4.4.1. Device assets¶

API for working with device assets.

class axonius_api_client.api.assets.devices.Devices(auth, **kwargs)[source]¶

Bases: AssetMixin

API for working with device assets.

Examples

For all examples for this asset type, create a client using axonius_api_client.connect.Connect and assume apiobj is client.devices

>>> apiobj = client.devices

Get count of assets: count()
Get count of assets from a saved query: count_by_saved_query()
Get assets: get()
Get assets from a saved query: get_by_saved_query()
Get the full data set for a single asset: get_by_id()
Work with saved queries: axonius_api_client.api.assets.saved_query.SavedQuery
Work with fields: axonius_api_client.api.assets.fields.Fields
Work with tags: axonius_api_client.api.assets.labels.Labels

See also

User assets axonius_api_client.api.assets.users.Users

Parameters: auth (axonius_api_client.auth.models.Model) –

ASSET_TYPE: str = 'devices'¶

property fields_default: List[str]¶: Fields to use by default for getting assets.

get_by_hostnames(values, **kwargs)[source]¶

Build a query to get assets where FIELD_HOSTNAME in values.

Parameters

values (typing.List[str]) – list of hostnames
**kwargs – passed to get_by_values()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_hostname_regex(value, **kwargs)[source]¶

Build a query to get assets where FIELD_HOSTNAME regex matches value.

Parameters

value (str) – regex of hostname to match
**kwargs – passed to get_by_value_regex()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_hostname(value, **kwargs)[source]¶

Build a query to get assets where FIELD_HOSTNAME == value.

Parameters

value (str) – hostname
**kwargs – passed to get_by_value()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_macs(values, **kwargs)[source]¶

Build a query to get assets where FIELD_MAC in values.

Parameters

values (typing.List[str]) – list of mac addresss
**kwargs – passed to get_by_values()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_mac_regex(value, **kwargs)[source]¶

Build a query to get assets where FIELD_MAC regex matches value.

Parameters

value (str) – regex of mac adress to match
**kwargs – passed to get_by_value_regex()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_mac(value, **kwargs)[source]¶

Build a query to get assets where FIELD_MAC == value.

Parameters

value (str) – mac adress
**kwargs – passed to get_by_value()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_ips(values, **kwargs)[source]¶

Build a query to get assets where FIELD_IP in values.

Parameters

values (typing.List[str]) – list of ip address
**kwargs – passed to get_by_values()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_ip_regex(value, **kwargs)[source]¶

Build a query to get assets where FIELD_IP regex matches value.

Parameters

values – regex of ip address to match to match
**kwargs – passed to get_by_value_regex()
value (str) –

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_ip(value, **kwargs)[source]¶

Build a query to get assets where FIELD_IP == value.

Parameters

value (str) – ip address
**kwargs – passed to get_by_value()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_subnet(value, not_flag=False, pre='', post='', **kwargs)[source]¶

Build a query to get assets where ip address is in FIELD_IP_RAW.

Parameters

value (str) – subnet
**kwargs – passed to get()
not_flag (bool) –
pre (str) –
post (str) –

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

FIELD_ASSET_NAME: str = 'specific_data.data.name'¶: Asset Name field.

FIELD_HOSTNAME: str = 'specific_data.data.hostname'¶: Hostname field.

FIELD_IP: str = 'specific_data.data.network_interfaces.ips'¶: Network Interfaces IPs field.

FIELD_IP_RAW: str = 'specific_data.data.network_interfaces.ips_raw'¶: Network Interfaces IPs raw field.

FIELD_MAC: str = 'specific_data.data.network_interfaces.mac'¶: Network Interfaces MACs field.

FIELD_SUBNET: str = 'specific_data.data.network_interfaces.subnets'¶: Network Interfaces Subnets field.

FIELD_OS_TYPE: str = 'specific_data.data.os.type'¶: OS Type field.

FIELDS_API: t.List[str] = ['internal_axon_id', 'adapters', 'labels', 'adapter_list_length']¶: Field names that are always returned by the REST API no matter what fields are selected

FIELD_ADAPTERS: str = 'adapters'¶: Field name for list of adapters on an asset.

FIELD_ADAPTER_LEN: str = 'adapter_list_length'¶: Field name for count of adapters on an asset.

FIELD_AXON_ID: str = 'internal_axon_id'¶: Field name for asset unique ID.

FIELD_LAST_SEEN: str = 'specific_data.data.last_seen'¶: Field name for last time an adapter saw the asset.

FIELD_TAGS: str = 'labels'¶: Field name for getting tabs (labels).

__init__(auth, **kwargs)¶

Mixins for API Models.

Parameters

auth (axonius_api_client.auth.models.Model) – object to use for auth and sending API requests
**kwargs – passed to _init()

__repr__()¶

Show info for this model object.

Return type: str

__str__()¶

Show info for this model object.

Return type: str

_build_query(inner, not_flag=False, pre='', post='')¶

Query builder with basic functionality.

Notes

It is better to use wizard, wizard_text, or wizard_csv to build queries!

Parameters

inner (str) – inner query portion to wrap in parens and prefix with not
not_flag (bool) – prefix query with ‘not’
pre (str) – query to add to the beginning of the query
post (str) – query to add to the end of the query

Return type

str

_count(filter=None, history_date=None, use_cache_entry=False, saved_query_id=None)¶

Private API method to get the count of assets.

Parameters

filter (t.Optional[str], optional) – if supplied, only return the count of assets that match the query
history_date (t.Optional[t.Union[str, timedelta, datetime]], optional) – Description
use_cache_entry (bool, optional) – Description
saved_query_id (typing.Optional[str]) –

Return type

axonius_api_client.api.json_api.assets.Count

_destroy(destroy, history)¶

Private API method to destroy ALL assets.

Parameters

destroy (bool) – Must be true in order to actually perform the delete
history (bool) – Also delete all historical information

Return type

dict

_get(always_cached_query=False, use_cache_entry=False, include_details=False, include_notes=False, get_metadata=True, use_cursor=True, sort_descending=False, history_date=None, filter=None, cursor_id=None, sort=None, excluded_adapters=None, field_filters=None, fields=None, saved_query_id=None, expressions=None, offset=0, limit=2000, http_args=None)¶

Private API method to get a page of assets.

Parameters

always_cached_query (bool, optional) – UNK
use_cache_entry (bool, optional) – UNK
include_details (bool, optional) – include details fields showing the adapter source of agg values
include_notes (bool, optional) – Description
get_metadata (bool, optional) – Description
use_cursor (bool, optional) – Description
sort_descending (bool, optional) – reverse the sort of the returned assets
history_date (t.Optional[str], optional) – return assets for a given historical date
filter (t.Optional[str], optional) – Description
cursor_id (t.Optional[str], optional) – Description
sort (t.Optional[str], optional) – Description
excluded_adapters (t.Optional[dict], optional) – Description
field_filters (t.Optional[dict], optional) – Description
fields (t.Optional[dict], optional) – CSV or list of fields to include in return
offset (int, optional) – Description
limit (int, optional) – Description
saved_query_id (typing.Optional[str]) –
expressions (typing.Optional[typing.List[dict]]) –
http_args (typing.Optional[dict]) –

Return type

axonius_api_client.api.json_api.assets.AssetsPage

_get_by_id(id)¶

Private API method to get the full metadata of all adapters for a single asset.

Parameters: id (str) – asset to get all metadata for
Return type: axonius_api_client.api.json_api.assets.AssetById

_history_dates()¶

Private API method to get all known historical dates.

Return type: axonius_api_client.api.json_api.assets.HistoryDates

_init(**kwargs)¶: Post init method for subclasses to use for extra setup.

_run_enforcement(name, ids, include=True, fields=None, query='')¶

Run an enforcement set manually against a list of assets internal_axon_ids.

Parameters

name (str) – Name of enforcement set to exectue
ids (t.List[str]) – internal_axon_id’s of assets to run enforcement set against
include (bool, optional) – select IDs in DB or IDs NOT in DB
fields (t.Optional[t.List[str]], optional) – list of fields used to select assets
query (str, optional) – filter used to select assets

Returns

Empty response

Return type

TYPE

classmethod asset_modules()¶

Pass.

Return type: typing.List[axonius_api_client.api.assets.asset_mixin.AssetMixin]

classmethod asset_types()¶

Pass.

Return type: typing.List[str]

count(query=None, history_date=None, history_days_ago=None, history_exact=False, wiz_entries=None, use_cache_entry=False, saved_query_id=None, **kwargs)¶

Get the count of assets from a query.

Examples

Get count of all assets

>>> count = apiobj.count()

Get count of all assets for a given date

>>> count = apiobj.count(history_date="2020-09-29")

Get count of assets matching a query built by the GUI query wizard

>>> query='(specific_data.data.name == "test")'
>>> count = apiobj.count(query=query)

Get count of assets matching a query built by the API client query wizard

>>> entries = [{'type': 'simple', 'value': 'name equals test'}]
>>> count = apiobj.count(wiz_entries=entries)

Parameters

query (typing.Optional[str]) – if supplied, only return the count of assets that match the query if not supplied, the count of all assets will be returned
history_date (typing.Union[str, datetime.timedelta, datetime.datetime, None]) – return asset count for a given historical date
wiz_entries (typing.Union[typing.List[dict], typing.List[str], dict, str, None]) – wizard expressions to create query from
history_days_ago (typing.Optional[int]) –
history_exact (bool) –
use_cache_entry (bool) –
saved_query_id (typing.Optional[str]) –

Return type

int

count_by_saved_query(name, **kwargs)¶

Get the count of assets for a query defined in a saved query.

Examples

Get count of assets returned from a saved query

>>> count = apiobj.count_by_saved_query(name="test")

Get count of assets returned from a saved query for a given date

>>> count = apiobj.count_by_saved_query(name="test", history_date="2020-09-29")

Parameters

name (str) – saved query to get count of assets from
kwargs – supplied to count()

Return type

int

property data_scopes¶: Work with data scopes.

destroy(destroy, history)¶

Delete ALL assets.

Notes

Enable the Enable API destroy endpoints setting under Settings > Global Settings > API Settings > Enable advanced API settings for this method to function.

Parameters

destroy (bool) – Must be true in order to actually perform the delete
history (bool) – Also delete all historical information

Return type

dict

property enforcements¶: Work with data scopes.

get(generator=False, **kwargs)¶

Get assets from a query.

Examples

Get all assets with the default fields defined in the API client

>>> assets = apiobj.get()

Get all assets using an iterator

>>> assets = [x for x in apiobj.get(generator=True)]

Get all assets with fields that equal names

>>> assets = apiobj.get(fields=["os.type", "aws:aws_device_type"])

Get all assets with fields that fuzzy match names and no default fields

>>> assets = apiobj.get(fields_fuzzy=["last", "os"], fields_default=False)

Get all assets with fields that regex match names a

>>> assets = apiobj.get(fields_regex=["^os\."])

Get all assets with all root fields for an adapter

>>> assets = apiobj.get(fields_root="aws")

Get all assets for a given date in history and sort the rows on a field

>>> assets = apiobj.get(history_date="2020-09-29", sort_field="name")

Get all assets with details of which adapter connection provided the agg data

>>> assets = apiobj.get(include_details=True)

Get assets matching a query built by the GUI query wizard

>>> query='(specific_data.data.name == "test")'
>>> assets = apiobj.get(query=query)

Get assets matching a query built by the API client query wizard

>>> entries=[{'type': 'simple', 'value': 'name equals test'}]
>>> assets = apiobj.get(wiz_entries=entries)

See also

This method is used by all other get* methods under the hood and their kwargs are passed thru to this method and passed to get_generator() which are then passed to whatever callback is used based on the export argument.

If export is not supplied, see axonius_api_client.api.asset_callbacks.base.Base.args_map().

If export equals json, see axonius_api_client.api.asset_callbacks.base_json.Json.args_map().

If export equals csv, see axonius_api_client.api.asset_callbacks.base_csv.Csv.args_map().

If export equals json_to_csv, see axonius_api_client.api.asset_callbacks.base_json_to_csv.JsonToCsv.args_map().

If export equals table, see axonius_api_client.api.asset_callbacks.base_table.Table.args_map().

If export equals xlsx, see axonius_api_client.api.asset_callbacks.base_xlsx.Xlsx.args_map().

Parameters

generator (bool) – return an iterator for assets that will yield rows as they are fetched
**kwargs – passed to get_generator()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_id(id)¶

Get the full data set of all adapters for a single asset.

Examples

>>> asset = apiobj.get_by_id(id="3d69adf54879faade7a44068e4ecea6e")

Parameters: id (str) – internal_axon_id of asset to get all data set for
Raises: NotFoundError – if id is not found
Return type: dict

get_by_saved_query(name, **kwargs)¶

Get assets that would be returned by a saved query.

Examples

First, create a client using axonius_api_client.connect.Connect and assume apiobj is client.devices or client.users

>>> apiobj = client.devices

Get assets from a saved query with complex fields flattened

>>> assets = apiobj.get_by_saved_query(name="test", field_flatten=True)

Notes

The query and the fields defined in the saved query will be used to get the assets.

Parameters

name (str) – name of saved query to get assets from
**kwargs – passed to get()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_value(value, field, not_flag=False, pre='', post='', field_manual=False, **kwargs)¶

Build a query to get assets where field equals a value.

Notes

It is better to use wizard, wizard_text, or wizard_csv to build queries!

Parameters

value (str) – value that must equal field
field (str) – name of field to query against
not_flag (bool) – prefix query with ‘not’
pre (str) – query to add to the beginning of the query
post (str) – query to add to the end of the query
field_manual (bool) – consider supplied field as a fully qualified field name
**kwargs – passed to get()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_value_regex(value, field, cast_insensitive=True, not_flag=False, pre='', post='', field_manual=False, **kwargs)¶

Build a query to get assets where field regex matches a value.

Notes

It is better to use wizard, wizard_text, or wizard_csv to build queries!

Parameters

value (str) – regex that must match field
field (str) – name of field to query against
case_insensitive – ignore case when performing the regex match
not_flag (bool) – prefix query with ‘not’
pre (str) – query to add to the beginning of the query
post (str) – query to add to the end of the query
field_manual (bool) – consider supplied field as a fully qualified field name
**kwargs – passed to get()
cast_insensitive (bool) –

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_by_values(values, field, not_flag=False, pre='', post='', field_manual=False, **kwargs)¶

Build a query to get assets where field in values.

Notes

It is better to use wizard, wizard_text, or wizard_csv to build queries!

Parameters

values (typing.List[str]) – list of values that must match field
field (str) – name of field to query against
not_flag (bool) – prefix query with ‘not’
pre (str) – query to add to the beginning of the query
post (str) – query to add to the end of the query
field_manual (bool) – consider supplied field as a fully qualified field name
**kwargs – passed to get()

Return type

typing.Union[typing.Generator[dict, None, None], typing.List[dict]]

get_generator(query=None, fields=None, fields_manual=None, fields_regex=None, fields_regex_root_only=True, fields_fuzzy=None, fields_default=True, fields_root=None, fields_error=True, max_rows=None, max_pages=None, row_start=0, page_size=2000, page_start=0, page_sleep=0, export='base', include_notes=False, include_details=False, sort_field=None, sort_descending=False, history_date=None, history_days_ago=None, history_exact=False, wiz_entries=None, saved_query_id=None, expressions=None, http_args=None, **kwargs)¶

Get assets from a query.

Parameters

query (typing.Optional[str]) – if supplied, only get the assets that match the query
fields (typing.Union[typing.List[str], str, None]) – fields to return for each asset (will be validated)
fields_manual (typing.Union[typing.List[str], str, None]) – fields to return for each asset (will NOT be validated)
fields_regex (typing.Union[typing.List[str], str, None]) – regex of fields to return for each asset
fields_regex_root_only (bool) – only match fields_regex values against root fields
fields_fuzzy (typing.Union[typing.List[str], str, None]) – string to fuzzy match of fields to return for each asset
fields_default (bool) – include the default fields in fields_default
fields_root (typing.Optional[str]) – include all fields of an adapter that are not complex sub-fields
fields_error (bool) – throw validation errors on supplied fields
max_rows (typing.Optional[int]) – only return N rows
max_pages (typing.Optional[int]) – only return N pages
row_start (int) – start at row N
page_size (int) – fetch N rows per page
page_start (int) – start at page N
page_sleep (int) – sleep for N seconds between each page fetch
export (str) – export assets using a callback method
include_notes (bool) – include any defined notes for each adapter
include_details (bool) – include details fields showing the adapter source of agg values
sort_field (typing.Optional[str]) – sort the returned assets on a given field
sort_descending (bool) – reverse the sort of the returned assets
history_date (typing.Union[str, datetime.timedelta, datetime.datetime, None]) – return assets for a given historical date
history_days_ago (typing.Optional[int]) – return assets for a history date N days ago
history_exact (bool) – Use the closest match for history_date and history_days_ago
wiz_entries (typing.Union[typing.List[dict], typing.List[str], dict, str, None]) – wizard expressions to create query from
**kwargs – passed thru to the asset callback defined in export
saved_query_id (typing.Optional[str]) –
expressions (typing.Optional[typing.List[dict]]) –
http_args (typing.Optional[dict]) –

Return type

typing.Generator[dict, None, None]

get_history_date(date=None, days_ago=None, exact=False)¶

Pass.

Parameters

date (typing.Union[str, datetime.timedelta, datetime.datetime, None]) –
days_ago (typing.Optional[int]) –
exact (bool) –

Return type

typing.Optional[str]

get_sort_field(field=None, descending=False)¶

Pass.

Parameters

field (typing.Optional[str]) –
descending (bool) –

Return type

typing.Optional[str]

get_wiz_entries(wiz_entries=None)¶

Pass.

Parameters: wiz_entries (typing.Union[typing.List[dict], typing.List[str], dict, str, None]) –
Return type: typing.Optional[dict]

history_dates()¶

Get all known historical dates.

Return type: dict

history_dates_obj()¶

Pass.

Return type: axonius_api_client.api.json_api.assets.AssetTypeHistoryDates

run_enforcement(eset, ids, verify_and_run=True, verified=False, verify_count=True, prompt=False, do_echo=False, refetch=False, src_query=None, src_fields=None, check_stdin=True, grabber=None)¶

Run an enforcement set against a manually selected list of assets.

Examples

‘’’Get a list of assets from a query and manually extract the IDs. We know assets are valid because we just got them, so we pass verified=True. ‘’’ client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities WIZ = “simple os.type equals Windows” # “query of assets to target” ESET = “test” # “name or uuid of enforcement set” ITEMS = apiobj.get(wiz_entries=WIZ) IDS = [x[‘internal_axon_id’] for x in ITEMS] runner = apiobj.run_enforcement(eset=ESET, ids=IDS, verified=True) print(runner) ‘’’ Runner(

Parameters

eset (ENFORCEMENT) – name, uuid, or Enforcement Set object to run
ids (t.Union[str, t.List[str]]) – Asset IDs to run Enforcement Set against, csv-like string or list of csv-like strings
verify_and_run (bool, optional) – if false, return the Runner object to use manually. if true, run :method:`Runner.verify_and_run` before returning the Runner object
verified (bool) – $ids already verified, just run $eset against $ids
verify_count (bool) – Verify that the count of $query equals the count of $ids
prompt (bool) – Prompt user for verification when applicable.
do_echo (bool) – Echo output to console as well as log
refetch (bool) – refetch $eset even if it is already a model
check_stdin (bool) – check if stdin is a TTY when prompting
grabber (typing.Optional[axonius_api_client.parsers.grabber.Grabber]) – (grabber): Grabber used to get IDs
src_query (typing.Optional[str]) –
src_fields (typing.Optional[typing.List[str]]) –

Returns

Runner object used to verify and run $eset

Return type

Runner

run_enforcement_from_csv(eset, items, keys=None, do_echo_grab=True, do_raise_grab=False, load_args=None, **kwargs)¶

Get Asset IDs from a CSV string and run $eset against them.

Examples

‘’’Get a list of assets from a query and export the assets to a JSONL str then run an enforcement against all asset IDs from the JSONL str. We can also use a CSV file exported from the GUI. We know assets are valid because we just got them, so we pass verified=True. ‘’’ from axonius_api_client.tools import bom_strip import io client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities WIZ = “simple os.type equals Windows” # “query of assets to target” ESET = “test” # “name or uuid of enforcement set” FH = io.StringIO() z = apiobj.get(wiz_entries=WIZ, export=”csv”, export_fd=FH, export_fd_close=False) FH.seek(0) ITEMS = bom_strip(FH.getvalue()) runner = apiobj.run_enforcement_from_csv(eset=ESET, items=ITEMS, verified=True) print(runner) ‘’’ Runner(

), ) ‘’’

‘’’Get a list of assets from a query and export the assets to a CSV file then run an enforcement against all asset IDs from the CSV file. We can also use a CSV file exported from the GUI. We know assets are valid because we just got them, so we pass verified=True. ‘’’ import pathlib client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities WIZ = “simple os.type equals Windows” # “query of assets to target” ESET = “test” # “name or uuid of enforcement set” PATH = pathlib.Path(“data.csv”) z = apiobj.get(wiz_entries=WIZ, export=”csv”, export_file=PATH, export_overwrite=True) runner = apiobj.run_enforcement_from_csv(eset=ESET, items=PATH, verified=True) print(runner) ‘’’ Runner(

), ) ‘’’

Parameters

eset (ENFORCEMENT) – name, uuid, or Enforcement Set object to run
items (t.Union[str, bytes, t.IO, pathlib.Path]) – csv str, handle for file containing csv str, or pathlib.Path of path containing csv str
keys (t.Union[str, t.List[str]]) – additional keys for grabber to look for Asset IDs in
do_echo_grab (bool, optional) – Echo output of Asset ID grabber to console as well as log
do_raise_grab (bool, optional) – Throw an error if grabber fails to find an Asset ID in any items
**kwargs – passed to :method:`run_enforcement`
load_args (typing.Optional[dict]) –

Returns

Runner object used to verify and run $eset

Return type

Runner

run_enforcement_from_csv_path(eset, path, keys=None, do_echo_grab=True, do_raise_grab=False, **kwargs)¶

Get Asset IDs from a CSV file and run $eset against them.

Examples

‘’’Run an enforcement against all asset IDs from a JSONL file. We are unsure if Asset IDs are still valid for this instance so we do not pass verified=True. ‘’’ client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities PATH = “data.csv” ESET = “test” # “name or uuid of enforcement set” runner = apiobj.run_enforcement_from_csv_path(eset=ESET, path=PATH) print(runner) ‘’’ Runner(

from_csv items type=PosixPath, length=None post_load type=list, length=33’, ), ) ‘’’

Parameters

eset (ENFORCEMENT) – name, uuid, or Enforcement Set object to run
path (PathLike) – str or pathlib.Path of path containing csv str
keys (t.Union[str, t.List[str]]) – additional keys for grabber to look for Asset IDs in
do_echo_grab (bool, optional) – Echo output of Asset ID grabber to console as well as log
do_raise_grab (bool, optional) – Throw an error if grabber fails to find an Asset ID in any items
**kwargs – passed to :method:`run_enforcement`

Returns

Runner object used to verify and run $eset

Return type

Runner

run_enforcement_from_items(eset, items, keys=None, do_echo_grab=True, do_raise_grab=False, **kwargs)¶

Get Asset IDs from a list of dicts or strs and run $eset against them.

Examples

‘’’Get a list of assets from a query and use the grabber get the IDs. We know assets are valid because we just got them, so we pass verified=True. ‘’’ client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities WIZ = “simple os.type equals Windows” # “query of assets to target” ESET = “test” # “name or uuid of enforcement set” ITEMS = apiobj.get(wiz_entries=WIZ) runner = apiobj.run_enforcement_from_items(eset=ESET, items=ITEMS, verified=True) print(runner) ‘’’ Runner(

), ) ‘’’

Parameters

eset (ENFORCEMENT) – name, uuid, or Enforcement Set object to run
items (t.Union[str, t.List[str], dict, t.List[dict], types.GeneratorType]) – list of strs or dicts to grab Asset IDs from
keys (t.Union[str, t.List[str]]) – additional keys for grabber to look for Asset IDs in
do_echo_grab (bool, optional) – Echo output of Asset ID grabber to console as well as log
do_raise_grab (bool, optional) – Throw an error if grabber fails to find an Asset ID in any items
**kwargs – passed to :method:`run_enforcement`

Returns

Runner object used to verify and run $eset

Return type

Runner

run_enforcement_from_json(eset, items, keys=None, do_echo_grab=True, do_raise_grab=False, **kwargs)¶

Get Asset IDs from a JSON string with a list of dicts and run $eset against them.

Examples

‘’’Get a list of assets from a query and export the assets to a JSON str then run an enforcement against all asset IDs from the JSON str. We know assets are valid because we just got them, so we pass verified=True. ‘’’ import io client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities WIZ = “simple os.type equals Windows” # “query of assets to target” ESET = “test” # “name or uuid of enforcement set” FH = io.StringIO() z = apiobj.get(wiz_entries=WIZ, export=”json”, export_fd=FH, export_fd_close=False) FH.seek(0) ITEMS = FH.getvalue() runner = apiobj.run_enforcement_from_json(eset=ESET, items=ITEMS, verified=True) print(runner) ‘’’ Runner(

), ) ‘’’

‘’’Get a list of assets from a query and export the assets to a JSON file then run an enforcement against all asset IDs from the JSON file. We know assets are valid because we just got them, so we pass verified=True. ‘’’ import pathlib client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities WIZ = “simple os.type equals Windows” # “query of assets to target” ESET = “test” # “name or uuid of enforcement set” PATH = pathlib.Path(“data.json”) z = apiobj.get(wiz_entries=WIZ, export=”json”, export_file=PATH, export_overwrite=True) runner = apiobj.run_enforcement_from_json(eset=ESET, items=PATH, verified=True) print(runner) ‘’’ Runner(

), ) ‘’’

Parameters

eset (ENFORCEMENT) – name, uuid, or Enforcement Set object to run
items (t.Union[str, bytes, t.IO, pathlib.Path]) – json str, handle for file containing json str, or pathlib.Path of path containing json str
keys (t.Union[str, t.List[str]]) – additional keys for grabber to look for Asset IDs in
do_echo_grab (bool, optional) – Echo output of Asset ID grabber to console as well as log
do_raise_grab (bool, optional) – Throw an error if grabber fails to find an Asset ID in any items
**kwargs – passed to :method:`run_enforcement`

Returns

Runner object used to verify and run $eset

Return type

Runner

run_enforcement_from_json_path(eset, path, keys=None, do_echo_grab=True, do_raise_grab=False, **kwargs)¶

Get Asset IDs from a JSON file with a list of dicts and run $eset against them.

Examples

‘’’Run an enforcement against all asset IDs from a JSON file. We are unsure if Asset IDs are still valid for this instance so we do not pass verified=True. ‘’’ client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities PATH = “data.json” ESET = “test” # “name or uuid of enforcement set” runner = apiobj.run_enforcement_from_json_path(eset=ESET, path=PATH) print(runner) ‘’’ Runner(

from_json items type=PosixPath, length=None post_load type=list, length=31’, ), ) ‘’’

Parameters

eset (ENFORCEMENT) – name, uuid, or Enforcement Set object to run
path (PathLike) – str or pathlib.Path of path containing json str
keys (t.Union[str, t.List[str]]) – additional keys for grabber to look for Asset IDs in
do_echo_grab (bool, optional) – Echo output of Asset ID grabber to console as well as log
do_raise_grab (bool, optional) – Throw an error if grabber fails to find an Asset ID in any items
**kwargs – passed to :method:`run_enforcement`

Returns

Runner object used to verify and run $eset

Return type

Runner

run_enforcement_from_jsonl(eset, items, keys=None, do_echo_grab=True, do_raise_grab=False, **kwargs)¶

Get Asset IDs from a JSONL string with one dict per line and run $eset against them.

Examples

‘’’Get a list of assets from a query and export the assets to a JSONL str then run an enforcement against all asset IDs from the JSONL str. We know assets are valid because we just got them, so we pass verified=True. ‘’’ import io client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities WIZ = “simple os.type equals Windows” # “query of assets to target” ESET = “test” # “name or uuid of enforcement set” FH = io.StringIO() z = apiobj.get(

FH.seek(0) runner = apiobj.run_enforcement_from_jsonl(eset=ESET, items=FH, verified=True) print(runner) ‘’’ Runner(

), ) ‘’’

‘’’Get a list of assets from a query and export the assets to a JSONL file then run an enforcement against all asset IDs from the JSONL file. We know assets are valid because we just got them, so we pass verified=True. ‘’’ import pathlib client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities WIZ = “simple os.type equals Windows” # “query of assets to target” ESET = “test” # “name or uuid of enforcement set” PATH = pathlib.Path(“data.jsonl”) z = apiobj.get(

runner = apiobj.run_enforcement_from_jsonl(eset=ESET, items=PATH, verified=True) print(runner) ‘’’ Runner(

), ) ‘’’

Parameters

eset (ENFORCEMENT) – name, uuid, or Enforcement Set object to run
items (t.Union[str, bytes, t.IO, pathlib.Path]) – jsonl str, handle for file containing jsonl str, or pathlib.Path of path containing jsonl str
keys (t.Union[str, t.List[str]]) – additional keys for grabber to look for Asset IDs in
do_echo_grab (bool, optional) – Echo output of Asset ID grabber to console as well as log
do_raise_grab (bool, optional) – Throw an error if grabber fails to find an Asset ID in any items
**kwargs – passed to :method:`run_enforcement`

Returns

Runner object used to verify and run $eset

Return type

Runner

run_enforcement_from_jsonl_path(eset, path, keys=None, do_echo_grab=True, do_raise_grab=False, **kwargs)¶

Get Asset IDs from a JSONL file with one dict per line and run $eset against them.

Examples

‘’’Run an enforcement against all asset IDs from a JSONL file. We are unsure if Asset IDs are still valid for this instance so we do not pass verified=True. ‘’’ client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities PATH = “data.jsonl” ESET = “test” # “name or uuid of enforcement set” runner = apiobj.run_enforcement_from_jsonl_path(eset=ESET, path=PATH) print(runner) ‘’’ Runner(

from_jsonl items type=PosixPath, length=None post_load type=list, length=31’, ), ) ‘’’

Parameters

eset (ENFORCEMENT) – name, uuid, or Enforcement Set object to run
path (PathLike) – str or pathlib.Path of path containing jsonl str
keys (t.Union[str, t.List[str]]) – additional keys for grabber to look for Asset IDs in
do_echo_grab (bool, optional) – Echo output of Asset ID grabber to console as well as log
do_raise_grab (bool, optional) – Throw an error if grabber fails to find an Asset ID in any items
**kwargs – passed to :method:`run_enforcement`

Returns

Runner object used to verify and run $eset

Return type

Runner

run_enforcement_from_text(eset, items, keys=None, do_echo_grab=True, do_raise_grab=False, **kwargs)¶

Get Asset IDs from a text string and run $eset against them.

Examples

‘’’Get a list of assets from a query and export the assets to a text file then run an enforcement against all asset IDs from the text file. All lines will have any non alpha-numeric characters removed from them and if a 32 character alpha numeric string is found it is considered an Asset ID. We know assets are valid because we just got them, so we pass verified=True. ‘’’ import pathlib client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities WIZ = “simple os.type equals Windows” # “query of assets to target” ESET = “test” # “name or uuid of enforcement set” PATH = pathlib.Path(“data.txt”) ASSETS = apiobj.get(wiz_entries=WIZ) IDS = [x[‘internal_axon_id’] for x in ASSETS] PATH.write_text(’n’.join(IDS)) runner = apiobj.run_enforcement_from_text(eset=ESET, items=PATH, verified=True) print(runner) ‘’’ Runner(

), ) ‘’’

Parameters

eset (ENFORCEMENT) – name, uuid, or Enforcement Set object to run
items (t.Union[str, bytes, t.IO, pathlib.Path]) – text str, handle for file containing text str, or pathlib.Path of path containing text str
keys (t.Union[str, t.List[str]]) – n/a
do_echo_grab (bool, optional) – Echo output of Asset ID grabber to console as well as log
do_raise_grab (bool, optional) – Throw an error if grabber fails to find an Asset ID in any items
**kwargs – passed to :method:`run_enforcement`

Returns

Runner object used to verify and run $eset

Return type

Runner

run_enforcement_from_text_path(eset, path, keys=None, do_echo_grab=True, do_raise_grab=False, **kwargs)¶

Get Asset IDs from a text file and run $eset against them.

Examples

‘’’Run an enforcement against all asset IDs from a text file. All lines will have any non alpha-numeric characters removed from them and if a 32 character alpha numeric string is found it is considered an Asset ID. We are unsure if Asset IDs are still valid for this instance so we do not pass verified=True. ‘’’ client = globals()[‘client’] # instance of axonius_api_client.Connect apiobj = client.devices # client.devices, client.users, or client.vulnerabilities PATH = “data.txt” ESET = “test” # “name or uuid of enforcement set” runner = apiobj.run_enforcement_from_text_path(eset=ESET, path=PATH) print(runner) ‘’’ Runner(

from_text items type=PosixPath, length=None post_load type=generator, length=None’, ), ) ‘’’

Parameters

eset (ENFORCEMENT) – name, uuid, or Enforcement Set object to run
path (PathLike) – str or pathlib.Path of path containing text str
keys (t.Union[str, t.List[str]]) – n/a
do_echo_grab (bool, optional) – Echo output of Asset ID grabber to console as well as log
do_raise_grab (bool, optional) – Throw an error if grabber fails to find an Asset ID in any items
**kwargs – passed to :method:`run_enforcement`

Returns

Runner object used to verify and run $eset

Return type

Runner

LOG: logging.Logger¶: Logger for this object.

auth¶: axonius_api_client.auth.models.Mixins authentication object.

http¶: axonius_api_client.http.Http client to use to send requests,

FIELD_MAIN: str = 'specific_data.data.hostname'¶: Field name of the main identifier.

FIELD_SIMPLE: str = 'specific_data.data.hostname'¶: Field name of a simple field.

FIELD_COMPLEX: str = 'specific_data.data.network_interfaces'¶: Field name of a complex field.

FIELD_COMPLEX_SUB: str = 'name'¶: Field name of a complex sub field.

wizard: str = None¶

Query wizard for python objects.

Type: axonius_api_client.api.wizards.wizard.Wizard

wizard_text: str = None¶

Query wizard for text files.

Type: axonius_api_client.api.wizards.wizard_text.WizardText

wizard_csv = None¶

Query wizard for CSV files.

Type: axonius_api_client.api.wizards.wizard_csv.WizardCsv