A quick discussion: The difference between data in basic view vs advanced view
We all know Axonius brings in a tremendous amount of data for you from your devices, and we know that bringing in too much data can be distracting as well. Here at Axonius, we want to make sure we give you the most relevant data in a quick timeframe and then remind you that we have access to the rest of the data that may exist in the outliers.
This article is designed to give you a quick understanding of what the differences between basic and advanced view, what can be queried, how to make non queriable data queriable, and what to do if you don’t see what you are looking for in either section.
Data views are a foundational pillar to the asset management process. Most people are aware that if you click on a device post query you end up “exploding” the data structure to see what is inside. (see below)
This is not really new news. However, what is often not understood is that as mentioned above in the intro paragraph, there are two sets of views: Basic (Pretty yet not complete) vs. Advanced (Not as pretty but some slightly different datasets that can come in handy). This is important to know the difference because I personally run into this conversation about once a week and often those who I spoke with are illuminated and empowered after said conversation. So, with that said, let's get to the nitty gritty so you can be illuminated and empowered .
What is basic view and what can be queried?
Basic view or the beautified view. Take a look on the illustration below and you will see on the left hand corner of the adapter connections, you have all connectors that are applicable to the asset noted. If you have an workstation endpoint that has Active Directory, KASE, Crowdstrike, Qualys and a CSV adapter, those are what you will see on the left hand side. In this case, the asset itself is an AWS instance that is being managed by Crowdstrike, Cylance Protect, AD, Tanium, Trend Micro and WMI. There are lots of data points and they will all be fed together to the aggregated tab.
If you want to look at them granularly, you want to click on the adapter icon to the left and it will show you what is being reported to the adapter… mostly.
When I say mostly, I mean that we really strive to provide accurate and voluminous data, however, with so much of it out there, we want to make sure you see what is most important for you.
When we look at the data below, you see many of the high-level attributes that you may want to look for. If you go into your module, you will see that you can scroll down to get a much larger list than what is on the attachment above.
Another great thing about the basic view is that every element in the basic view is queriable in the query wizard. One quick note is that depending on your configurations and output parameters, there may be more query wizard options than you have on the basic view. If you dig in a bit, you will find that those are looked for but if you are not porting the information over, instead of coming back blank, they will be omitted from the basic view. Take for example if we go to the basic view, we will see that the AWS Organization has ARN, ID, Master Account ARN, Master Account ID, Master Account Email, and Feature set.
If we look at the dropdown options, we see there is an option for Available policy types / Available policy types: Type / Available policy types: Status
If we do a query on the available policy types standard id to see if there is any data that exists, it comes back with 0 assets returned.
If you feel you should be getting this data, check your configurations to make sure you are porting this information over. In some cases, you will not have it. Often, there is a permissions issue needed to be adjusted to be able to publish this information over.
What is in advanced view
The basic view is meant to be the 90% that we know people are looking for. Often there is data that is moved over but it may not be super helpful to the masses. This is where the advanced view comes in. The advanced view is purposefully meant to be more to mimic a database view and is not beautified as it is posted as it comes in from the API raw response of what we get back from your tool. What is great about it is that often times it has more information than the basic view has. See below for a snapshot of the information.
As you can see above, the data mimics the data in the basic view, however, there is more granular level details in the advanced vs the basic view. Take for instance the network interface. On the basic view you will see the high level information regarding MAC and IP addresses, and the instance id, however, if you want to look at Groupid information or the attachment status, of the network interface, you would need to go into the advanced view to find this information.
How to move advanced view data to be queriable.
So, at this point, we have identified what is in the basic vs advanced view but so what? You are at a spot where you need to query a dataset based on something really specific that doesn’t have a query option.
Luckily, the answer is pretty easy. The query wizard needs to have a smooth flow and as we grow our adapter line, so does the wizard, however, we don’t want to throw everything in the system all at once. All we need you to do it go to the top of the screen you are at (you should be in the community right now) click back to the customer support portal and jump in your account ticket creation section. Put in a ticket, let us know the data is in the advanced view and we will take care of you. Often times, a screenshot of what you are looking for is super helpful so we don’t have any crossed paths in what you are looking for.
What about if it is not in advanced view or basic view?
Lastly… what about if you don’t see it in your basic or advanced view but you know it is in your adapter instance?
If you know it is there, that is pretty telling that we can get it added for you. You would want to put in a ticket as well and let us know that the information is not in the advanced filters, you have confirmed that you do not have any permissions holding you back (sometimes you don’t know, so if you don’t know, don’t worry about this part) and we will see what we can do. We have to make sure the adapter has the output variable or parameter in their API and if so, we can write it into the code. If it doesn’t, we may have to have a talk with the adapter vendor and if you can help us get that set up, we would be forever in your debt.
We love to see people happy and the best way to make you happy is to give you the ability to answer questions without a headache.
Well, that’s about it. Hopefully you got something out of this article, and it made your day a little less confusing. If so, please let me know, either drop a line below with any further questions or press on that the upvote arrows at the top of the page to show that these types of articles are helpful for you. Have a great day!