- 24 Feb 2022
- 7 Minutes to read
- Updated on 24 Feb 2022
- 7 Minutes to read
The Devices page displays all the collected devices for the chosen query. The query name is displayed above the search bar.
If no query has been chosen, the page displays all collected devices.
To open the Devices page, click icon on the left navigation panel.
Viewing Query Results
The total number of devices collected for that query (or for all collected devices when no query is present) is displayed on the top left side of the table:
For each device, you can see multiple columns, with the left most being the Adapter Connections column. This column displays the icons of the adapter connections that device has been seen from, and is considered by Axonius as the correlation of data from different adapters to the same device.
For example, a device that has been fetched and correlated from the following adapter connections:
- Microsoft Active Directory (AD)
- Amazon Web Services (AWS)
- VMware Carbon Black EDR (Carbon Black CB Response)
- CrowdStrike Falcon
- Cybereason Deep Detect & Respond
- Trend Micro Deep Security
- Kaseya VSA
- SolarWinds Network Performance Monitor
Expanding Device Data
Click left adapters column to expand the device record and to display device 'uncorrelated' data, i.e., the device data per adapter. This functionality provides you with a single view and an easy way to identify the source for each of the different device field values. Click again to collapse the device data.
Hover over the Adapter Connections column to see the adapter name for all adapter connections in a tooltip. If you have defined an Adapter Connection Label on the adapter connection configuration it will be concatenated to the adapter name value. This can helps distinguish between two adapter connections from the same adapter.
Expanding Aggregated Field Data
There are 2 types of devices columns:
- Aggregated data fields - a common field which contains data fetched from different adapters. For example, Host name, MAC address, OS type and many more.
- Specific data fields - a unique field which contains data fetched from a single adapter source. For example, "Region" field from Amazon Web Services (AWS).
Click in any generic data field to view a tooltip with the field's 'uncorrelated' data, i.e. device specific field data for that asset entity / adapter connection. Click to collapse the tooltip.
For example, if you expand the 'Last Seen' field, you can see when the device was seen by each of its source adapters.
Editing Table Columns
Your system comes with a set of pre-defined colums in each asset table. You can edit this predefined set and configure which columns are displayed on the page. Drag columns in the table to reset the order of the columns that are displayed. When you export tables to CSV files, the columns in the CSV file are ordered like in the table.
To change the displayed columns:
Click Edit Columns menu and from the drop-down menu select Edit Columns:
- To add columns to the page, select the required columns in the Available Columns list and then click Add.
- To remove columns from the page, select the required columns in the Displayed Columns list and then click Remove.
- Click Reset to cancel changes any changes you made to the column display, and return to the default view
- Click Save as User Default.to save the selected columns as your default view. The selected columns are then displayed by default every time you open the page.
- Click Done when you have finished your configuration. If you do not save this view as the default view, then the configuration will not be saved as your default.
Use the following additional options from the Edit Columnns menu:
To reset to your default view:
Click Edit Columns and select Reset Columns to User Default to restore your default column view.
To reset to the System Default view:
Click Edit Columns and select Reset Columns to System Default. The System Default columns are restored
- Edit System Default - This option enables to control the system default column view and also the user default column view for new users.
You can also reset the view from the Devices page.
Click Reset next to the saved query name to reset the Devices page to the user default column view with no filtering and display all devices/users.
Filtering Values Displayed in Table Columns
You can use complex expressions to create filters to filter the display and search for specific values to be displayed in each table column on the page, including multi-field columns. On the right of each field, click to open the Column Filter dialog.
Each row in the Column Filter is a filter expression that consists of the following elements:
- AND / OR switch
- NOT Flag
- Field drop-down
- Operator drop-down
- Value field
- Parentheses controls
Refer to the Query Wizard for detailed explanations of each field and the parameters it can contain.
1. AND / OR Switch
AND/OR is only available on the second and subsequent filter rows. When you define more than one filter, use AND/OR to control whether all filters are required to match, or if just one filter can match.
2. NOT Flag
Use NOT to negate the filter line, and only match assets that do NOT match the operator, and value specified.
3. Field Name Drop-Down
The field name drop-down shows the column on which you are filtering. The options available depend on the column on which you are filtering. If this is a complex field, all of the values that are part of the complex field are displayed and you can choose the field by which to filter.
If for instance, you filter on the Installed Software column, the field drop-down contains a range of possible values to filter by.
4. Operator Drop-Down
The Operator drop-down shows the comparison functions available. The operators available depend on the column on which you are filtering.
5. Value Field
The Value field specifies the value to be compared by the field and operator. Different relevant value options are enabled according to the field type and the operator/function chosen.
6. Parentheses Controls
When defining multiple expressions with a combination of "OR" and "AND" operands between them, usage of parentheses impacts the query definition. Sometimes multiple parentheses may be required to make complex expressions. Click the up/down arrows in the Parentheses Control to increase/decrease the number of parentheses.
- Use Duplicate Row to duplicate rows with all the information. On the first row, it duplicates the entire block and on inner rows it duplicates only the selected row.
- Use X to remove rows
When complex filters are defined, Axonius will display only values that match the complete filter.
Excluding Adapter Connections
You can configure the system to not show values from a specific adapters or from connections for a defined adapter, in a selected column. Only values from adapters which are not excluded will be displayed in that column.
Click in the Exclude adapter connections field; all adapters connected, and their connections are displayed.
Start typing to search for a specific adapter or connection name, then select the adapter or connection that you want to exclude values from.
Click next to the adapter to choose all connections for the adapter; or choose specific connections.
Choose as many adapters or connections as required and click on the Column Filter dialog to close this drop-down..
Use Select All or Clear All to change your selections.
Navigating between Table Result Pages
By default, 20 results are displayed in each table page. You can change the number of results per page and choose between 20, 50 or 100, by clicking the appropriate icon on the bottom left side of the table:
Use the pagination bar at the bottom right side of the table to move between pages:
Displaying Historical Data
Axonius saves daily “snapshots” of all the collected data, which you can view for any query in the Devices page.
To view device query results for a specific date, click the calendar button or click 'Display by Date' on the top right corner above the query results table.
A date picker control opens, enabling you to select the desired data. By default, the latest day for which data was collected is displayed.
Notice that only dates with collected data are enabled as options for choice.
To clear the historical view and set back to latest, hover over the displayed date and click on the 'X' next to the displayed date.
Cancel Query is displayed when you run a query. Click Cancel Query to revert to the results of the last successful executed query.
Last Updated Indication and Refresh Query
When query caching is enabled, and query results are retrieved from cache the Last updated indication is displayed. This indication specifies the last time the query was executed and from when the displayed query results are updated.
Use Refresh Query to run the query again to recalculate the query results.