Creating Enforcement Action Dynamic Value Statements
  • 06 May 2024
  • 5 Minutes to read
  • Dark
    Light
  • PDF

Creating Enforcement Action Dynamic Value Statements

  • Dark
    Light
  • PDF

Article summary

Use Dynamic Value statements (also referred to as "statements") to add dynamic values to fields in Enforcement Actions using values from the assets themselves.

Two types of statements are available for use:

  • "All" statements - These statements read over all the assets in the asset pool one by one and populate the values fetched from the asset itself into Action form fields.
  • Switch/Case statements - These statements check an asset field (declared in the switch) for multiple criteria (each declared by a case) and use those values to populate the Action fields.
Note:

Dynamic Value statements support asset, Activity Logs, and Adapters Fetch History modules. They do not support Asset Investigation and Findings modules.

Some examples for the use of statements:

  • You can create an Enforcement Set with its main action to create a ticket/incident. In the statement, you can determine how to fill the description or summary fields of the ticket/incident with information from the asset.
  • You can create an Enforcement Set with its main action to Add Tag to Assets. In the statement, you can set criteria to assign different tag values to different assets.
  • You can create an Enforcement Set with its main action to Add Custom Data to Assets. In the statement, you can create a calculated custom field based on values from several fields, create a custom field to assign a numerical rank to vulnerabilities, and much more.

The Configure Dynamic Values toggle appears in every Enforcement Action. Any user with either Add Enforcement or Edit Enforcement permission, or both, can create statements.

In the Syntax tab, you can resize the Define the statement text box by dragging the handle at the lower-right corner.

StatementHandle

When you create an enforcement set (in the Create Enforcement Set dialog), the first step is to select a Main Action to add to the Enforcement Set. The relevant enforcement action dialog is displayed, with required fields. Make sure to fill in all of the required fields with values. For example, when you create an Enforcement Set with Main Action - Add Custom Data to Assets, fill in the Field name and Field value action fields. The field value replaces an empty result if during an Enforcement Set run, the Dynamic Value statement gives an empty result (for example, if the adapter field used is empty for an asset) or the asset does not meet any of the criteria defined in the statement. This is relevant for all statements.

To create a statement

  1. Configure the Enforcement Action.

  2. Toggle on Configure Dynamic Values.

  3. Determine the type of statement to use:
    * "All" statements
    * Switch/Case statements

  4. Construct a statement in the Define the statement text box including action form fields, adapter fields, functions, and operators, using either of the following methods:

    • The Dynamic Value Statement Wizard (the default)
    • The Syntax Helper with Autocomplete feature
      • Click Validate. Axonius checks that the statement syntax is correct. It does not validate field types or values.
        • If the syntax is correct, the message 'Statement was validated successfully' is displayed in green under the text box.
        • If there is a syntax error, a detailed error message is displayed in red under the text box. Fix the error, and repeat this step.

When the Enforcement Set is run, the statement is used.

The following example shows how you can create a Dynamic Value statement for the Axonius - Send Email enforcement action, configured with the Adapters Fetch History query, with the help of the Dynamic Value Statement Wizard or Syntax Helper.

The following screen shows the Axonius - Send Email enforcement action configured with the Adapters Fetch History query.
AdaptersFetchHistoryQuery

The first screen below shows how you can use the Wizard to choose an asset field from Adapters Fetch History for the Dynamic Value statement in this Enforcement Action and the second screen shows how you can use the Syntax Helper.

WizardAdaptersFetchHistory

SyntaxHelperAdapterFetchHistory

Note:
  • An enforcement set, configured with a dynamic value statement, runs only on query results filtered according to the data refinement configuration. This is the case for queries filtered with any data refinement option, except "Refine field values by adapter connection".

  • If the assets returned from the query do not match the condition you configured for the field, the values configured for the field in the Enforcement action configuration are used as the default (fallback) values for the field.

Syntax Tips

  • Static string values must be written within quotation marks " ". For example: "@gmail.com". They should not be pasted from other systems.
  • Make sure that the quotation marks are straight and not curly, as curly ones are not supported.
  • Functions and operators must be followed by (values) in parentheses.
  • A field name following "switch" does not require square brackets.
Note:

Enforcement statements may "split" the Action into multiple Actions, one for each value configured in the statement.

For example, if 100 assets share the same value configured in the statement, those assets are combined into one run. On the other hand, if the 100 assets all have different values, the Enforcement Set is run 100 times.

More values with matches results in more time for the run to complete.

Example

Enforcement Action used: Axonius - Add Tag to Assets
In the following Dynamic Value statement used to tag users, all users with their user country field (user.specific_data.data.user_country) having the value "United States" are tagged with a "US" tag. Users with no entry for their user country or a country other than "United States" are tagged with the Tag default value configured in Tag names (in the Enforcement Action configuration dialog) - in this case, "fallback".

switch user.specific_data.data.user_country
case field_equal ("United States") then form.tag_name set_value "US"

ECTagsDefaultB

Note:

It is advisable to give a meaningful default Tag name, such as Fallback, so that it isn't mistaken for a Tag name that is based on an asset field value.



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.