Creating Enforcement Action Condition Statements
  • 16 Jan 2023
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Creating Enforcement Action Condition Statements

  • Dark
    Light
  • PDF

Use conditional statements to add dynamic input to fields in Enforcement Actions, using values from the assets themselves.

For example, you can open tickets and include information from the asset in the description or summary fields. You can set criteria to assign different tag values to different assets, create calculated custom fields based on values from several fields, create a custom field to assign a numerical rank to vulnerabilities, and much more.

The Configure Action Conditions field appears in every Enforcement Action.

You can resize the condition field by dragging the handle at the lower-right corner.
ConfigureConditionStatementwHandle.png

To create a condition statement

  1. Enter default values for Action form fields. If the condition statement does not apply to a particular asset, the Action uses the value supplied in that field as the default value.

    For example, for a tag Action you need to enter a value in the Tag field. If the asset does not match the condition, the value in the Tag field is used.

  2. Toggle Configure Action Conditions to on.

  3. Constuct a condition statement in the Define the condition text box:

    1. Determine the type of condition statement to use:
      • "All" statements - These statements read over all the assets in the asset pool one-by-one and populates the values fetched from the asset itself into Action form fields.
      • Switch/Case statements - These statements check an asset field (declared in the switch) for multiple criteria (each declared by a case) and uses those values to populate the Action fields.
    2. Determine the Adapter fields whose values you want to work with. Use the Syntax Helper to get the correct field name. Field names must be enclosed in square brackets, [ ]. See Condition Statement Concepts for more about field systax.
    3. Determine the Action form field you want to populate with values from the Adapter fields. Use the Syntax Helper to get the correct field name. Field names must be enclosed in square brackets, [ ]. See Condition Statement Concepts for more about field systax.
    4. Chose the functions and operators necessary to produce the values you want in the Action form field.
    5. Build the condition statement using these fields, functions, and operators according to the type of statement you are using.
  4. Click Validate. Axonius will check that the statement syntax is correct. When the Enforcement Set is run, the condition statement will be used.

Syntax Tips

  • Static string values must be written within quotation marks “ “. For example: ”@gmail.com”. They should not be pasted from other systems.

  • Functions (concat, sum, etc.) must be followed by (values) in parentheses.

  • Operators (starts_with, etc.) must be followed by [values] in square brackets.

NOTE

Enforcement conditions may "split" the Action into multiple Actions, one for each value configured in the condition.

For example, if 100 assets share the same value configured in the condition, those assets will be combined into one run. If the 100 assets all have different values, the Enforcement Set will be run 100 times.

The more values with matches, the more time the run will take to complete.



Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.