- 02 Jun 2023
- 4 Minutes to read
Creating Enforcement Action Conditional Statements
- Updated on 02 Jun 2023
- 4 Minutes to read
Use conditional statements (IFTTT) to add dynamic input to fields in Enforcement Actions using values from the assets themselves.
Two types of conditional statements are available for use:
* "All" statements - These statements read over all the assets in the asset pool one by one and populate the values fetched from the asset itself into Action form fields.
* Switch/Case statements - These statements check an asset field (declared in the switch) for multiple criteria (each declared by a case) and use those values to populate the Action fields.
Some examples for the use of conditional statements:
- You can create an Enforcement Set with its main action to create a ticket/incident. In the conditional statement, you can determine how to fill the description or summary fields of the ticket/incident with information from the asset.
- You can create an Enforcement Set with its main action to Add Tag to Assets. In the conditional statement, you can set criteria to assign different tag values to different assets.
- You can create an Enforcement Set with its main action to Add Custom Data to Assets. In the conditional statement, you can create a calculated custom field based on values from several fields, create a custom field to assign a numerical rank to vulnerabilities, and much more.
The Configure Action Conditions toggle appears in every Enforcement Action. Any user with either Add Enforcement or Edit Enforcement permission, or both, can create conditional statements.
You can resize the Define the condition text box by dragging the handle at the lower-right corner.
When creating an Enforcement Set (in the Create Enforcement Set dialog), the first step is to select a Main Action to add to the Enforcement Set. The Action form fields relevant for the selected main action then appear in the Create Enforcement Set dialog.
For example, when creating an Enforcement Set with Main Action - Add Custom Data to Assets, you are required to fill in the Field name and Field value. During a run, when the asset does not match the configured action condition for the field, the field value that you entered is used as the default for the field.
To create a conditional statement
- Fill in values for the Action form fields. These values can be used as the default when the asset does not match the configured action condition.
- Toggle on Configure Action Conditions.
- Construct a conditional statement in the Define the condition text box:
Determine the type of conditional statement to use:
Determine the Adapter fields whose values you want to work with. Use the Syntax Helper to get the correct field name. Field names must be enclosed in square brackets [ ]. To learn more about field syntax, see Conditional Statement Concepts. Note: Adapter Connection Label field is not supported. To learn more about using custom fields in conditional statements, see Custom Data Fields in the Syntax Helper.
Determine the Action form field you want to populate with values from the Adapter fields.
Use Syntax Helper to get the correct field name. To learn more about field syntax, see Conditional Statement Concepts.
Choose the functions and operators necessary to produce the values that you want in the Action form field.
Build the conditional statement using these fields, functions, and operators according to the type of statement you are using.
- Click Validate. Axonius checks that the statement syntax is correct.
- If the syntax is correct, the message "Statement was validated successfully" is displayed in green under the text box.
- If there is a syntax error, a detailed error message is displayed in red under the text box. Fix the error, and repeat this step.
When the Enforcement Set is run, the conditional statement is used.
- Static string values must be written within quotation marks " ". For example: "@gmail.com". They should not be pasted from other systems.
- Make sure that the quotation marks are straight and not curly, as curly ones are not supported.
- Functions and operators must be followed by (values) in parentheses.
- A field name following "switch" does not require square brackets.
Enforcement conditions may "split" the Action into multiple Actions, one for each value configured in the condition.
For example, if 100 assets share the same value configured in the condition, those assets are combined into one run. On the other hand, if the 100 assets all have different values, the Enforcement Set is run 100 times.
More values with matches results in more time for the run to complete.
For more about condition statements:
For more information about working with Enforcement Sets see the following:
Enforcement Center Overview
Using the Enforcement Center Page
Managing Enforcement Sets
Creating Enforcement Sets
Testing an Enforcement Set
Configuring Enforcement Action Conditions
Scheduling Enforcement Set Runs
Running Enforcement Sets
Viewing Enforcement Set Run History
Terminating an Enforcement Set Run
Duplicating Enforcement Sets
Editing and Deleting Enforcement Sets