Axonius - Send Email to Assets

Axonius - Send Email to Assets sends an email with a predefined subject and body to all assets which have an email address, based on the following logic:

• Users query - Email will be sent to each User asset which has an email address.
• Devices query - Email will be sent to each User asset which has an email address that is determined as the Latest Used User Email for each device.

To use this action, you must enable the 'Send Emails' setting and configure the email host and port. For more details, see Configuring Email Settings.

General Settings

Required Fields

These fields must be configured to run the Enforcement Set.

1. Email subject (optional, default: empty) - Specify the email subject.
   • If supplied, the generated email subject will be the specified subject.
   • If not supplied, the email subject will be [Enforcement Set Name] + 'for Query:' + [query name]
2. Custom message (optional, default: empty) - Specify the body of the email message.
   • If supplied, the generated email body will be the specified custom message.
   • If not supplied, the email message will be generated with no body.
3. Customize recipients for device entities - Select one of these options:
   • 'Send to Owner Only' Select whether to send an email to the device owner. If enabled, an email will be sent to the email address of the device owner, if it exists. Otherwise an email will be sent to each User asset which has an email address that is determined as the Latest Used User Email for each device.
   • 'Custom' - Select custom recipients to send the mail to, checkboxes are displayed, and you can choose 'Add device owner to recipients', and/or 'Add device latest used user email to recipients'
   • 'Send to AWS account administrators' - Select the option to send an email to users that are an admin in the accounts where the devices exist, in this case it adds {{ASSETS_PER_ASSOCIATION}} to the Cusom message field and lists there the AWS ARNs per account.
   • 'Send to GCE account administrators' - Select this option to send an email to users that are owners in the projects where the devices exist. To add the names of the devices by projects to the email add the following {{ASSETS_PER_ASSOCIATION}}. Note that Fetch IAM permissions for users must be enabled in the GCP adapter in order for this to work.
4. Limit recipients to first X, not counting CC - limit the number of recipients to only send to the first X recipients, based on the default order of recipients. The default value is 2. For a Devices query, the default order of email recipients is:

• Device Owner (if Add device owner to recipients is selected)

• Latest Used User Email (if Add latest used user email to recipients is selected)

• device.mail

• device.custom_email

• device.email

• all of device.last_used_users_mail_association (that one is a list)

• Gateway Name - Select the gateway through which to connect to perform the action.

Additional Fields

These fields are optional.

1. Confirm only send to device owner (and cc list) - send the email only to the owner of the device and not to the Latest Used User Email. When Send to Owner Only is selected as well as Confirm only send to device owner (and CC list), then the recipients list will ONLY include the device.owner (and any CC emails confgured in the enforcement set).
2. Email CC list ' - Specify a comma-separated list of email addresses.
   • If supplied, each email will also be sent to the supplied email addresses in that list.
   • If not supplied, each email will only be sent to each User asset which has an email address that is determined as the Latest Used User Email for each device.