Selecting and Configuring a Workflow Event

This section describes how to configure an Event node in a workflow with a supported event from the Events pane (for details on each event, refer to the Events Library), and then do any or all of the following:

• Select an event entity for the following node in the Workflow.
• Enable parsing one of the event's string fields.
• Enable and configure the event's Timeout settings (not relevant for the triggering Event).

A workflow configured with an event as an initial trigger runs only on assets that have that event. When an event is used in the middle of a workflow, it triggers only for the asset on which this workflow was triggered initially.

To select and configure the Workflow Event

1. Click the Event node. The Event pane opens in Tile view, displaying all available Workflow Events according to their categories.
   

   • Click the List icon to display the Events in List view. All Event categories are collapsed.
     
   • Click the Tiles icon to once again display the Events in tile view.

2. In the Event pane, simplify your selection of an event by filtering the events by name and/or category.

   • In the Search Event box, type all or part of the event name. The list is automatically filtered as you type. From the search results, select an event.
   • In the Category dropdown, select a category, and then select an event from that category that appears in the pane.
   • Click Collapse All to show only event categories.
   • Click Expand All to show all available events under all event categories.
   • Click the Collapse icon to the right of a category to hide its events.
   • Click the Expand icon to the right of a category to show its events.

3. Select an event. The selected event is displayed in the Event node.

4. Configure the Workflow Event, if required, or any prerequisite configurations required to use the selected event. Refer to the Events Library for prerequisite and configuration details of each supported Workflow Event.

5. Select an entity for the following node, if required.

6. Enable parsing an Event field into additional fields, if required.

7. For a non-triggering Event node, set the event's timeout settings, if required.

Selecting an Entity for the Following Node

By default, the node following an Event node runs on the default asset type resulting from the event. This default asset type is automatically found by the event parsing the ID and deducing the asset type according to the adapter.
Instead of finding and using this default asset type for the next node, in an Event node, you can enable the Select entity for the following node option to select one of the resolved asset types that the event is parsed into as the asset of the next node, and create criteria of the asset that will continue to that node. You build a query to define the criteria, and in at least one of the criteria, you compare a field in the selected asset type to an event field. The first asset that matches the configured criteria is selected to continue in the workflow to the next node.

It is also possible to use the default asset type for the next node, but define within the asset type, criteria other than the default, which the asset must meet. For example, by default, the node following a Slack message event runs on a user of a certain ID (event.user equals xxx). It is possible to change the criteria so that the next node runs instead on a user belonging to a certain channel (event.channel equals yyy).

A query wizard is provided for you to create the criteria, where the left side of the query defines the Axonius fields from the adapters, and the right side defines the fields from the event. The query runs on all assets of the selected type and the selected asset fields are compared to the query criteria.

To select an Entity for the node following the Event node

1. In the Event pane, toggle on Select entity for the following node.

2. From the Module dropdown, select the asset type for the next node.

A query wizard opens for configuring the criteria of the selected asset type.

3. Using the wizard, build a query where at least one of the asset fields is compared to an event field parsed from the event (the rightmost field in the wizard). This event field can be:
   • A field parsed from the event. Open the Event Fields list to choose from a list of event fields. Learn more on how to add an Event Field to a Query.
   • A field parsed from the JSON. These fields do not appear in the Event Fields list.

Adding an Event Field to a Query

You can easily select the event field to add to the query (last field in the criteria) using the Event Fields table. The Event Fields table presents a list of fields parsed from the selected event (for example, fields parsed from Slack Message), including their Field Names, Types, and Axonius database names with an adjacent copy icon, enabling you to copy the field directly from the Event Fields table into the query.

Parsing an Event Field

It is possible to configure an Event (including the triggering event) to automatically parse one of its string fields during the execution of the Event in the Workflow. A field can be parsed only if the "magic word" AXONIUSPARSER (case-insensitive) precedes the JSON text in the field.
In the case of an Asset value changed Event, you can parse the previous event field value or the current event field value.

• Only String type fields are supported.
• Only single-level JSONs are supported.
  For example: {"key1": "value1","key2": "value2"}
• Nested JSONs are not supported (although some may be successful).
• There can be no blank space between the curly brackets and the beginning or end of the JSON object.
• If the field does not contain the "magic word" AXONIUSPARSER or the JSON syntax is incorrect, parsing does not take place. In this case, the Workflow continues, and the Run History does not include information about parsing.
• If the field does not contain JSON, parsing fails. In this case, the Workflow continues but the Run History shows that parsing failed.

The Run History drawer lists in the tab of each Event that was executed in the Workflow, under Data, the data of that event. This includes all fields in the original schema and their values. When parsing is enabled for an Event field, the field name and all its parsed key-value pairs are also listed.

The parsed fields do not appear in the Syntax Helper. However, you can configure a Dynamic Value Statement in an Action with these parsed fields.

To parse an Event field

1. In the workflow, click the Event in which you want to parse an Event field.

2. In the Event pane, toggle on Parse additional fields.

3. From the Select event field to parse JSON from dropdown, select a field to parse. Only string fields appear in the dropdown, as only they can be parsed.

For the Asset value changed Event, select to parse the current Field Value or the Previous Field Value.

Configuring Event Timeout Settings

By default, Timeout is disabled for an event, meaning that the event continues to run until you change its settings or delete it.
You can enable Timeout settings for an event by configuring the amount of time in seconds, days, weeks, or months that the event waits before it times out. You can then do one of the following:

• Define a Timeout condition in the Event Conditions node below the Event node, with two branches:

  • True branch to take in the Workflow if the Event has timed out after the defined amount of time.
  • False branch to take in the Workflow if the Event has not timed out after the defined amount of time.

• Do not define a Timeout condition, meaning that the Workflow run terminates when timeout is reached.

To configure an event's timeout

1. In the Event pane, toggle on Add Timeout to enable timeout for the event.
2. In After, set the timeout to a specific number of Days, Weeks, or Months. The default is 90 days.