Axonius

the axonius connector enables seamless integration with the axonius platform, allowing for automated asset management and security policy enforcement axonius is a cybersecurity asset management platform that provides comprehensive asset inventory, policy enforcement, and risk assessment the axonius turbine connector enables swimlane users to automate asset data collection, streamline csv exports, and conduct detailed investigations directly within the swimlane platform by integrating with axonius, security teams can enhance visibility, maintain compliance, and accelerate incident response by leveraging real time asset intelligence and vulnerability insights this connector integrates axonius api with swimlane turbine prerequisites to effectively utilize the axonius connector for turbine, ensure you have the following prerequisites api key authentication with the following parameters url the endpoint url for the axonius api api key your unique identifier to authenticate with the axonius api api secret a secret key paired with your api key for enhanced security capabilities this connector provides the following capabilities get asset by id get asset investigation get assets get devices get global search entities get vulnerabilities notes https //support axonius com/hc/en us/community/posts/4814600124951 getting started with the rest api configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required api key api key string required api secret api secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions export assets to csv exports specified asset types from axonius into a csv format, requiring path parameters and optional json body inputs endpoint url api/v2/assets/{{asset type}}/export csv method post input argument name type required description path parameters asset type string required export assets for the selected asset type internal axon ids array optional the internal axon ids of the assets to export saved query id string optional the id of the saved query to use for the export saved query name string optional the name of the saved query to use for the export fields array optional parameter for export assets to csv delimiter string optional the delimiter to use for the export max rows number optional parameter for export assets to csv split by field values string optional the field to split the export by should split by asset entities boolean optional whether to split by asset entities in the export should split complex objects boolean optional whether to split complex objects in the export should exclude complex fields boolean optional whether to exclude complex fields from the export include parent entities boolean optional whether to include parent entities in the export parent entity fields array optional the fields to include in the export for parent entities input example {"json body" {"internal axon ids" \["661a46e1ca9b40d07115601e9d1515c8","2a1d7cd447bb11427440b5f13c2c9d0b"],"saved query id" "string","saved query name" "string","fields" \["specific data data hostname","specific data data last seen"],"delimiter" "\\\n","max rows" 1048500,"split by field values" "string","should split by asset entities"\ false,"should split complex objects"\ true,"should exclude complex fields"\ false,"include parent entities"\ true,"parent entity fields" \["specific data data hostname","specific data data last seen"]},"path parameters" {"asset type" "vulnerability instances"}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file name string name of the resource file file string output field file file output example {"status code" 200,"response headers" {},"reason" "ok","json body" {},"file" {"file name" "export assets to csv csv","file" "data\ application/vnd openxmlformats officedocument spreadsheetml sheet;base64, "}} get asset by id retrieves a specific asset from axonius using the asset type and internal axon id provided in path parameters endpoint url api/v2/assets/{{asset type}}/{{internal axon id}} method get input argument name type required description parameters history string optional date string of the historical snapshot to query against in yyyy mm dd format (e g , 2023 10 15 ) parameters return empty details boolean optional if set to true, will populate null values for details fields that are missing values from specific adapters details fields include a non aggregated list of values for every field returned, ordered by the adapter list of the asset parameters return complex fields data boolean optional when true, returns complex fields table data this may return a large amount of data due to the possibility of multiple nested objects (e g , specific data data network interfaces) path parameters asset type string required the type of asset to retrieve path parameters internal axon id string required the internal axon id of the asset to retrieve input example {"parameters" {"history" "2026 02 05","return empty details"\ true,"return complex fields data"\ true},"path parameters" {"asset type" "device","internal axon id" "661a46e1ca9b40d07115601e9d1515c8"}} output parameter type description status code number http status code of the response reason string response reason phrase internal axon id string unique identifier adapters array output field adapters adapters accurate for datetime string time value adapters client used string output field adapters client used adapters data object response data adapters data accurate for datetime string response data adapters data adapter properties array response data adapters data asset entity info string response data adapters data axon id string response data adapters data axonius instance name string response data adapters data azure ad device type string response data adapters data azure ad registered boolean response data adapters data bitlocker key is stored boolean response data adapters data category display name string response data adapters data compliance state string response data adapters data device category display name string response data adapters data device enrollment type string response data adapters data device manufacturer string response data adapters data device model string response data adapters data device registration state string response data adapters data device serial string response data adapters data eas activated boolean response data adapters data email string response data output example {"internal axon id" "string","adapters" \[{"accurate for datetime" "string","client used" "string","data" {},"plugin name" "example name","plugin type" "string","plugin unique name" "example name","type" "string"}],"labels" \[{"file name" "example name","file" "string"}],"basic" {"complex correlation meta" {"internal axon id history" 123,"specific data data hard drives" 123,"specific data data network interfaces" 123},"complex correlation meta details" {"internal axon id history" \[],"specific data get asset investigation retrieve detailed investigation data for a specified asset type and internal axonius id endpoint url /api/v2/assets/{{asset type}}/asset investigation/{{internal axon id}} method post input argument name type required description path parameters asset type string required retrieve asset investigation data for the selected asset type path parameters internal axon id string required retrieve asset investigation data for the specified internal axon id event types array optional type of the resource search object optional parameter for get asset investigation search search string optional parameter for get asset investigation search show only exact results boolean optional result of the operation search filter by array optional parameter for get asset investigation adapter connections array optional parameter for get asset investigation adapter connections plugin name string optional name of the resource adapter connections connection ids array optional unique identifier time range object optional parameter for get asset investigation time range range object optional parameter for get asset investigation time range range date from string optional parameter for get asset investigation time range range date to string optional parameter for get asset investigation time range period object optional parameter for get asset investigation time range period count number optional count value time range period unit string optional parameter for get asset investigation time range period relative type string optional type of the resource fields array optional parameter for get asset investigation input example {"json body" {"event types" \["added/removed","added/removed"],"search" {"search" "exercitation","show only exact results"\ false,"filter by" \["value removed","value removed"]},"adapter connections" \[{"plugin name" "non fugiat","connection ids" \["magna dolor aliqua minim","labore dolore culpa enim"]},{"plugin name" "proident in et lorem ut","connection ids" \["consequat reprehenderit amet e","occaecat"]}],"time range" {"range" {"date from" "1954 11 15t12 25 08 489z","date to" "1959 11 20t13 07 14 752z"},"period" {"count" 41665942,"unit" "weeks","relative type" "before"}},"fields" \["irure non","deserunt reprehend"]},"path parameters" {"asset type" "device","internal axon id" "661a46e1ca9b40d07115601e9d1515c8"}} output parameter type description status code number http status code of the response reason string response reason phrase investigation fields array output field investigation fields investigation fields adapter name string name of the resource investigation fields field title string output field investigation fields field title investigation fields connection id string unique identifier investigation fields field name string name of the resource investigation fields asset id string unique identifier investigation fields added values array value for the parameter investigation fields added values file name string name of the resource investigation fields added values file string value for the parameter investigation fields removed values array value for the parameter investigation fields event type string type of the resource investigation fields timestamp string output field investigation fields timestamp output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"investigation fields" \[{},{}]}} get assets retrieves a list of assets from axonius based on the specified asset type, requiring path parameter input endpoint url api/v2/assets/{{asset type}} method post input argument name type required description path parameters asset type string required retrieve assets for the selected asset type include metadata boolean optional response data saved query id string optional unique identifier saved query name string optional name of the resource query string optional parameter for get assets history string optional parameter for get assets page object optional parameter for get assets page offset number optional parameter for get assets page limit number optional parameter for get assets next page string optional parameter for get assets fields array optional parameter for get assets fields to exclude array optional parameter for get assets use cache entry boolean optional parameter for get assets include details boolean optional parameter for get assets input example {"json body" {"include metadata"\ true,"saved query id" "est cillum nulla","saved query name" "velit ullamco","query" "aliquip adipisicing ullamco veniam dolore","history" "2011 04 26","page" {"offset" 30888559,"limit" 1000},"next page" "aliquip irure do duis dolor","fields" \["ea do veniam aute","cillum id occaecat"],"fields to exclude" \["laboris ex","ut dolor"],"use cache entry"\ true,"include details"\ true},"path parameters" {"asset type" "asset type"}} output parameter type description status code number http status code of the response reason string response reason phrase assets array output field assets assets internal axon id string unique identifier assets adapters array output field assets adapters assets adapter list length number output field assets adapter list length assets specific data data last seen string response data assets specific data data name string response data assets specific data data hostname string response data assets specific data data os type string response data assets specific data data network interfaces ips array response data meta object output field meta meta cache last updated string output field meta cache last updated meta is data from cache boolean response data meta page object output field meta page meta page number number output field meta page number meta page size number output field meta page size meta page totalpages number output field meta page totalpages meta page totalresources number output field meta page totalresources output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"assets" \[{},{},{}],"meta" {"cache last updated" "fri, 17 nov 2023 19 20 29 gmt","is data from cache"\ true,"page" {}}}} get assets fields retrieve all available fields for a specified asset type in axonius, utilizing the 'asset type' path parameter endpoint url api/v2/assets/{{asset type}}/fields method get input argument name type required description parameters search string optional search term to filter by the response will include all the fields that contain the search term for example, if the search term is network , all fields that contain network will be returned parameters exclude subfields boolean optional if set to true, the request will return all the fields except subfields for example, the field specific data data network interfaces will be included in the response but specific data data network interfaces ips preferred and specific data data network interfaces mac preferred will be excluded path parameters asset type string required retrieve assets for the selected asset type input example {"parameters" {"search" "eu amet enim sit","exclude subfields"\ true},"path parameters" {"asset type" "device"}} output parameter type description status code number http status code of the response reason string response reason phrase agg array output field agg agg filterable boolean output field agg filterable agg name string name of the resource agg restrictable boolean output field agg restrictable agg restricted boolean output field agg restricted agg title string output field agg title agg type string type of the resource agg adapter prefix string output field agg adapter prefix agg name base string name of the resource agg is complex boolean output field agg is complex agg adapter title string output field agg adapter title agg adapter name string name of the resource agg name qual string name of the resource agg is root boolean output field agg is root agg is list boolean output field agg is list agg parent string output field agg parent agg is agg boolean output field agg is agg agg adapter name raw string name of the resource agg sub fields array output field agg sub fields agg sub fields name string name of the resource agg sub fields title string output field agg sub fields title agg sub fields type string type of the resource agg sub fields name base string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"agg" \[{}]}} get devices retrieves a list of devices from axonius based on the specified query parameters endpoint url /api/devices method get input argument name type required description parameters include notes boolean optional parameters for the get devices action parameters should split complex objects boolean optional parameters for the get devices action parameters source component string optional parameters for the get devices action parameters filter out non existing fields boolean optional parameters for the get devices action parameters should split by adapter boolean optional parameters for the get devices action parameters get metadata boolean optional whether to add metadata for the resource (the pagination offset) parameters asset excluded adapters string optional parameters for the get devices action parameters include selected entities boolean optional parameters for the get devices action parameters asset filters string optional parameters for the get devices action parameters cursor id string optional parameters for the get devices action parameters include parent entities boolean optional parameters for the get devices action parameters page object optional parameters for the get devices action parameters page limit number optional parameters for the get devices action parameters page offset number optional parameters for the get devices action parameters should exclude complex fields boolean optional parameters for the get devices action parameters max field items number optional parameters for the get devices action parameters wait for data boolean optional parameters for the get devices action parameters field to split by string optional parameters for the get devices action parameters history string optional historical date iso formatted parameters search string optional a textual value to search parameters parent entity fields array optional parameters for the get devices action parameters filter string optional aql string, representing data filter parameters excluded adapters string optional parameters for the get devices action parameters frontend sent time string optional parameters for the get devices action parameters is refresh boolean optional parameters for the get devices action input example {"parameters" {"include notes"\ false,"should split complex objects"\ true,"source component" "null","filter out non existing fields"\ true,"should split by adapter"\ false,"get metadata"\ true,"asset excluded adapters" "asset excluded adapters","include selected entities"\ true,"asset filters" "asset filters","cursor id" "null","include parent entities"\ false,"page" {"limit" 140,"offset" 0},"should exclude complex fields"\ false,"max field items" 0,"wait for data"\ false,"field to split by" "null","history" "2021 04 06t08 22 37z","search" "search","parent entity fields" \["null"],"filter" "null","excluded adapters" "excluded adapters","frontend sent time" "2021 05 06t08 22 37z","is refresh"\ false,"file name" "data","include details"\ false,"use heavy fields collection"\ true,"jit device count calc filter" "jit device count calc filter","query id" "null","delimiter" "delimiter","sort" \[1, 1],"expressions" "expressions","saved query id" "null","max rows" 1,"use cache entry"\ true,"null for non exist"\ false,"use cursor"\ false,"id" "id","return plain data"\ false,"download id" "null","complex fields preview limit" 1,"always cached query"\ false,"fields" {"additionalprop1" \["string"],"additionalprop2" \["string"],"additionalprop3" \["string"]},"selected entities" \["list"],"field filters" "field filters"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data attributes object response data data attributes document meta string response data data attributes adapter details array response data data attributes adapter list length number response data data attributes adapter list length details array response data data attributes adapters array response data data attributes adapters data array response data data attributes adapters data details array response data data attributes id string response data data attributes internal axon id string response data data attributes internal axon id details array response data data attributes labels array response data data attributes unique adapter names array response data data attributes unique adapter names details array response data data id string response data data type string response data meta object output field meta output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {"data" \[{}],"meta" {}}} get global search entities retrieve details of all assets associated with a specified global search term in axonius endpoint url api/v2/global search method get input argument name type required description parameters search string required the term used in the global search to filter and retrieve relevant assets parameters offset number optional the number of rows to skip from the beginning of the result set parameters limit number optional the number of rows to return from the result set input example {"parameters" {"search" "eu amet enim sit","offset" 0,"limit" 1000}} output parameter type description status code number http status code of the response reason string response reason phrase assets array output field assets assets id string unique identifier assets entity type string type of the resource assets internal axon id string unique identifier assets name string name of the resource assets values by field object value for the parameter assets values by field specific data data hostname array response data assets values by field specific data data name array response data type string type of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"assets" \[{},{},{}],"type" "list value schema"}} get vulnerabilities retrieves a list of vulnerabilities from axonius based on the specified query parameters endpoint url /api/vulnerabilities method get input argument name type required description parameters include notes boolean optional parameters for the get vulnerabilities action parameters should split complex objects boolean optional parameters for the get vulnerabilities action parameters source component string optional parameters for the get vulnerabilities action parameters filter out non existing fields boolean optional parameters for the get vulnerabilities action parameters should split by adapter boolean optional parameters for the get vulnerabilities action parameters get metadata boolean optional whether to add metadata for the resource (the pagination offset) parameters asset excluded adapters string optional parameters for the get vulnerabilities action parameters include selected entities boolean optional parameters for the get vulnerabilities action parameters asset filters string optional parameters for the get vulnerabilities action parameters cursor id string optional parameters for the get vulnerabilities action parameters include parent entities boolean optional parameters for the get vulnerabilities action parameters page object optional parameters for the get vulnerabilities action parameters page limit number optional parameters for the get vulnerabilities action parameters page offset number optional parameters for the get vulnerabilities action parameters should exclude complex fields boolean optional parameters for the get vulnerabilities action parameters max field items number optional parameters for the get vulnerabilities action parameters wait for data boolean optional parameters for the get vulnerabilities action parameters field to split by string optional parameters for the get vulnerabilities action parameters history string optional historical date iso formatted parameters search string optional a textual value to search parameters parent entity fields array optional parameters for the get vulnerabilities action parameters filter string optional aql string, representing data filter parameters excluded adapters string optional parameters for the get vulnerabilities action parameters frontend sent time string optional parameters for the get vulnerabilities action parameters is refresh boolean optional parameters for the get vulnerabilities action input example {"parameters" {"include notes"\ false,"should split complex objects"\ true,"source component" "null","filter out non existing fields"\ true,"should split by adapter"\ false,"get metadata"\ true,"asset excluded adapters" "asset excluded adapters","include selected entities"\ true,"asset filters" "asset filters","cursor id" "null","include parent entities"\ false,"page" {"limit" 140,"offset" 0},"should exclude complex fields"\ false,"max field items" 0,"wait for data"\ false,"field to split by" "null","history" "2021 04 06t08 22 37z","search" "search","parent entity fields" \["null"],"filter" "null","excluded adapters" "excluded adapters","frontend sent time" "2021 05 06t08 22 37z","is refresh"\ false,"file name" "data","include details"\ false,"use heavy fields collection"\ true,"jit device count calc filter" "jit device count calc filter","query id" "null","delimiter" "delimiter","sort" \[1, 1],"expressions" "expressions","saved query id" "null","max rows" 1,"use cache entry"\ true,"null for non exist"\ false,"use cursor"\ false,"id" "id","return plain data"\ false,"download id" "null","complex fields preview limit" 1,"always cached query"\ false,"fields" {"additionalprop1" \["string"],"additionalprop2" \["string"],"additionalprop3" \["string"]},"selected entities" \["list"],"field filters" "field filters"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data attributes object response data data attributes document meta string response data data attributes adapter details array response data data attributes adapter list length number response data data attributes adapter list length details array response data data attributes adapters array response data data attributes adapters data array response data data attributes adapters data details array response data data attributes id string response data data attributes internal axon id string response data data attributes internal axon id details array response data data attributes labels array response data data attributes unique adapter names array response data data attributes unique adapter names details array response data data id string response data data type string response data meta object output field meta output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "fri, 22 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {"data" \[{}],"meta" {}}} response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated tue, 19 dec 2023 20 37 23 gmt