Overview rollup metrics from security tools ?

I've got Axonius connected to several security tools and I'd really like it if there was a way to pull in the dashboard level metrics from each tool. This way I would have a high level state of security in one of my Axonius dashboard groupings. This would enable me to quickly see the rollup dashboard metrics from several tools in one location and possibly trend them over time.

I'm not sure if any or all of the API's allow for pulling this data but if they do this would allow me to review and distribute the dashboard information from several tools quickly. 

 

 

 

 

0

Comments

3 comments
  • Hey B9,

    Thats a great question, do you happen to have some examples of metrics you'd like to roll-up and the adapters you're working with?

    Theres multiple ways which we can represent and roll up information from other tools including:

    - Count of devices based on field values (#/%) - for example if you're looking for policy state on an endpoint agent, we can build queries to summarize the devices by state and represent a % of the population in a dashboard

    - Count of Devices based on Tool Coverage - for example, determining the number of devices that have the agent installed.

    - Count of devices based on presence of Software/Vulnerabilities/OS - for example here are the devices with this level criticality of Vulnerability or have this Software installed.

     

    If you have specific examples, that would be really helpful for us to refine the approach.

    0
  • Some examples include

    Known malware count

    Suspect Malware count

    PUP count

    Top 10 alerted assets

    Web reputation events

    IPS event count

    Top 10 alerted assets IPS

    Top prevented IPS events

     

     

     

     

     

     

    0
  • Hi B9,

    Presently we do not have the means of rolling up and aggregating numerical values in Axonius however we do provide the means of easily reporting on these values through a few options:

    1. Enforcements: We can construct a query with all of the information you've mentioned above and export using the Enforcement Centre (E.g. Directly to Power BI, Export to SQL, Export to JSON/CSV), this in conjunction with your preferred in house tools will provide you a means of obtaining those metrics.

    2. UI Exports: If you do not have Enforcement Centre, We can utilize the Export to CSV function in the Devices view, simply construct a query containing the information you need and hit export, this will create a CSV that may then be manipulated in Excel, or Uploaded into any data analysis tool you prefer.

    3. Axonius Python API: We offer a Python Based API which utilizes both Python Commands and CLI commands to allow you to extract queries and specific fields into multiple different formats, this can be used in conjunction with packages like Pandas (or data analysis tools) to manipulate and aggregate the data as you see fit.

    If you'd like to deep dive on this topic or need any assistance, please feel free to reach out to your tam, or post specific questions here for any of the above options. We would be happy to assist in describing the approaches above.

     

     

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post