Axonius

This integration is for fetching information about assets in Axonius. This integration was integrated and tested with version 3.9 of Axonius

Configure Axonius on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Axonius.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
ax_urlServer URL (e.g. https://example.net\)True
ax_keyAxonius API KeyTrue
ax_secretAxonius API SecretTrue
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

axonius-get-devices-by-savedquery#


Gather device info by saved query

Base Command#

axonius-get-devices-by-savedquery

Input#

Argument NameDescriptionRequired
saved_query_nameThe name of the devices saved query within Axonius. See https://docs.axonius.com/docs/saved-queries-devicesRequired
max_resultsThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
Axonius.Devices.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Devices.adaptersStringThe specific adapter names with asset information
Axonius.Devices.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Devices.hostnameStringThe hostnames of the assset
Axonius.Devices.nameStringThe names of the asset
Axonius.Devices.last_seenDateLast seen date/time of the asset
Axonius.Devices.network_interfaces_macsStringThe MAC addresses of the asset
Axonius.Devices.network_interfaces_ipsStringThe IP addresses of the asset
Axonius.Devices.os_typeStringThe OS type (Windows, Linux, macOS,...)
Axonius.Devices.labelsStringTags assigned to the asset

Command Example#

!axonius-get-devices-by-savedquery saved_query_name=example_query

Context Example#

{
"Axonius": {
"Devices": {
"adapter_list_length": 5,
"adapters": [
"nexpose_adapter",
"esx_adapter",
"active_directory_adapter",
"solarwinds_orion_adapter",
"crowd_strike_adapter",
"esx_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"esx_adapter"
],
"aggregated_hostname": [
"DC4"
],
"aggregated_last_seen": "2020-09-08T06:44:31+00:00",
"aggregated_name": [
"Windows%20Server%202012%20r2%20dc4.TestDomain.test%20(Avidor)",
"DC4",
"Windows Server 2012 R2",
"Windows Server - 2012 - R2"
],
"aggregated_network_interfaces_ips": [
"x.x.x.x",
],
"aggregated_network_interfaces_mac": [
"00:0C:29:B6:DA:46",
"00:50:56:91:DE:BB",
"00:50:56:91:3A:EC",
"00:50:56:91:33:E2",
"00:50:56:91:21:B3"
],
"aggregated_os_type": [
"Windows"
],
"internal_axon_id": "d530db3cfef6a2220b315d54fa1901b2"
}
}
}

Human Readable Output#

Results#

adapter_list_lengthadaptersaggregated_hostnameaggregated_last_seenaggregated_nameaggregated_network_interfaces_ipsaggregated_network_interfaces_macaggregated_os_typeinternal_axon_id
5nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapter
DC42020-09-08T06:44:31+00:00Windows%20Server%202012%20r2%20dc4.TestDomain.test%20(Avidor),
DC4,
Windows Server 2012 R2,
Windows Server - 2012 - R2
192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.61
00:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3
Windowsd530db3cfef6a2220b315d54fa1901b2

axonius-get-users-by-savedquery#


Gather user info by saved query

Base Command#

axonius-get-users-by-savedquery

Input#

Argument NameDescriptionRequired
saved_query_nameThe name of the users saved query within Axonius. See https://docs.axonius.com/docs/saved-queries-usersRequired
max_resultsThe maximum number of results to return.Optional

Context Output#

PathTypeDescription
Axonius.Users.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Users.adaptersStringThe specific adapter names with asset information
Axonius.Users.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Users.usernameStringUsername of the asset
Axonius.Users.mailStringEmail address of the asset
Axonius.Users.is_adminBooleanIf the asset has admin privileges
Axonius.Users.last_seenDateLast seen date/time of the asset
Axonius.Users.labelsStringTags assigned to the asset

Command Example#

!axonius-get-users-by-savedquery saved_query_name=example_query

Context Example#

{
"Axonius": {
"Users": {
"adapter_list_length": 1,
"adapters": [
"active_directory_adapter"
],
"aggregated_domain": "TestDomain.test",
"aggregated_is_admin": false,
"aggregated_last_seen": "2018-11-01T14:48:59+00:00",
"aggregated_username": "test_ldap_login_user",
"internal_axon_id": "4d5f47f067388e8ffc53b6bbe8a10800"
}
}
}

Human Readable Output#

Results#

adapter_list_lengthadaptersaggregated_domainaggregated_is_adminaggregated_last_seenaggregated_usernameinternal_axon_id
1active_directory_adapterTestDomain.testfalse2018-11-01T14:48:59+00:00test_ldap_login_user4d5f47f067388e8ffc53b6bbe8a10800

axonius-get-users-by-mail#


Gather user info by email address

Base Command#

axonius-get-users-by-mail

Input#

Argument NameDescriptionRequired
valueThe user email address to search for within Axonius.Required
max_resultsThe maximum number of results to return.Optional
fieldsComma separated list of Axonius fields to return.Optional

Context Output#

PathTypeDescription
Axonius.Users.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Users.adaptersStringThe specific adapter names with asset information
Axonius.Users.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Users.usernameStringUsername of the asset
Axonius.Users.mailStringEmail address of the asset
Axonius.Users.is_adminBooleanIf the asset has admin privileges
Axonius.Users.last_seenDateLast seen date/time of the asset
Axonius.Users.labelsStringTags assigned to the asset

Command Example#

!axonius-get-users-by-mail value=Administrator@testdomain.test

Context Example#

{
"Axonius": {
"Users": {
"adapter_list_length": 1,
"adapters": [
"active_directory_adapter"
],
"aggregated_mail": [
"Administrator@testdomain.test"
],
"aggregated_username": [
"Administrator"
],
"internal_axon_id": "a6f0d051a30d401b7f73416fbc90a3cf"
}
}
}

Human Readable Output#

Results#

adapter_list_lengthadaptersaggregated_mailaggregated_usernameinternal_axon_id
1active_directory_adapterAdministrator@testdomain.testAdministratora6f0d051a30d401b7f73416fbc90a3cf

axonius-get-users-by-username#


Gather user info by username

Base Command#

axonius-get-users-by-username

Input#

Argument NameDescriptionRequired
valueThe username to search for within Axonius.Required
max_resultsThe maximum number of results to return.Optional
fieldsComma separated list of Axonius fields to return.Optional

Context Output#

PathTypeDescription
Axonius.Users.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Users.adaptersStringThe specific adapter names with asset information
Axonius.Users.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Users.usernameStringUsername of the asset
Axonius.Users.mailStringEmail address of the asset
Axonius.Users.is_adminBooleanIf the asset has admin privileges
Axonius.Users.last_seenDateLast seen date/time of the asset
Axonius.Users.labelsStringTags assigned to the asset

Command Example#

!axonius-get-users-by-username value=test_ldap_login_user

Context Example#

{
"Axonius": {
"Users": {
"adapter_list_length": 1,
"adapters": [
"active_directory_adapter"
],
"aggregated_username": "test_ldap_login_user",
"internal_axon_id": "4d5f47f067388e8ffc53b6bbe8a10800"
}
}
}

Human Readable Output#

Results#

adapter_list_lengthadaptersaggregated_usernameinternal_axon_id
1active_directory_adaptertest_ldap_login_user4d5f47f067388e8ffc53b6bbe8a10800

axonius-get-devices-by-hostname#


Gather device info by hostname

Base Command#

axonius-get-devices-by-hostname

Input#

Argument NameDescriptionRequired
valueThe hostname to search for within Axonius.Required
max_resultsThe maximum number of results to return.Optional
fieldsComma separated list of Axonius fields to return.Optional

Context Output#

PathTypeDescription
Axonius.Devices.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Devices.adaptersStringThe specific adapter names with asset information
Axonius.Devices.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Devices.hostnameStringThe hostnames of the assset
Axonius.Devices.nameStringThe names of the asset
Axonius.Devices.last_seenDateLast seen date/time of the asset
Axonius.Devices.network_interfaces_macsStringThe MAC addresses of the asset
Axonius.Devices.network_interfaces_ipsStringThe IP addresses of the asset
Axonius.Devices.os_typeStringThe OS type (Windows, Linux, macOS,...)
Axonius.Devices.labelsStringTags assigned to the asset

Command Example#

!axonius-get-devices-by-hostname value=DC4

Context Example#

{
"Axonius": {
"Devices": {
"adapter_list_length": 5,
"adapters": [
"nexpose_adapter",
"esx_adapter",
"active_directory_adapter",
"solarwinds_orion_adapter",
"crowd_strike_adapter",
"esx_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"esx_adapter"
],
"aggregated_hostname": [
"DC4"
],
"aggregated_network_interfaces_ips": [
"x.x.x.x",
],
"aggregated_network_interfaces_mac": [
"00:0C:29:B6:DA:46",
"00:50:56:91:DE:BB",
"00:50:56:91:3A:EC",
"00:50:56:91:33:E2",
"00:50:56:91:21:B3"
],
"aggregated_network_interfaces_subnets": [
"x.x.x.x/24"
],
"internal_axon_id": "d530db3cfef6a2220b315d54fa1901b2"
}
}
}

Human Readable Output#

Results#

adapter_list_lengthadaptersaggregated_hostnameaggregated_network_interfaces_ipsaggregated_network_interfaces_macaggregated_network_interfaces_subnetsinternal_axon_id
5nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapter
DC4192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.61
00:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3
x.x.x.x/24d530db3cfef6a2220b315d54fa1901b2

axonius-get-devices-by-ip#


Gather device info by IP address

Base Command#

axonius-get-devices-by-ip

Input#

Argument NameDescriptionRequired
valueThe IP address to search for within Axonius.Required
max_resultsThe maximum number of results to return.Optional
fieldsComma separated list of Axonius fields to return.Optional

Context Output#

PathTypeDescription
Axonius.Devices.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Devices.adaptersStringThe specific adapter names with asset information
Axonius.Devices.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Devices.hostnameStringThe hostnames of the assset
Axonius.Devices.nameStringThe names of the asset
Axonius.Devices.last_seenDateLast seen date/time of the asset
Axonius.Devices.network_interfaces_macsStringThe MAC addresses of the asset
Axonius.Devices.network_interfaces_ipsStringThe IP addresses of the asset
Axonius.Devices.os_typeStringThe OS type (Windows, Linux, macOS,...)
Axonius.Devices.labelsStringTags assigned to the asset

Command Example#

!axonius-get-devices-by-ip value=192.168.20.17

Context Example#

{
"Axonius": {
"Devices": {
"adapter_list_length": 5,
"adapters": [
"nexpose_adapter",
"esx_adapter",
"active_directory_adapter",
"solarwinds_orion_adapter",
"crowd_strike_adapter",
"esx_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"esx_adapter"
],
"aggregated_hostname": [
"DC4"
],
"aggregated_network_interfaces_ips": [
"x.x.x.x",
],
"aggregated_network_interfaces_mac": [
"00:0C:29:B6:DA:46",
"00:50:56:91:DE:BB",
"00:50:56:91:3A:EC",
"00:50:56:91:33:E2",
"00:50:56:91:21:B3"
],
"aggregated_network_interfaces_subnets": [
"x.x.x.x/24"
],
"internal_axon_id": "d530db3cfef6a2220b315d54fa1901b2"
}
}
}

Human Readable Output#

Results#

adapter_list_lengthadaptersaggregated_hostnameaggregated_network_interfaces_ipsaggregated_network_interfaces_macaggregated_network_interfaces_subnetsinternal_axon_id
5nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapter
DC4192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.61
00:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3
x.x.x.x/24d530db3cfef6a2220b315d54fa1901b2

axonius-get-devices-by-mac#


Gather device info by MAC address

Base Command#

axonius-get-devices-by-mac

Input#

Argument NameDescriptionRequired
valueThe MAC address to search for within Axonius.Required
max_resultsThe maximum number of results to return.Optional
fieldsComma separated list of Axonius fields to return.Optional

Context Output#

PathTypeDescription
Axonius.Devices.adapter_list_lengthNumberThe number of adapters with information about the asset
Axonius.Devices.adaptersStringThe specific adapter names with asset information
Axonius.Devices.internal_axon_idStringThe internal unique Axonius identifier for the asset
Axonius.Devices.hostnameStringThe hostnames of the assset
Axonius.Devices.nameStringThe names of the asset
Axonius.Devices.last_seenDateLast seen date/time of the asset
Axonius.Devices.network_interfaces_macsStringThe MAC addresses of the asset
Axonius.Devices.network_interfaces_ipsStringThe IP addresses of the asset
Axonius.Devices.os_typeStringThe OS type (Windows, Linux, macOS,...)
Axonius.Devices.labelsStringTags assigned to the asset

Command Example#

!axonius-get-devices-by-mac value=00:0C:29:B6:DA:46

Context Example#

{
"Axonius": {
"Devices": {
"adapter_list_length": 5,
"adapters": [
"nexpose_adapter",
"esx_adapter",
"active_directory_adapter",
"solarwinds_orion_adapter",
"crowd_strike_adapter",
"esx_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"crowd_strike_adapter",
"esx_adapter"
],
"aggregated_hostname": [
"DC4"
],
"aggregated_network_interfaces_ips": [
"x.x.x.x",
],
"aggregated_network_interfaces_mac": [
"00:0C:29:B6:DA:46",
"00:50:56:91:DE:BB",
"00:50:56:91:3A:EC",
"00:50:56:91:33:E2",
"00:50:56:91:21:B3"
],
"aggregated_network_interfaces_subnets": [
"x.x.x.x/24"
],
"internal_axon_id": "d530db3cfef6a2220b315d54fa1901b2"
}
}
}

Human Readable Output#

Results#

adapter_list_lengthadaptersaggregated_hostnameaggregated_network_interfaces_ipsaggregated_network_interfaces_macaggregated_network_interfaces_subnetsinternal_axon_id
5nexpose_adapter,
esx_adapter,
active_directory_adapter,
solarwinds_orion_adapter,
crowd_strike_adapter,
esx_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
crowd_strike_adapter,
esx_adapter
DC4192.168.20.17,
192.168.20.58,
fe80::2dba:9118:1fc8:7759,
192.168.20.36,
192.168.20.50,
192.168.20.61
00:0C:29:B6:DA:46,
00:50:56:91:DE:BB,
00:50:56:91:3A:EC,
00:50:56:91:33:E2,
00:50:56:91:21:B3
x.x.x.x/24d530db3cfef6a2220b315d54fa1901b2