Devices Page

The Devices page displays all the collected devices for the chosen query. The query name is displayed above the search bar.
If no query has been chosen, the page displays all collected devices.

To open the Devices page, click icon on the left navigation panel.

Viewing Query Results

The total number of devices collected for that query (or for all collected devices when no query is present) is displayed on the top left side of the table:

For each device, you can see multiple columns, with the left most being the Adapter Connections column. This column displays the icons of the adapter connections that device has been seen from, and is considered by Axonius as the correlation of data from different adapters to the same device.

For example, a devices that has been fetched and correlated from the following adapter connections:

1. Microsoft Active Directory (AD)
2. Amazon Web Services (AWS)
3. VMware Carbon Black EDR (Carbon Black CB Response)
4. CrowdStrike Falcon
5. Cybereason Deep Detect & Respond
6. CylancePROTECT
7. Trend Micro Deep Security
8. Kaseya VSA
9. Solarwinds Network Performance Monitor

Expanding Device Data

You can click left adapters column to expand the device record and to display the device 'uncorrelated' data, meaning, the device data per adapter. This functionality provides you with a single view and an easy way to identify the source for each of the different device field values. Click again to collapse the device data.

You can also easily view the adapter name for all adapter connections in a tooltip by hovering over the Adapter Connections column. If you have defined a Adapter Connection Label on the adapter connection configuration it will be concatenated to the adapter name value. This can assist with distinguishing between two adapter connections from the same adapter.

Expanding Aggregated Field Data

The devices columns can be segmented to two main types:

• Aggregated data field - a common field which its data is fetched from different adapters. For example, Host name, MAC address, OS type and many more.
• Specific data field - a unique field which its data is fetched from a single adapter source. For example, "Region" field from Amazon Web Services (AWS).

You can click '>' within any generic data field to view a tooltip the field 'uncorrelated' data, meaning, the device specific field data per adapter. Click the button again to collapse the tooltip.

For example, if you expand the 'Last Seen' field, you can see when the device has been seen by the each of its source adapters.

Editing Table Columns

You can select which columns are displayed on the page.

To change the displayed columns, click the Edit Columns menu on the right side of the page just above the table and select Edit Columns:

• The Available Columns list lets you select the columns to be included in the table.
• Added Displayed Columns list displays the columns that are included in the table. This list can be reordered by dragging and dropping a column. The order of the columns in this list will be also reflected in CSV exports.
• The Add >> and the <<Remove buttons allow you to move columns to and from the Available Columns list and the Displayed Columns list.
• The Reset button sets the Displayed Columns list to the user default view.
• The Save as user default button will set this view as the default user view.

The Edit Columns menu also has the following options:

• Reset Columns to User Default - Resets the view to the user default column view.
• Reset Columns to System Default - Resets the view to the system default column view.
• Edit System Default - This option enables to control the system default column view and also the user default column view for new users.

You can also reset the view from the Devices page. Click Reset next to the saved query name. It will reset the Devices page to the user default column view and with no filtering, resulted in all devices/users being displayed.

Filtering Table Columns Displayed Values

You can filter and search for specific values to be displayed in each table column displayed on the page, including multi-field columns. On the right of each field, click to open the Column Filter dialog.
The Column Filter dialog that lets specify two types of filters:

1. List of filters to determine which values will be displayed for a specific column. Each filter consists of:
   • Value - On which Axonius will run a case insensitive 'contains' search.
   • NOT Flag - This flag lets you define a blacklist by negating the filter line, and only match values that do NOT match the value specified.
2. Exclude adapter connection filter, which lets you specify adapters for which to exclude values.
   Only values from adapters which are not excluded will be displayed.

When multiple filters are specified, Axonius will display only values that match for all the filters.

Navigating between Table Result Pages

By default, 20 results are displayed in each table page. You can change the number of results per page and choose between 20, 50 or 100, by clicking the appropriate icon on the bottom left side of the table:

Moving between pages is done by the pagination bar on the bottom right side of the table:

Displaying Historical Data

Axonius saves daily “snapshots” of all the collected data, which you can view for any query in the Devices page.

To view device query results for a specific date, click the calendar button or click the 'Display by Date' label on the top right corner above the query results table.

A date picker control opens, enabling you to select the desired data. By default, the latest day for which data was collected is displayed.

Notice that only dates with collected data are enabled as options for choice.

To clear the historical view and set back to latest, hover over the displayed date and click on the 'X' next to the displayed date.

Cancel Query

Whenever a query is running, the Cancel Query button will be displayed. Clicking on it will revert the results of the last successul executed query.

Last Updated Indication and Refresh Query

When query caching is enabled, and query results are retrieved from cache the Last updated indication is displayed. This new indication specifies the last time the query was executed and from when the displayed query results are updated.

The Refresh Query button lets you re-execute the query to recalculate the query results.