Accessing the Axonius REST API with PowerShell

Intended Audience: Axonius users who want to work with the REST API in PowerShell as they are unable to use Python.

Purpose: To provide a few usable examples in PowerShell based off the KB article found here.

Introduction

Axonius has a fantastic Python API client, but what if you can’t use Python in your environment and need to use PowerShell to get information from Axonius?

Great news! Axonius has a REST API & we’ve provided a Postman collection that contains some common REST API calls in this article.

If you’ve tried to use Postman to automatically create PowerShell from these, you may have had varying degrees of success. This post will explore a few PowerShell examples based off of the common REST API calls article mentioned earlier.

Heads-up! If you access Axonius on an IP, or an address that doesn't match what's on the SSL certificate, you are very likely to get an error returned in PowerShell. There are some workarounds to this, but they will not be discussed in this post.

Example 1: Getting all saved searches for devices

Variables to update:

  • $api_secret - this is the API secret.
  • $api_key - this is the API key.
  • $server_addr - this is the server address for Axonius that matches the SSL certificate. e.g, axonius.corp.site

Code:

$api_secret=''
$api_key=''
$server_addr=''

$headers=
@{ 'api-key' = $api_key
'api-secret'= $api_secret }

$uri = "https://" + $server_addr + "/api/V4.0/devices/views/saved"
$response = Invoke-RestMethod $uri -Headers $headers -ContentType "Application/Json"
$response.data | Select-Object -Expand attributes | select uuid, name, description

Example output:

 

Example 2: Running a saved search & getting results

Variables to update:

  • $api_secret - this is the API secret.
  • $api_key - this is the API key.
  • $server_addr - this is the server address for Axonius that matches the SSL certificate. e.g, axonius.corp.site
  • $savedsearchid - this is the uuid of a saved search found from the first example.

Code:

$api_secret=''
$api_key=''
$server_addr=''
$savedsearchid = ''

$headers=
@{ 'api-key' = $api_key
'api-secret'= $api_secret }

$body = '{
"meta": null,
"data": {
"type": "entity_request_schema",
"attributes": {
"page": {
"offset": 0,
"limit": 1000
},
"use_cache_entry": true,
"always_cached_query": false,
"fields": {
"devices": [
"adapters",
"specific_data.data.name",
"specific_data.data.hostname",
"specific_data.data.last_seen",
"specific_data.data.network_interfaces.mac",
"specific_data.data.network_interfaces.ips",
"specific_data.data.os.type",
"labels"
]
},
"filter": "({{QueryID='+$savedsearchid+'}})”,
"field_filters": {},
"excluded_adapters": {},
"get_metadata": false,
"include_details": true
}
}
}'

$uri = "https://" + $server_addr + "/api/V4.0/devices"
$response = Invoke-RestMethod $uri -Headers $headers -ContentType "Application/Json" -Body $body -Method 'POST'
$response.data.attributes | select specific_data.data.name, specific_data.data.hostname, specific_data.data.network_interfaces.ips, specific_data.data.network_interfaces.mac

Example output:

 

Example 3: Running your own search & getting results

Variables to update:

  • $api_secret - this is the API secret.
  • $api_key - this is the API key.
  • $server_addr - this is the server address for Axonius that matches the SSL certificate. e.g, axonius.corp.site
  • $query_string - this is an escaped AQL query. In the example below, this will search for all devices that start with the string 'ip' in the preferred hostname field and seen in last 30 days. See this post for more information on handling Axonius Query Language on the command line.

Code:

$api_secret=''
$api_key=''
$server_addr=''
$query_string = '(\"specific_data.data.hostname_preferred\" == regex(\"^ip\", \"i\")) and (\"specific_data.data.last_seen\" >= date(\"NOW - 30d\"))'

$headers=
@{ 'api-key' = $api_key
'api-secret'= $api_secret }

$body = '{
"meta": null,
"data": {
"type": "entity_request_schema",
"attributes": {
"page": {
"offset": 0,
"limit": 1000
},
"use_cache_entry": true,
"always_cached_query": false,
"fields": {
"devices": [
"adapters",
"specific_data.data.name",
"specific_data.data.hostname",
"specific_data.data.last_seen",
"specific_data.data.network_interfaces.mac",
"specific_data.data.network_interfaces.ips",
"specific_data.data.os.type",
"labels"
]
},
"filter": "'+$query_string+'",
"field_filters": {},
"excluded_adapters": {},
"get_metadata": false,
"include_details": true
}
}
}'
$uri = "https://" + $server_addr + "/api/V4.0/devices"
$response = Invoke-RestMethod $uri -Headers $headers -ContentType "Application/Json" -Body $body -Method 'POST'
$response.data.attributes | select specific_data.data.name, specific_data.data.hostname, specific_data.data.network_interfaces.ips, specific_data.data.network_interfaces.mac

Example output:

Wrapping up

The examples on this post only scratch the surface of what can be achieved with the Axonius REST API. 

If you have a specific task that would be suited to using the API and need a nudge in the right direction, please speak with your Technical Account Manager who will be able to work with our API experts to get you some advice.

0

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post