- 22 Mar 2023
- 4 Minutes to read
- Updated on 22 Mar 2023
- 4 Minutes to read
The Devices page displays all the devices that were fetched for the query run. The query name is displayed above the search bar. If no query was chosen, the page displays all devices.
To open the Devices page, click icon on the left navigation panel.
Use the Query Wizard to create granular queries to understand how assets adhere to their policies. You can define a wide variety of filters, from which you can easily drill down to the assets that match the required search criteria. Learn more about the Creating Queries with the Query Wizard..
Viewing Query Results
The total number of devices collected for that query (or for all collected devices when no query is present) is displayed on the top left side of the table:
A number of columns are displayed for each device. The first column is the Adapter Connections column. The Adapter Connections column displays the icons of the adapter connections that this device was seen from, and is considered by Axonius as the correlation of data from different adapters to the same device.
For example, a device that was fetched and correlated from the following adapter connections:
- Microsoft Active Directory (AD)
- Amazon Web Services (AWS)
- VMware Carbon Black EDR (Carbon Black CB Response)
- CrowdStrike Falcon
- Cybereason Deep Detect & Respond
- Trend Micro Deep Security
- Kaseya VSA
- SolarWinds Network Performance Monitor
Expanding Device Data
Click left adapters column to expand the device record and to display device 'uncorrelated' data, i.e., the device data per adapter. This functionality provides you with a single view and an easy way to identify the source for each of the different device field values. Click again to collapse the device data.
Hover over the Adapter Connections column to see the adapter name for all adapter connections in a tooltip. If you defined an Adapter Connection Label on the adapter connection configuration it will be concatenated to the adapter name value. This can helps distinguish between two adapter connections from the same adapter.
Expanding Aggregated Field Data
There are 2 types of devices columns:
- Aggregated data fields - a common field which contains data fetched from different adapters. For example, Host name, MAC address, OS type and many more.
- Specific data fields - a unique field which contains data fetched from a single adapter source. For example, "Region" field from Amazon Web Services (AWS).
Click in any generic data field to view a tooltip with the field's 'uncorrelated' data, i.e. device specific field data for that asset entity / adapter connection. Click to collapse the tooltip.
For example, if you expand the 'Last Seen' field, you can see when the device was seen by each of its source adapters. Mouse over the number of additional parameters to display a context menu showing the first 10 parameters in this field. You can scroll through the data. For fields with multiple values, you can click the copy icon to copy the values to the clipboard.
Viewing Complex Fields in the Device Profile Aggregated tab
Complex fields are fields which can display a number of parameters. For instance, the Installed Software field can contain the Software Version field, the Software Name field, Software Vendor field and more.
In Complex fields, the system displays the first few parameters in the field, and then displays the number of additional parameters.
Mouse over the number of additional parameters to display a context menu showing the first 10 parameters in this field. You can scroll through the data.
Click View all results to open the data in the Device Profile Aggregated tab, open at that complex field.
Setting Page Columns Display
You can set the columns displayed on the page, and freeze specific columns so that they are not scrolled. The Adapter Connections column is frozen by default. Refer to Setting Page Columns Display.
Performing Actions on Devices
Select one or more devices and use the options in the Actions menu to perform various actions. Refer to Asset Actions
Select Asset Investigation to see the changes over time for all the devices or users in the system. Learn about Asset Investigation.
Displaying Historical Data
Axonius saves daily “snapshots” of all the collected data, which you can view for any query in the Devices page.
To view device query results for a specific date, click the calendar button or click 'Display by Date' on the top right corner above the query results table.
A date picker control opens, enabling you to select the desired data. By default, the latest day for which data was collected is displayed.
Notice that only dates with collected data are enabled as options for choice.
To clear the historical view and set back to latest, hover over the displayed date and click on the 'X' next to the displayed date.
Navigating between Table Result Pages
By default, 20 results are displayed in each table page. You can change the number of results per page and choose between 20, 50 or 100, by clicking the appropriate icon on the bottom left side of the table:
Use the pagination bar at the bottom right side of the table to move between pages:
Cancel Query is displayed when you run a query. Click Cancel Query to revert to the results of the last successful executed query.
Last Updated Indication and Refresh Query
When query caching is enabled, and query results are retrieved from cache the Last updated indication is displayed. This indication specifies the last time the query was executed and from when the displayed query results are updated.
Use Refresh Query to run the query again to recalculate the query results.
Exporting Device and User Data to CSV
You can export the query results table data and its view (displayed columns) to a CSV file. Learn about exporting device and user data to a CSV file.