Asset Actions

Once you have created queries and investigated assets and their adherence to policies, you can perform actions on a single selected asset or in bulk on assets that you select:

1. On the Devices or Users page, select one or more assets, and then click the Actions button located above the query results table. The Actions menu options are displayed.
2. Click the action that you want to run.

Axonius supports the following actions:

Add Custom Field

You can add custom fields to one or more assets at the same time.

Refer to Working with Custom Data to learn about adding custom fields to assets.

Tag

Use tags to assign context to your assets for granular filters and queries. Apply new or existing tags to the selected assets. The list of selected tags is applied to all selected assets. Therefore, tagging may result in the removal of existing tags from one or from several of the selected assets.
Refer to Working with Tags to learn about working with Tags on assets.

Delete Devices / Delete Users

On the Devices page: Select devices, and then in the Actions menu, select Delete Devices to delete the selected devices from Axonius. Deleted devices may be added again to Axonius if they are discovered in any future discovery cycle.
On the Users page: Select users, and then in the Actions menu, select Delete Users to delete the selected users from Axonius. Deleted users may be added again to Axonius if they are discovered in any future discovery cycle.

Improve Correlation - Link Devices/Users

Manually correlate at least two device/user records and consolidate their details into a single device/user.

Improve Correlation - Unlink Devices/Users

Undo the correlation on a single device/user (with multiple adapter sources) into the constituent adapter sources of that device/user. Each individual adapter previously used in that correlation will now present as a single-adapter source device/user. For example, if a device/user has been correlated from three different adapters, unlinking that device will result in three different unlinked devices/users.

Enforce - Create Enforcement

Create a new enforcement set from the Assets pages with a Main Action that runs on the entities that you selected ('custom selection').
When you select this option, a drawer opens that lets you configure the following:

1. Enforcement set name.
2. Main Action - Select an action from the Action Library, to be performed when the enforcement set is executed.

Once configured, click Save and Run to save the enforcement set and generate an enforcement task that will run on the entities you have selected.

For more details, see Creating Enforcement Sets.

Enforce - Use Existing Enforcement

You can run a predefined Enforcement Set on one or more assets.
As there may be many Enforcement Sets defined in your system, you can facilitate its selection in one of the following ways:

• Searching for it by its name (partial or whole) in the search box.
• Scrolling through the list of existing Enforcement Sets, which are listed in descending order of their create dates (i.e., newest to oldest).

To run an existing Enforcement Set on one or more assets

1. On the assets page, select one or more assets, and then from the Actions menu, select Enforce> Use Existing Enforcement. A dialog opens for selecting the Enforcement Set to run on the selected assets.
   
2. Click inside the Enforcement Set... textbox. A list of existing Enforcement Sets opens, in descending order of their create dates.
3. Do one of the following:
   • Type all or part of the Enforcement Set name in the textbox, and then from the resulting list of Enforcement Sets containing the searched string, select the relevant Enforcement Set name.
   • Scroll through the list of existing Enforcement Sets until you find the one that you want to run, and then select it.

3. Click Run. The Enforcement Set runs on the selected assets.
   To learn more, see Enforcement Center Page.

Filter Out from Query Results

Filter out the selected devices/users from the query results. Once filtered out, the Query Wizard adds a new Filtered out from query result line. Click Clear to restore the filtered out devices/users.

Export Comparison Report

Select one or more devices to create a comparison report. Refer to Comparison Report for Assets.

Create Ticket

You can create a ticket/incident in a third-party ticketing system directly from an assets table. This shortcut enables you to create an Enforcement Set of the Create Incident or Ticket category for a single or several assets (of the same type) in just one click directly from the asset Actions menu without having to open it in the Enforcement Center. Using this shortcut saves time and effort.
When you click Create Ticket from the assets table Actions menu, a dialog opens where you can select an EC action. The dialog updates with only the mandatory fields required to create the relevant "Create Incident or Ticket" action. The fields presented are a subset of the fields that are available when you create this Enforcement Set from the Enforcement Center, and should be filled in with the same values as if you were creating the Action from the Enforcement Center itself. You can fill in only the presented fields and immediately create the action, or you can continue to the Enforcement Center to add more configuration. By default, the action connects to the third-party adapter using the adapter connection configured in the system for that adapter. The Jira - Create Issue and Create Issue per Asset need to have a Jira server configured in System Settings > External Integrations > Configuring Jira Settings.
The Actions created from asset tables are automatically placed in the Enforcement Center in the Quick Actions folder.

• For a full list of incidents and tickets, see Create Incident or Ticket.
• For Vulnerabilities, the actions listed in Using Vulnerabilities Queries in Enforcement Actions are supported.

To create a ticket/incident directly from an assets page

1. On an assets page, select one or more assets.
2. Open the Actions menu, and select Create Ticket. The Create Incident or Ticket dialog opens.
   
3. From the dropdown, select a vendor and action. The dialog updates with the mandatory fields relevant for the selected vendor and action.
4. Fill in the mandatory fields presented in the dialog (see Creating Enforcement Sets).
5. Proceed in one of the following two ways:
   • Create the ticket directly from the quick Create Incident or Ticket dialog - Click Create. A message appears saying either that the ticket was created successfully or that it failed.
   • Go to the Enforcement Center to configure optional and advanced settings for the Enforcement Set - Click Advanced and enable options and complete fields as required. Then click Save and Run. A notification opens with the message: Enforcement Set was triggered to run. Click Close.

The ticket is saved in the Quick Actions folder in the Enforcement Center.