Axonius - Send Email

Axonius - Send Email sends an email with the query results to a predefined list of recipients for:

• Assets that match the results of the selected saved query and the Enforcement Action Dynamic Value statement, if defined, or assets selected on the relevant asset page.

Email Template Description

The Axonius email template summarizes a query's results and includes:

• The name of the Enforcement Set that triggered the email, and whether the enforcement was executed automatically or by a user.
• Query Name - The name of the query used to determine which assets are included in the message.
• Scheduling - When the Enforcement Action is scheduled to run.
• Total Runs - How many times the Enforcement Action has actually run.
• Main Action - The name of the main action in the Enforcement Set.
• Custom Message - Text of the custom message as provided in the Custom message box.
• Total run results - The number of assets returned by the query and included in the email.
• Previous run results - The number of assets returned by the previous run of the Enforcement Set.
• Added assets - Number of assets added, if any, from the previous run.
• Subtracted assets - Number of assets removed, if any, from the previous run.

The Query Results Table

The Query Results table included in the email message lists the first query results included in the attached CSV file. The number of rows in the Query Results table is the number configured in the Number of data rows to include field. The fields included are selected in the Add asset fields section.

Click See all query results at the bottom of the Query Results table to see the complete list of query results.

If you set Compress email attachments on the Email Settings page, you can send the CSV files as one compressed file. The system warns you if the compressed file reaches 10 Megabytes.

General Settings

Required Fields

These fields must be configured to run the Enforcement Set.

• Recipients - Add the email address of recipients. Press Enter to add multiple addresses.

Additional Fields

These fields are optional.

For both Queries based on Query Wizard (such as Users, Devices) and Queries based on filters (Activity Logs, Adapters Fetch History, and Asset Investigation), you can include data extracted from the query result fields in the Query Results table in the email body.

• Add asset fields - Select the fields to include in the email message.

  • The first dropdown automatically shows the same asset type as the one selected for the Enforcement Set query (see above in General Settings). You can only choose fields for the email message from this query, and therefore this dropdown is disabled.

  • For Queries based on Query Wizard: From the Adapters dropdown, select an adapter. Not relevant for Queries based on filters as they do not have adapters.

  • The fields box shows common fields that are preselected according to the query type. You can remove any of these fields by clicking the X on the field name tile.

  The following screen shows the preselected fields for Devices.

  

  • For Queries based on Query Wizard: To add fields from a different adapter, click Add fields from a different adapter. A new field selection row is added. Not relevant for Queries based on filters, as they do not have adapters.
  • Click the trashcan icon to the right of an asset fields row to delete it.

• Hide adapter icons in table (Default: Disabled) - Select the checkbox to enable hiding the Adapters column (that shows adapter icons) in the Query Results table (above).

• Number of data rows to include (Default: 10) - Select the number of rows of data to include in the email. Additional rows of data can be viewed in Run History. A maximum of 30 rows can be displayed.

• Email subject (Default: Axonius Enforcement triggered) - Specify the email subject. Otherwise, the generated email subject is 'Axonius Enforcement Triggered'.

• Recipients CC - Add an email list of recipients to which to send the email as CC. Otherwise, if left empty, the email is sent only to the defined Recipients email list.

• From - Fill in the sender email address, if you want this enforcement action to send an email from a sender other than the Sender address configured in Email Settings or the default sender address.

• Add Custom message - Toggle on to include a customized message in the email.

  • Custom message (up to 10000 characters) - Specify the body of the email message. Otherwise, the email message is generated with no body.

• Email to include custom message only (Default: Disabled) - Select this option to include in the email the specified custom message only, and not the Axonius email template. Otherwise, the email includes the specified custom message as well as the Axonius email template.

• Attach CSV to email - Toggle on to attach the CSV file to the email and set the CSV parameters.

  • Attach CSV with all query results - Select this option to include in the email an attached CSV file with all query results.

  • Query results CSV file name - Type your own name for the CSV file instead of the default name set by Axonius. Otherwise, leave empty for the system to use the default name set by Axonius for the CSV file.

  • Attach CSV of changes only in query results (Default: Disabled) - Select this option to include in the email an attached CSV file with the changes in the query results (compared to the last run of the Enforcement Set). And if no changes are identified in the results, no CSV is generated. Otherwise, attach a CSV of all query results, regardless if there are changes.

  Additional CSV Settings

  • Split by asset entities - Select to create a CSV file where each asset on a device is shown as a separate row. This separates each asset as the 'expand' option in the application. It separates each asset by its entity. For example, you will be able to know which values were fetched from each adapter connection. If you do not select this option, all values on a device are in the same cell on the CSV file.

  • Split by field values - Choose field value - For complex fields and lists you can create a CSV file where the values of complex fields and lists are represented as separate rows in the file. From the drop-down box select the value that you want to display in the file, 'Tags' for instance. Only fields that have been discovered are available. For example, if you export by Installed Software, you will be able to see each installed Software name and its version.

  • Don't split complex objects into columns - When selected, complex objects appear in a single column in JSON format. By default, each field in a complex object is split into a separate column in the CSV file.

  • Export CSV delimiter to use for multi-value fields (default: Export CSV delimiter to use for multi-value fields field under the System Settings section in the GUI Settings) - Specify a delimiter to separate between values within the same field of an exported CSV file, otherwise the delimiter defined in Export CSV delimiter to use for multi-value fields is used.

  • Maximum rows (default: 1048500) - Specify the maximum number of rows to be included in the CSV file. When you set a value here the generated CSV file will include the top x rows, based on the specified values. Otherwise, the generated CSV file will include the default maximum rows, set as 1048500. (note that this value is the maximum value supported by Excel, setting a higher value generates a file that can't be displayed fully or correctly in Excel)

  • Include associated devices (only for Vulnerabilities and Software) - For Software and Vulnerabilities queries. Toggle on this option to include the associated devices with the preferred hostname as a predefined field for each software or vulnerability. When you create a CSV file with associated devices (for Vulnerabilities or Software), if the exported query results are larger than the value set under Maximum rows (or the default value of 1048500), an appropriate notice is displayed at the end of the CSV file.

  • Device fields - This option is available for Software and Vulnerabilities. Select the device fields to add. By default Preferred Host Name is selected. Click add to select more fields. At least one field must be selected. Once you select fields, you can drag and drop to rearrange in the order that you want them to appear in the CSV file. Click the bin icon to remove a device field.

• Send email even if no data is returned in the query (Default: Disabled) - Select this option to send an email even if the query does not return any results. Otherwise, when there is no data returned in the query, does not send an email.

• Gateway Name - Select the gateway through which to connect to perform the action.

Examples

Example with Query based on Query Wizard

For an enforcement set configured to run Axonius - Send Email on Devices that are noncompliant, this action can be configured to send to each device owner an email with a Query Results table that has specific information on the noncompliant device, such as device manufacturer, device model, and serial number, and steps for remediation, such as to install secure updates.

Example with Query based on Filter

For an enforcement set configured to run Axonius - Send Email on Adapters Fetch History failed adapters, this action can be configured to send an email with a Query Results table that has information (fields) on each adapter that fails. Recipients of this email can make a decision on how to proceed, based on a quick analysis of the information in the email.