Tagging Assets with Axonshell

Axonius is a system designed to pull in as much information as it can, enrich that information to make it as useful as possible, and display that information to a user in an easy way that allows it to be quickly accessed and easily analyzed.

Tagging in Axonius allows both quick access to information as well as information to be communicated to users quickly.

To get started using tags with axonshell you need to have it installed and configured on your system. Please see the article Getting Started with Axonshell for information on how to do this.

Once axonshell is setup and installed on your system, and you have credentials configured, you are ready to start working with tags.

Lets take a look at what tags are on the server:

❯ axonshell devices get-tags
** Connected to 'https://10.20.3.4' version DEMO (RELEASE DATE: 2022-04-19) API Client v4.30.2
** Fetched 2 tags
TEST
missing-agent

Let's cleanup those "TEST" tags. We can check how many devices have this tag a few different ways. 

For example using AQL directly like this:

❯ axonshell devices get --query '("labels" == "TEST")'

Or we can use the query wizard built into the python library:

❯ axonshell devices get --wiz simple "labels equals TEST"

In both cases we will see the following line in the output:

** PROGRESS: 100.00% [ROWS: 15 / 15] [PAGES: 1 / 1] in 0.20 seconds so far

So we know we have 15 devices with this tag. To get rid of them, so we can clean up our tags, we can actually use the same command but add one parameter to it:

❯ axonshell devices get --query '("labels" == "TEST")' --untag "TEST"

This will make the same query above looking for devices with this tag, and simply tell the server it needs to remove it. And the result:

** PROGRESS: 100.00% [ROWS: 15 / 15] [PAGES: 1 / 1] in 0.31 seconds so far
** Removing tags ['TEST'] from 15 assets

Sucess! Re-running the `get-tags` command above now shows the following:

❯ axonshell devices get-tags
** Connected to 'https://10.20.3.4' version DEMO (RELEASE DATE: 2022-04-19) API Client v4.30.2
** Fetched 1 tags
missing-agent

 

Now let's add a tag. I would like to add a tag to draw my user's attention to devices that are missing a Carbon Black Defense agent. Lets see how many that is:

❯ axonshell devices get --query 'not (("adapters_data.carbonblack_defense_adapter.id" == ({"$exists":true,"$ne":""})))'

It looks like 18:

** PROGRESS: 100.00% [ROWS: 18 / 18] [PAGES: 1 / 1] in 0.29 seconds so far

Just like before we can add a tag with the addition of a simple parameter:

❯ axonshell devices get --query 'not (("adapters_data.carbonblack_defense_adapter.id" == ({"$exists":true,"$ne":""})))' --tag "add-cb-agent"

...

** PROGRESS: 100.00% [ROWS: 18 / 18] [PAGES: 1 / 1] in 0.20 seconds so far
** Adding tags ['add-cb-agent'] to 18 assets

Nice! Successfully tagged. We can verify this we get get the tags again from the server

❯ axonshell devices get-tags
** Connected to 'https://10.20.3.4' version DEMO (RELEASE DATE: 2022-04-19) API Client v4.30.2
** Fetched 2 tags
add-cb-agent
missing-agent


There are a lot more ways we can use tagging but we'll explore some of those in future posts!

0

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post