Login
Contents x
"All" Statement Syntax
  • 06 Mar 2023
  • 3 Minutes to read
  • Print
  • Dark
    Light
  • PDF
Contents

"All" Statement Syntax

  • Updated on 06 Mar 2023
  • 3 Minutes to read
  • Print
  • Dark
    Light
  • PDF

All Statement Syntax

This conditional statement (IFTTT) type takes the value from the Adapter field and uses the set_value function to assign a resulting value to the Action field.

IMPORTANT
All values, operators and syntax elements in condition statements are lower case and case sensitive.

Syntax for Device Assets

The basic syntax for device assets is:

device all then form.fieldname set_value [device.adapters_data.adapter_name.field_name]

Where

  • device all - Applies the conditions on all device assets matching the query. This asset type must match the query used in the Enforcement Set.
  • then - On all assets that match the query, then apply this value from the source to the destination.
  • form_fieldname - The destination field in the Action. See Using Syntax Helper below for instructions on how to find the correct field name.
  • set_value - Set the value of form_fieldname to match that of the source field of the Adapter. Functions can be used to determine this value. See Enforcement Action Condition Syntax Table for a complete list of available statement elements and their syntax.
  • [device.adapter_data.adaptername.fieldname] - The source field in the Adapter. The device or user prefix must reflect the type of asset query. This value must be enclosed in brackets. For example, [device.adapter_data.adaptername.fieldname].

More complex statements can be constructed using the many functions and operators available. See Enforcement Action Condition Syntax Table for a complete list of available statement elements, their syntax and usage rules.

Syntax for User Assets

The basic syntax for user assets is:

user all then form.fieldname set_value [user.adapters_data.adapter_name.field_name]

Where

  • user all - Applies the conditions on all user assets matching the query. This asset type must match the query used in the Enforcement Set.
  • then - On all assets that match the query, then apply this value from the Adapter field to the Action form field.
  • form_fieldname - The destination field in the Action. See Using Syntax Helper below for instructions on how to find the correct field name.
  • set_value - Set the value of form_fieldname to match that of the source field of the Adapter. Functions can be used to determine this value. See Enforcement Action Condition Syntax Table for a complete list of available statement elements and their syntax.
  • [user.adapter_data.adaptername.fieldname] - The source field in the Adapter. The device or user prefix must reflect the type of asset query. This value must be enclosed in brackets. For example, [user.adapter_data.adaptername.fieldname]. See Enforcement Action Condition Syntax Table for a complete list of available statement elements and their syntax.

More complex statements can be constructed using the many functions and operators available. See Enforcement Action Condition Syntax Table for a complete list of available statement elements, their syntax and usage rules.

All Statement Examples

These addional functions and operators are used in the following examples:

  • or - Used to define multiple options if one of the source fields is empty. The defined options are applied in order they are written. The first field with a value is used and the rest ignored. If none of the fields have a value, the value in the form itself will be used.
  • concat - Concatenates the specified values. concat supports an unlimited number of string arguments (values and/or fields). The concat operator must be followed by a space and then the parameters within ( ). Field inputs and static strings can be used in any order.
  • sum - Adds the values in the indicated field.

See Enforcement Action Condition Syntax Table for a complete list of available statement elements and their syntax.

The following examples illustrate some ways All Asset condition statements can be used.

  • Example - Use the value from field X for the tag, and if empty, use value from field Y.

    device all then form.tag_name set_value [device.x_adapter.name] or [device.y_adapter.name]

  • Example - Use the value from field X + @gmail.com for the email recipient field value and, if empty, use value from field Y.

    user all then form.emailList set_value concat ([user.adapters_data.active_directory_adapter.hostname], "@gmail.com")

  • Example - Use the value from the last_seen field from the Azure adapter and, if empty, use the value from the last_seen field from the Cisco adapter.

    device all then form.custom_data_value set_value [device.adapters_data.azure_adapter.last_seen] or [device.adapters_data.cisco_meraki_adapter.last_seen]

  • Example - Use the count value (the number of values in field) in the cvss_version field to set the value of the summary custom data field.

    device all then form.field_name set_value sum ([device.adapters_data.tenable_security_center_adapter.software_cves.cvss_vector])

  • Example - Use multiple items with the concat operator.

    device all then form.tag_name set_value concat(“name”, [device.specific_data.data.hostname], “os_type”, [device.specific_data.data.os.type])

What's Next
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout