Axonius
Axonius is an asset management tool that consolidates device data across your various environments. You can bring device data from Axonius into Brinqa to enhance visibility and control over your organization's asset inventory, thus enhancing your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Axonius and how to obtain that information from Axonius. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Axonius Connector from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Axonius with Brinqa:
-
Axonius URL: Your organization's Axonius instance URL. The URL format is
https://<axonius-server-name>.on.axonius.com. -
API key and API secret: The API keys associated with the Axonius account, which must have permissions to log in to the API server and return data.
Generate Axonius API keys
For the Axonius connector to use the Axonius API, you must provide API keys. To generate API keys, follow these steps:
Before you begin, ensure that the the Axonius account is assigned at least the Viewer role and has the API access enabled permission. This role and permission are necessary to retrieve device data from the Axonius API, as it grants read-only access.
For additional information, see the Axonius documentation on managing roles and enabling API access.
-
Log in to your organization's Axonius platform.
-
On the bottom left-hand side of the page, click the profile photo, and then click User Settings.
-
Click the API Key tab.
Your existing API key and API secret display. Click Reset Key if you want to replace your existing keys. Copy the API key and API secret values into the respective integration configuration fields.
If you do not have permissions to create an Axonius API key, contact your Axonius administrator. For additional information, see Axonius documentation.
Additional settings
The Axonius connector contains additional options for configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the Axonius API before giving up and reporting a failure. The default setting is 10.
-
Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The Axonius connector can retrieve the following types of data from the Axonius API:
Table 1: Data retrieved from Axonius
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Device | Yes | Host |
| User | Yes | Person |
The Axonius connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Axonius in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Device
Table 2: Device attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| adapters | Local variable |
| categories | categories |
| internal_axon_id | uid, Local variable |
| labels | Local variable |
| specific_data.data.boot_time_preferred | Local variable |
| specific_data.data.cloud_id | instanceId, Local variable |
| specific_data.data.description | description |
| specific_data.data.device_manufacturer_preferred | Local variable |
| specific_data.data.domain_preferred | Local variable |
| specific_data.data.fetch_time | Local variable |
| specific_data.data.first_fetch_time | Local variable |
| specific_data.data.first_seen | firstSeen, Local variable |
| specific_data.data.hostname_fqdn_preferred | dnsNames, name, publicDnsNames, privateDnsNames, Local variable |
| specific_data.data.hostname_preferred | hostnames, name, Local variable |
| specific_data.data.is_virtual_preferred | Local variable |
| specific_data.data.is_windows_server_preferred | Local variable |
| specific_data.data.last_seen | lastSeen, Local variable |
| specific_data.data.name_preferred | name |
| specific_data.data.network_interfaces.ips_preferred | ipAddresses, publicIpAddresses, privateIpAddresses, Local variable |
| specific_data.data.network_interfaces.ips_v4_preferred | Local variable |
| specific_data.data.network_interfaces.ips_v6_preferred | Local variable |
| specific_data.data.network_interfaces.mac_preferred | macAddresses, Local variable |
| specific_data.data.os.build_preferred | Local variable |
| specific_data.data.os.distribution_preferred | Local variable |
| specific_data.data.os.os_str_preferred | os, Local variable |
| specific_data.data.os.type_preferred | Local variable |
| specific_data.data.serial_number_preferred | serialNumber, Local variable |
| specific_data.data.uptime_preferred | Local variable |
| specific_data.data.user_preferred | Local variable |
| STATUS | status |
| tags | tags |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
User
Table 3: User attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| adapters | Local variable |
| categories | categories |
| labels | Local variable |
| specific_data.data.account_disabled | Local variable |
| specific_data.data.account_expired | Local variable |
| specific_data.data.account_expires | Local variable |
| specific_data.data.account_state | Local variable |
| specific_data.data.cloud_provider | Local variable |
| specific_data.data.days_until_password_expiration | Local variable |
| specific_data.data.description | description, Local variable |
| specific_data.data.display_name | name, Local variable |
| specific_data.data.domain | Local variable |
| specific_data.data.employee_id | Local variable |
| specific_data.data.employee_type | Local variable |
| specific_data.data.fetch_time | Local variable |
| specific_data.data.first_fetch_time | Local variable |
| specific_data.data.first_name | Local variable |
| specific_data.data.first_seen | firstSeen |
| specific_data.data.id | Local variable |
| specific_data.data.is_admin | Local variable |
| specific_data.data.is_delegated_admin | Local variable |
| specific_data.data.is_local | Local variable |
| specific_data.data.is_locked | Local variable |
| specific_data.data.is_managed_by_application | Local variable |
| specific_data.data.is_managed_by_sso | Local variable |
| specific_data.data.is_mfa_enforced | Local variable |
| specific_data.data.is_mfa_enrolled | Local variable |
| specific_data.data.is_orphaned | Local variable |
| specific_data.data.is_saas_user | Local variable |
| specific_data.data.last_logon | Local variable |
| specific_data.data.last_name | Local variable |
| specific_data.data.last_password_change | Local variable |
| specific_data.data.last_seen | lastSeen |
| specific_data.data.logon_count | Local variable |
| specific_data.data.email | emails, Local variable |
| specific_data.data.organizational_unit | Local variable |
| specific_data.data.password_expiration_date | Local variable |
| specific_data.data.password_never_expires | Local variable |
| specific_data.data.password_not_required | Local variable |
| specific_data.data.user_city | Local variable |
| specific_data.data.user_created | Local variable |
| specific_data.data.user_sid | Local variable |
| specific_data.data.user_status | Local variable |
| specific_data.data.user_telephone_number | Local variable |
| specific_data.data.user_type | Local variable |
| specific_data.data.username | username, Local variable |
| STATUS | status |
| SYS_ID | uid |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
APIs
The Axonius connector uses the Axonius REST API. Specifically, it uses the following endpoint:
Table 4: Axonius REST API Endpoint
| Connector Object | API Endpoint |
|---|---|
| Device | GET /api/devices |
| User | GET /api/users |
Changelog
The Axonius connector has undergone the following changes:
3.0.4
-
Removed the following duplicate attributes from the Device object:
- IP_ADDRESSES
- MAC_ADDRESSES
- NAME
- OPERATING_SYSTEM
- SERIAL_NUMBER
-
Removed the following duplicate attributes from the User object:
- EMAILS
- EMPLOYEE_NUMBER
- FIRST_NAME
- LAST_NAME
- PHONE_NUMBERS
3.0.3
- Removed the use of
ImmutableSet.
3.0.2
- Updated dependencies.
3.0.1
- Integrated normalization methods and updated configuration flags.
3.0.0
- Initial Integration+ release.