A quick discussion: The difference between data in basic view vs advanced view

We all know that Axonius brings in a tremendous amount of data for you from your devices, and we know that bringing in too much data can be distracting. Here at Axonius, we want to make sure we give you the most relevant data in a quick timeframe, and then remind you that we have access to the rest of the data that may exist in the outliers.

This article is designed to give you a quick understanding of the differences between basic and advanced view, what can be queried, how to make non-queriable data queriable, and what to do if you don’t see what you are looking for in either view.

Data views are a foundational pillar of the asset management process. Most people are aware that if you click on a device post query you end up “exploding” the data structure to see what is inside. (see below)

However, what is often not understood is that there are two sets of views: Basic (Aesthetic but incomplete) vs. Advanced (Less visually pleasing, but with a more complete list of datasets.)

I personally run into this conversation about once a week, and often those who I speak with feel illuminated and empowered after learning the details of these views, so let's get to the nitty gritty of it all so that you too can be illuminated and empowered!

What is basic view and what can be queried?

Take a look on the illustration below and you will see on the left hand corner of the adapter connections that you have all connectors that are applicable to the asset noted. If you have an workstation endpoint that has Active Directory, KASE, Crowdstrike, Qualys and a CSV adapter, those are what you will see on the left hand side. In this case, the asset itself is an AWS instance that is being managed by Crowdstrike, Cylance Protect, AD, Tanium, Trend Micro and WMI. There are lots of data points and they will all be fed together to the aggregated tab.

If you want to look at them granularly, you want to click on the adapter icon to the left and it will show you what is being reported to the adapter… mostly.

When I say mostly, I mean that we really strive to provide accurate and voluminous data, however, with so much of it out there, we also want to make sure you see what is most important for you.  

When we look at the data below, you see many of the high-level attributes that you may want to look for. If you go into your module, you will see that you can scroll down to get a much larger list than what is on the attachment above.

Another great thing about the basic view is that every element in the basic view is queriable in the query wizard. One quick note is that depending on your configurations and output parameters, there may be more query wizard options than you have on the basic view. If you dig in a bit, you will find that those are looked for but if you are not porting the information over, instead of coming back blank, they will be omitted from the basic view. Take for example if we go to the basic view, we will see that the AWS Organization has ARN, ID, Master Account ARN, Master Account ID, Master Account Email, and Feature set.  

If we look at the dropdown options, we see there is an option for Available policy types / Available policy types: Type / Available policy types: Status

If we do a query on the available policy types standard id to see if there is any data that exists, it comes back with 0 assets returned.

If you feel you should be getting this data, check your configurations to make sure you are porting this information over. Often, there is a permissions issue needed to be adjusted to be able to publish this information over.

What is in advanced view

The basic view is meant to be the 90% that we know people are looking for. Often, there is data that is moved over but may not be super helpful to the masses. This is where the advanced view comes in. The advanced view is meant to mimic a database view, and is not beautified as it comes from the API raw response from your tool. What is great about this view is that it often has more information than the basic view. See below for a snapshot of the information.

As you can see above, this data mimics the data in the basic view. However, there are more granular details in the advanced versus the basic view. Take for instance the network interface. On the basic view you will see the high level information regarding MAC and IP addresses and the instance id. However, if you want to look at Groupid information or the attachment status of the network interface, you would need to go into the advanced view to find this information.  

How to move advanced view data to be queriable.

At this point we have identified what is in the basic vs advanced view, but why does it matter? 

Luckily, the answer is pretty easy. The query wizard needs to have a smooth flow and as we grow our adapter line, so does the wizard, however, we don’t want to throw everything in the system all at once. All we need you to do is click back to the customer support portal and jump into your account ticket creation section. Put in a ticket, let us know the data is in the advanced view, and we will take care of you!

What about if it is not in advanced view or basic view?

Lastly, what if you don’t see it in your basic or advanced view but you know it is in your adapter instance?

If you know it is there, that is a good sign that we can get it added for you. Please put in a ticket and let us know that the information is not in the advanced filters, you have confirmed that you do not have any permissions holding you back (if you don’t know, don’t worry about this part,) and we will see what we can do. We have to make sure the adapter has the output variable or parameter in their API and if so we can write it into the code. If it doesn’t, we may have to have a talk with the adapter vendor and there's a chance you can help us to get that set up!

Hopefully you got something out of this article, and it made your day a little less confusing. If so, please let me know, either drop a line below with any further questions or press on the upvote arrows at the top of the page to show that these types of articles are helpful for you. Have a great day!