- 12 Nov 2023
- 8 Minutes to read
Axonius - Send Email
- Updated on 12 Nov 2023
- 8 Minutes to read
Axonius - Send Email sends an email with the query results to a predefined list of recipients.
- Assets that match the results of the selected saved query and the Enforcement Action Dynamic Value statement, if defined, or assets selected on the relevant asset page.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
Email Template Description
Click to view the Email Template Description
The Axonius email template summarizes a query's results and includes:
- The name of the Enforcement Set that triggered the email, and whether the enforcement was executed automatically or by a user.
- Query Name - The name of the query used to determine which assets are included in the message.
- Scheduling - When the Enforcement Action is scheduled to run.
- Total Runs - How many times the Enforcement Action has actually run.
- Main Action - The name of the main action in the Enforcement Set.
- Custom Message - Text of the custom message as provided in the Custom message box.
- Total run results - The number of assets returned by the query and included in the email.
- Previous run results - The number of assets returned by the previous run of the Enforcement Set.
- Added assets - Number of assets added, if any, from the previous run.
- Subtracted assets - Number of assets removed, if any, from the previous run.
The Query Results Table
The Query Results table included in the email message lists the first query results included in the attached CSV file. The number of rows in the Query Results table is the number configured in the Number of data rows to include field. The fields included are selected in the Add asset fields section.
Click See all query results at the bottom of the Query Results table to see the complete list of query results.
Some email clients may add extra spaces in emails sent.
Click to view General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapter Fetch History and Asset Investigation Modules
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
These fields must be configured to run the Enforcement Set.
Click to view Required Fields
- Recipients - Add the email address of recipients. Press Enter to add multiple addresses.
For both Queries based on Query Wizard (such as Users, Devices) and Queries based on filters (Activity Logs, Adapters Fetch History, and Asset Investigation), you can include data extracted from the query result fields in the Query Results table in the email body.
Click to view Additional Fields
- Add asset fields - Select the fields to include in the email message.
The first dropdown automatically shows the same asset type as the one selected for the Enforcement Set query (see above in General Settings). You can only choose fields for the email message from this query, and therefore this dropdown is disabled.
For Queries based on Query Wizard: From the Adapters dropdown, select an adapter. Not relevant for Queries based on filters as they do not have adapters.
The fields box shows common fields that are preselected according to the query type. You can remove any of these fields by clicking the X on the field name tile.
The following screen shows the preselected fields for Devices.
For Queries based on Query Wizard: To add fields from a different adapter, click Add fields from a different adapter. A new field selection row is added. Not relevant for Queries based on filters, as they do not have adapters.
To delete a row, click the trashcan icon.
Number of data rows to include - Select the number of rows of data to include in the email. By default, 10 rows are included. Additional rows of data can be viewed in Run History. A maximum of 30 rows can be displayed.
Email subject (optional, Default: Axonius Enforcement triggered) - Specify the email subject. Otherwise, the generated email subject is 'Axonius Enforcement Triggered'.
Recipients CC (optional) - Add an email list of recipients to which to send the email as CC. Otherwise, if left empty, the email is sent only to the defined Recipients email list.
Add Custom message - Toggle on to include a customized message in the email.
- Custom message (up to 10000 characters) (optional) - Specify the body of the email message. Otherwise, the email message is generated with no body.
Email to include custom message only (required, default: False) - Select this option to include in the email the specified custom message only, and not the Axonius email template. Otherwise, the email includes the specified custom message as well as the Axonius email template.
Attach CSV to email - Toggle on to attach the CSV file to the email and set the CSV parameters.
Attach CSV with all query results - Select this option to include in the email an attached CSV file with all query results.
Query results CSV file name - Type your own name for the CSV file instead of the default name set by Axonius. Otherwise, leave empty for the system to use the default name set by Axonius for the CSV file.
Attach CSV of changes only in query results (required, default: False) - Select this option to include in the email an attached CSV file with the changes in the query results (compared to the last run of the Enforcement Set). And if no changes are identified in the results, no CSV is generated. Otherwise, attach a CSV of all query results, regardless if there are changes.
Additional CSV Settings
Split by asset entities - Select to create a CSV file where each asset on a device is shown as a separate row. This separates each asset as the 'expand' option in the application. It separates each asset by its entity. For example, you will be able to know which values were fetched from each adapter connection. If you do not select this option, all values on a device are in the same cell on the CSV file.
Split by field values - Choose field value - For complex fields and lists you can create a CSV file where the values of complex fields and lists are represented as separate rows in the file. From the drop-down box select the value that you want to display in the file, 'Tags' for instance. Only fields that have been discovered are available. For example, if you export by Installed Software, you will be able to see each installed Software name and its version.
Don't split complex objects into columns - When selected, complex objects appear in a single column in JSON format. By default, each field in a complex object is split into a separate column in the CSV file.
Export CSV delimiter to use for multi-value fields (default: Export CSV delimiter to use for multi-value fields field under the System Settings section in the GUI Settings) - Specify a delimiter to separate between values within the same field of an exported CSV file, otherwise the delimiter defined in Export CSV delimiter to use for multi-value fields is used.
Maximum rows (default: 1048500) - Specify the maximum number of rows to be included in the CSV file. When you set a value here the generated CSV file will include the top x rows, based on the specified values. Otherwise, the generated CSV file will include the default maximum rows, set as 1048500.
Include associated devices (only for Vulnerabilities and Software) - For Software and Vulnerabilities queries. Toggle on this option to include the associated devices with the preferred hostname as a predefined field for each software or vulnerability. When you create a CSV file with associated devices (for Vulnerabilities or Software), if the exported query results are larger than the value set under Maximum rows (or the default value of 1048500), an appropriate notice is displayed at the end of the CSV file.
Device fields - This option is available for Software and Vulnerabilities. Select the device fields to add. By default Preferred Host Name is selected. Click add to select more fields. At least one field must be selected. Click the bin icon to remove a device field.
Send email even if no data is returned in the query (required, default: False) - Select this option to send an email even if the query does not return any results. Otherwise, when there is no data returned in the query, does not send an email.
Tunnel Name - For Axonius-hosted (SaaS) deployments. Select the tunnel through which to connect to perform the action.
Click to view Examples
Example with Query based on Query Wizard
For an enforcement set configured to run Axonius - Send Email on Devices that are noncompliant, this action can be configured to send to each device owner an email with a Query Results table that has specific information on the noncompliant device, such as device manufacturer, device model, and serial number, and steps for remediation, such as to install secure updates.
Example with Query based on Filter
For an enforcement set configured to run Axonius - Send Email on Adapters Fetch History failed adapters, this action can be configured to send an email with a Query Results table that has information (fields) on each adapter that fails. Recipients of this email can make a decision on how to proceed, based on a quick analysis of the information in the email.
For more details about other Enforcement Actions available, see Action Library.