- 28 Sep 2023
- 6 Minutes to read
- Updated on 28 Sep 2023
- 6 Minutes to read
Once you have created queries and investigated assets and their adherence to policies, you can perform actions on a single selected asset or in bulk on assets that you select:
- On an Asset page, select one or more assets, and then click the Actions button located above the query results table. The Actions menu options are displayed.
- Click the action that you want to run.
Axonius supports the following actions:
Add Custom Field
You can add a single custom field to one or more selected assets at the same time.
Learn how to work with custom data, including how to add an existing or newly created custom field to one or more assets.
Use tags to assign context to your assets for granular filters and queries. Apply new or existing tags to the selected assets. The list of selected tags is applied to all selected assets. Therefore, tagging may result in the removal of existing tags from one or from several of the selected assets.
Refer to Working with Tags to learn about working with Tags on assets.
On the Assets page, select assets, and then in the Actions menu, select Delete <asset> to delete the selected assets from Axonius. Deleted assets may be added again to Axonius if they are discovered in any future discovery cycle.
The action text is according to the Assets page. For example, Delete Devices, Delete Users, Delete Tickets.
Improve Correlation - Link Assets
Manually correlate at least two asset records and consolidate their details into a single asset.
- Manual linkage cannot be reverted. It will not be overridden by the next correlation. However, manually linking assets can be overridden if the Axonius correlation logic determines two linked assets should be distinct assets.
- The action text is according to the Assets page. For example, Link Devices, Link Users, Link Tickets.
Improve Correlation - Unlink Assets
Undo the correlation on a single asset (with multiple adapter sources) into the constituent adapter sources of that asset. Each individual adapter previously used in that correlation will now present as a single-adapter source asset. For example, if an asset has been correlated from three different adapters, unlinking that asset will result in three different unlinked assets.
- Any manually unlinked devices/user may be relinked the next time a discovery cycle runs, or data fetch is triggered from a specific adapter connection, if the correlation logic determines the association.
- The action text is according to the Assets page. For example, Unink Devices, Unlink Users, Unlink Tickets.
Enforce - Create Enforcement
Create a new enforcement set from the Assets pages with a Main Action that runs on the entities that you selected ('custom selection').
When you select this option, a drawer opens that lets you configure the following:
- Enforcement set name.
- Main Action - Select an action from the Action Library, to be performed when the enforcement set is executed.
Once configured, click Save and Run to save the enforcement set and generate an enforcement task that will run on the entities you have selected.
For more details, see Creating Enforcement Sets.
Enforce - Use Existing Enforcement
You can run a predefined Enforcement Set on one or more assets.
The following procedure shows screens for selecting an existing Enforcement Set to run on devices. Similar screens appear when selecting an existing Enforcement Set to run on another type of asset (such as users).
To run an existing Enforcement Set on one or more assets
- On the assets page, select one or more assets, and then from the Actions menu, select Enforce> Use Existing Enforcement. A dialog opens for selecting the Enforcement Set to run on the selected assets.
- In the Enforcement Set... search box, type all or part of the Enforcement Set name, and then from the resulting list of Enforcement Sets containing the searched string, select the relevant Enforcement Set name.
- Click Run. The Enforcement Set runs on the selected assets.
To learn more, see Enforcement Center Page.
Filter Out from Query Results
Filter out the selected assets from the query results. Once filtered out, the Query Wizard adds a new Filtered out from query result line. Click Clear to restore the filtered out assets.
Export Comparison Report
Select one or more assets to create a comparison report. Refer to Comparison Report for Assets.
A comparison report is active only after the system has been connected for a day.
You can create a ticket/incident in a third-party ticketing system directly from an assets table. This shortcut enables you to create an Enforcement Set of the Create Incident or Ticket category for a single or several assets (of the same type) in just one click directly from the asset Actions menu without having to open it in the Enforcement Center. Using this shortcut saves time and effort.
When you click Create Ticket from the assets table Actions menu, a dialog opens where you can select an EC action. The dialog updates with only the mandatory fields required to create the relevant "Create Incident or Ticket" action. The fields presented are a subset of the fields that are available when you create this Enforcement Set from the Enforcement Center, and should be filled in with the same values as if you were creating the Action from the Enforcement Center itself. You can fill in only the presented fields and immediately create the action, or you can continue to the Enforcement Center to add more configuration. By default, the action connects to the third-party adapter using the adapter connection configured in the system for that adapter. The Jira - Create Issue and Create Issue per Asset need to have a Jira server configured in System Settings > External Integrations > Configuring Jira Settings.
The Actions created from asset tables are automatically placed in the Enforcement Center in the Quick Actions folder.
You can view the details of all tickets created in third-party ticketing systems and view their progress directly from the Asset Profile Tickets tab.
You cannot reuse an Enforcement Set from the Quick Actions folder. You can only reuse it in one of the following ways:
- Select a query for it.
- Rerun it from the asset table Actions menu (Create Ticket option).
- For a full list of incidents and tickets, see Create Incident or Ticket.
- For Vulnerabilities, the actions listed in Using Vulnerabilities Queries in Enforcement Actions are supported.
To create a ticket/incident directly from an assets page
- On an assets page, select one or more assets.
- Open the Actions menu, and select Create Ticket. The Create Incident or Ticket dialog opens.
- From the dropdown, select a vendor and action. The dialog updates with the mandatory fields relevant for the selected vendor and action.
- Fill in the mandatory fields presented in the dialog (see Creating Enforcement Sets).
- Proceed in one of the following two ways:
- Create the ticket directly from the quick Create Incident or Ticket dialog - Click Create. A message appears saying either that the ticket was created successfully or that it failed.
- Go to the Enforcement Center to configure optional and advanced settings for the Enforcement Set - Click Advanced and enable options and complete fields as required. Then click Save and Run. A notification opens with the message: Enforcement Set was triggered to run. Click Close.
If you do not have an adapter connection configured, you must click Advanced and enter credentials.
The ticket is saved in the Quick Actions folder in the Enforcement Center.
Open in Graph
You can select individual assets in one of the asset tables and view these assets in the Asset Graph. This way you can start an investigation directly with known assets. This is one of three ways to open the Asset Graph. All actions are available as in any other entry into the Asset Graph. See Asset Graph for complete details about using the Asset Graph.
To select assets in an asset page and open them in the Asset Graph:
On an assets page, select one or more assets.
Open the Actions menu, and select Open in Graph.
The first breadcrumb in this case is Selected Assets. Further filtering or other investigation steps will be listed afterwards.