Deep Dive into Writing Back to Axonius (Part 2 – Data Enrichment)
Introduction
On my last month’s article, we covered the difference between tags and custom fields. You can find that article here: https://support.axonius.com/hc/en-us/community/posts/4407260908055-Deep-Dive-into-Writing-Back-to-Axonius-Part-1-Tags-vs-Custom-Data- (If you like it, please leave a message or upvote)
This month, we are talking about Data Enrichment. This article may not be as long as the last but it is super important for what it is. In it, we are going to cover the following items:
- What is Data Enrichment and how is it different from custom fields?
- How do you set it up?
- What are limitations to Data Enrichment?
What is Data Enrichment and how is it different from custom fields?
There is quite a bit of overlap with Data Enrichment vs. Custom Fields but here is the breakdown for you. If you have a good Subnet architecture (super important), and the subnet is consistent for your dataset, using the Data Enrichment feature is a great option.
The DE function takes a subnet of data and writes back to the Network Interfaces fields. The primary use case for this is to bring in location information but it is not limited to just this field.
When we look at Network Interface options, currently, the following items can be added:
When we look at these attributes that can be added, you may ask yourself “Why would I add these?”. There are a few good reasons.
- First, creating an inventory can be a daunting task. If a customer has operating unit information or Organizational information, you can easily start to segregate data into business.
- Often, it is increasingly difficult to identify if a particular area is of high asset value or if it maybe is a dev environment with very low concern to the organization.
- You can create sub-groups that will allow you to group customer devices by locations or a specific State / Country.
These are 3 of the most requested features.
How do you set it up?
This part is actually pretty simple to do. First, go to the settings tab in the top right hand corner of the screen:
Then click on the global settings tab, scroll about ¾ of the page down and look for the section that says “Data Enrichment Settings”. Sometimes this is easier to simply do a [CTRL+F] = Data Enrichment .
You will see below the 3 checkboxes, there is a toggle switch. Flip this switch on.
If you have already saved your subnet index, you can enter it here, otherwise, see below for setting everything up.
When you make your CSV, make sure to look at the illustration below and use it as a guide. Only add the headers that are colored (the current top header row is for understanding purposes and not for the platform).
In the illustration below, you will see that I have a subnet added and then a location ID. I am not using a location name so when you make your copy, add one or the other column. No need to bring in both fields unless you want to. In that case, it would add both.
I chose some random fields to add for the optional category. For me, I wanted to focus on the Site Criticality and Security Level. I also added the system administrators name in the comments fields. This is definitely not necessary but may be a good use of resources.
Save this as a CSV under UTF-8 format. This is the standard CSV but there is a UTF-16 option that can be done.
Load the CSV file
Scroll down to the bottom to save the file.
From here, give your platform a few moments to load (5-10 seconds) and then if you go into the Query Wizard, look up the fields that you added (For example Site Criticality would be under “Network Interfaces: Site Criticality”.
What are limitations to Data Enrichment?
The Data Enrichment option ONLY updates the “Network Interfaces Fields” and this is only on specific aggregated fields vs. the custom fields update to custom fields or any specified Aggregated field (However, it is one custom field for 1 rule).
Keep in mind that ONLY the subnet is identified as the primary lookup and not any contains or equals fields.
If you want to enrich an adapter with adapter specific data, I will be releasing that on next months topic regarding custom enhancement.
For the technical document from Axonius, please see: https://docs.axonius.com/docs/global-settings?highlight=global#data-enrichment-settings
Comments
In reference to the CSV example above, the Location field name did not work until it was changed to Location Name.
Jason, thanks for bringing that to my attention. We will look into it and adjust the document.
Please sign in to leave a comment.