
"Axonius": {
"Users": {
"adapter_list_length": 1,
"adapters": [
"active_directory_adapter"
],
"aggregated_domain": "TestDomain.test",
"aggregated_is_admin": false,
"aggregated_last_seen": "2018-11-01T14:48:59+00:00",
"aggregated_username": "test_ldap_login_user",
"internal_axon_id": "4d5f47f067388e8ffc53b6bbe8a10800"
}
}
}

Human Readable Output

Results

adapter_list_lengthadaptersaggregated_domainaggregated_is_adminaggregated_last_seenaggregated_usernameinternal_axon_id
1active_directory_adapterTestDomain.testfalse2018-11-01T14:48:59+00:00test_ldap_login_user4d5f47f067388e8ffc53b6bbe8a10800

axonius-get-users-by-mail


Gather user info by email address

Base Command

axonius-get-users-by-mail

Input

Argument NameDescriptionRequired
valueThe user email address to search for within Axonius.Required
max_resultsThe maximum number of results to return.Optional
fieldsComma separated list of Axonius fields to return.Optional

Context Output

PathTypeDescription
Axonius.Users.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Users.adaptersStringThe specific adapter names with asset information
Axonius.Users.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Users.usernameStringUsername of the asset
Axonius.Users.mailStringEmail address of the asset
Axonius.Users.is_adminBooleanIf the asset has admin privileges
Axonius.Users.last_seenDateLast seen date/time of the asset
Axonius.Users.labelsStringTags assigned to the asset

Command Example

!axonius-get-users-by-mail value=Administrator@testdomain.test

Context Example

{
"Axonius": {
"Users": {
"adapter_list_length": 1,
"adapters": [
"active_directory_adapter"
],
"aggregated_mail": [
"Administrator@testdomain.test"
],
"aggregated_username": [
"Administrator"
],
"internal_axon_id": "a6f0d051a30d401b7f73416fbc90a3cf"
}
}
}

Human Readable Output

Results

adapter_list_lengthadaptersaggregated_mailaggregated_usernameinternal_axon_id
1active_directory_adapterAdministrator@testdomain.testAdministratora6f0d051a30d401b7f73416fbc90a3cf

axonius-get-users-by-username


Gather user info by username

Base Command

axonius-get-users-by-username

Input

Argument NameDescriptionRequired
valueThe username to search for within Axonius.Required
max_resultsThe maximum number of results to return.Optional
fieldsComma separated list of Axonius fields to return.Optional

Context Output

PathTypeDescription
Axonius.Users.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Users.adaptersStringThe specific adapter names with asset information
Axonius.Users.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Users.usernameStringUsername of the asset
Axonius.Users.mailStringEmail address of the asset
Axonius.Users.is_adminBooleanIf the asset has admin privileges
Axonius.Users.last_seenDateLast seen date/time of the asset
Axonius.Users.labelsStringTags assigned to the asset

Command Example

!axonius-get-users-by-username value=test_ldap_login_user

Context Example

{
"Axonius": {
"Users": {
"adapter_list_length": 1,
"adapters": [
"active_directory_adapter"
],
"aggregated_username": "test_ldap_login_user",
"internal_axon_id": "4d5f47f067388e8ffc53b6bbe8a10800"
}
}
}

Human Readable Output

Results

adapter_list_lengthadaptersaggregated_usernameinternal_axon_id
1active_directory_adaptertest_ldap_login_user4d5f47f067388e8ffc53b6bbe8a10800

axonius-get-devices-by-hostname


Gather device info by hostname

Base Command

axonius-get-devices-by-hostname

Input

Argument NameDescriptionRequired
valueThe hostname to search for within Axonius.Required
max_resultsThe maximum number of results to return.Optional
fieldsComma separated list of Axonius fields to return.Optional

Context Output

PathTypeDescription
Axonius.Devices.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Devices.adaptersStringThe specific adapter names with asset information
Axonius.Devices.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Devices.hostnameStringThe hostnames of the assset
Axonius.Devices.nameStringThe names of the asset
Axonius.Devices.last_seenDateLast seen date/time of the asset
Axonius.Devices.network_interfaces_macsStringThe MAC addresses of the asset
Axonius.Devices.network_interfaces_ipsStringThe IP addresses of the asset
Axonius.Devices.os_typeStringThe OS type (Windows, Linux, macOS,...)
Axonius.Devices.labelsStringTags assigned to the asset

Command Example

!axonius-get-devices-by-hostname value=DC4

Context Example

{
"Axonius": {
"Devices": {
"adapter_list_length": 5,
"adapters": [
"nexpose_adapter",
"esx_adapter",
"active_directory_adapter",
"solarwinds_orion_adapter",
"crowd_strike_adapter",
"esx_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"esx_adapter"
],
"aggregated_hostname": [
"DC4"
],
"aggregated_network_interfaces_ips": [
"x.x.x.x",
],
"aggregated_network_interfaces_mac": [
"00:0C:29:B6:DA:46",
"00:50:56:91:DE:BB",
"00:50:56:91:3A:EC",
"00:50:56:91:33:E2",
"00:50:56:91:21:B3"
],
"aggregated_network_interfaces_subnets": [
"x.x.x.x/24"
],
"internal_axon_id": "d530db3cfef6a2220b315d54fa1901b2"
}
}
}

Human Readable Output

Results

adapter_list_lengthadaptersaggregated_hostnameaggregated_network_interfaces_ipsaggregated_network_interfaces_macaggregated_network_interfaces_subnetsinternal_axon_id
5nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapter
DC4192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.61
00:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3
x.x.x.x/24d530db3cfef6a2220b315d54fa1901b2

axonius-get-devices-by-ip


Gather device info by IP address

Base Command

axonius-get-devices-by-ip

Input

Argument NameDescriptionRequired
valueThe IP address to search for within Axonius.Required
max_resultsThe maximum number of results to return.Optional
fieldsComma separated list of Axonius fields to return.Optional

Context Output

PathTypeDescription
Axonius.Devices.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Devices.adaptersStringThe specific adapter names with asset information
Axonius.Devices.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Devices.hostnameStringThe hostnames of the assset
Axonius.Devices.nameStringThe names of the asset
Axonius.Devices.last_seenDateLast seen date/time of the asset
Axonius.Devices.network_interfaces_macsStringThe MAC addresses of the asset
Axonius.Devices.network_interfaces_ipsStringThe IP addresses of the asset
Axonius.Devices.os_typeStringThe OS type (Windows, Linux, macOS,...)
Axonius.Devices.labelsStringTags assigned to the asset

Command Example

!axonius-get-devices-by-ip value=192.168.20.17

Context Example

{
"Axonius": {
"Devices": {
"adapter_list_length": 5,
"adapters": [
"nexpose_adapter",
"esx_adapter",
"active_directory_adapter",
"solarwinds_orion_adapter",
"crowd_strike_adapter",
"esx_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"esx_adapter"
],
"aggregated_hostname": [
"DC4"
],
"aggregated_network_interfaces_ips": [
"x.x.x.x",
],
"aggregated_network_interfaces_mac": [
"00:0C:29:B6:DA:46",
"00:50:56:91:DE:BB",
"00:50:56:91:3A:EC",
"00:50:56:91:33:E2",
"00:50:56:91:21:B3"
],
"aggregated_network_interfaces_subnets": [
"x.x.x.x/24"
],
"internal_axon_id": "d530db3cfef6a2220b315d54fa1901b2"
}
}
}

Human Readable Output

Results

adapter_list_lengthadaptersaggregated_hostnameaggregated_network_interfaces_ipsaggregated_network_interfaces_macaggregated_network_interfaces_subnetsinternal_axon_id
5nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapter
DC4192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.61
00:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3
x.x.x.x/24d530db3cfef6a2220b315d54fa1901b2

axonius-get-devices-by-mac


Gather device info by MAC address

Base Command

axonius-get-devices-by-mac

Input

Argument NameDescriptionRequired
valueThe MAC address to search for within Axonius.Required
max_resultsThe maximum number of results to return.Optional
fieldsComma separated list of Axonius fields to return.Optional

Context Output

PathTypeDescription
Axonius.Devices.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Devices.adaptersStringThe specific adapter names with asset information
Axonius.Devices.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Devices.hostnameStringThe hostnames of the assset
Axonius.Devices.nameStringThe names of the asset
Axonius.Devices.last_seenDateLast seen date/time of the asset
Axonius.Devices.network_interfaces_macsStringThe MAC addresses of the asset
Axonius.Devices.network_interfaces_ipsStringThe IP addresses of the asset
Axonius.Devices.os_typeStringThe OS type (Windows, Linux, macOS,...)
Axonius.Devices.labelsStringTags assigned to the asset

Command Example

!axonius-get-devices-by-mac value=00:0C:29:B6:DA:46

Context Example

{
"Axonius": {
"Devices": {
"adapter_list_length": 5,
"adapters": [
"nexpose_adapter",
"esx_adapter",
"active_directory_adapter",
"solarwinds_orion_adapter",
"crowd_strike_adapter",
"esx_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"esx_adapter"
],
"aggregated_hostname": [
"DC4"
],
"aggregated_network_interfaces_ips": [
"x.x.x.x",
],
"aggregated_network_interfaces_mac": [
"00:0C:29:B6:DA:46",
"00:50:56:91:DE:BB",
"00:50:56:91:3A:EC",
"00:50:56:91:33:E2",
"00:50:56:91:21:B3"
],
"aggregated_network_interfaces_subnets": [
"x.x.x.x/24"
],
"internal_axon_id": "d530db3cfef6a2220b315d54fa1901b2"
}
}
}

Human Readable Output

Results

adapter_list_lengthadaptersaggregated_hostnameaggregated_network_interfaces_ipsaggregated_network_interfaces_macaggregated_network_interfaces_subnetsinternal_axon_id
5nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapter
DC4192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.61
00:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3
x.x.x.x/24d530db3cfef6a2220b315d54fa1901b2