Axonius
About
The Axonius NetoFuse module provides enriched asset context to Netography Fusion from Axonius. It connects to the Axonius Platform API to retrieve asset information and then uploads it as Context Labels to the Netography Fusion API.
As Axonius is a flexible platform that has a very broad set of potential queries and fields that may be used, you should expect that using this module will require basic familiarity with Axonius.
NetoFuse Modules: Cloud deployment vs. On-Prem deployment
This page documents how to add and configure the NetoFuse module for an on-prem deployment with a container or Python package. If you want to use the cloud deployment model and have this integration run in the Netography Fusion SaaS, you can add it as a context integration in the Netography Fusion Portal instead by consulting the Context Integrations documentation.
API Configuration Parameters
All the fields required for this integration are listed here, along with the corresponding environment variable name used to set that field in the NetoFuse module.
| Axonius Field | Required | NetoFuse Environment Variable | Description |
|---|---|---|---|
| URL | yes | NETO__AXONIUS__URL | URL to Axonius API |
| API Key | yes | NETO__AXONIUS_CREDENTIALS__KEY | Authentication key for Axonius API |
| API Secret | yes | NETO__AXONIUS_CREDENTIALS__SECRET | Authentication secret for Axonius API |
saved_query | no | NETO__AXONIUS__SAVED_QUERY | Saved query can be used to retrieve asset information |
Axonius Configuration
- Create an API key in Axonius by following the instructions here: Axonius REST API
- Optional: You can create a Saved Query in Axonius and then use that to determine what asset information is retrieved from the Axonius API. See: Creating and Saving a Saved Query in Axonius. If you do not specify a saved query, you must instead directly define the query in the Axonius NetoFuse module configuration below.
Configuring how the Axonius API is queried
Due to the wide variety in how Axonius is used, the axonius NetoFuse module does not have a default configuration for what assets and fields to use from Axonius. At a minimum, you must define the query to use with Axonius and the fields to retrieve.
The axonius module has three options available for defining what assets are retrieved and what fields are retrieved for those assets:
API query option 1: saved_query
saved_querySee step 2 of the Axonius Configuration section above to set a saved query in Axonius.
API query option 2: query and fields
query and fieldsUse the query field with a valid Axonius GUI wizard expression. See Creating Queries with the Query Wizard for instructions on constructing queries in the Axonius GUI.
The fields field contains the list of Axonius fields to return from the API. To see a list of available fields in your Axonius deployment, you can install the Axonius API client and run the following command:
axonshell devices get-fields
API query option 3: entries and fields
entries and fieldsThe entries field contains the Axonius API wizard expression used to return the list of devices. You can get help with this by installing the Axonius API client and running the following command:
axonshell devices get --help-detailed wizard
The fields field contains the list of Axonius fields to return from the API. To see a list of available fields in your Axonius deployment, you can install the Axonius API client and run the following command:
axonshell devices get-fields
client_args adds additional arguments to pass to the Axonius API client
client_args adds additional arguments to pass to the Axonius API clientAny key:value parameters included in the client_args:section of the module configuration will be directly passed as parameters to the Axonius API client.
Tips for configuring queries
The module uses the Axonius API client to connect to and retrieve assets from Axonius. This is a freely available client from Axonius, and it is very helpful to have this client installed and configured on your development or local system if you will use this module. Test the queries and field settings you want to use, and inspect the results that are being returned using the axonshell devices commands.
For example, this command can be used as a template for testing different field and query configuration options:
axonshell devices get --fields '' --query ''
Download the Axonius API client here: https://axonius-api-client.readthedocs.io/en/latest/index.html
default axonius module configuration
axonius module configuration axonius:
url:
saved_query: Netography API Query 1
client_args: {}
credentials:
key:
secret:
transform:
specific_data.data.hostname:
context: name
specific_data.data.network_interfaces.ips:
context: ip
specific_data.data.network_interfaces.mac:
context: mac_addr
specific_data.data.os.type:
context: os
function:
function: transform_os
specific_data.data.os.os_str:
context: osver
specific_data.data.cpus.manufacturer:
context: manufacturer
axonius NetoFuse Context Transform
axonius NetoFuse Context TransformUse the buildtransform command to build a new transform configuration based on the actual fields returned by the Axonius API.
You can edit the transform section to change the context values to the context label names to use in Netography and remove any extra fields returned by Axonius that you do not want to be loaded. See the Context Transforms documentation section for more instructions on building and editing NetoFuse transforms.
Updated 6 months ago