Releases: Axonius/axonius_api_client
Releases · Axonius/axonius_api_client
5.0.1
5.0.1
Axonshell changes
FEATURE expose include field when adding or removing tags
Added two new options to all axonshell {asset_type} devices get* commands:
--tag-invert / --no-tag-invert Only add tags to assets that do NOT match
the query provided [env var:
AX_TAGS_ADD_INVERT_SELECTION; default: no-
tag-invert]
--untag-invert / --no-untag-invert
Only remove tags from assets that do NOT
match the query provided [env var:
AX_TAGS_REMOVE_INVERT_SELECTION; default:
no-untag-invert]
These options allow you to add tags to or remove tags from assets that do not match a query.
For example, to add the tag is_not_windows to all assets that are not Windows devices:
axonshell devices get --wiz simple "os.type equals windows" --tag-invert --tag is_not_windowsConversely, you can remove a tag from all assets that do not match a query:
axonshell devices get --wiz simple "os.type equals windows" --untag-invert --untag is_not_windowsLibrary changes
FEATURE expose include field when adding or removing tags
- Added
client.{asset_type}.tagsas a shortcut toclient.{asset_type}.labels - Added
invert_selectionargument toclient.{asset_type}.tags.add:
invert_selection: bool = False
True=add tags to assets that ARE NOT supplied in rows;
False=add tags to assets that ARE supplied in rows
- Added
invert_selectionargument toclient.{asset_type}.tags.remove:
invert_selection: bool = False
True=remove tags from assets that ARE NOT supplied in rows;
False=remove tags from assets that ARE supplied in rows
- Added
includeargument toclient.{asset_type}.tags._add:
include: bool = True
True=include assets that match query;
False=exclude assets that match query
- Added
includeargument toclient.{asset_type}.tags._remove:
include: bool = True
True=include assets that match query;
False=exclude assets that match query
FEATURE expose column filter arguments for client.{asset_type}.saved_query.add
- fixed a minor bug where the
metakey in the saved query was not getting defined correctly - Added arguments to
client.{asset_type}.saved_query.build_add_model:
field_filters: t.Optional[t.List[dict]] = None,
excluded_adapters: t.Optional[t.List[dict]] = None,
asset_excluded_adapters: t.Optional[t.List[dict]] = None,
asset_filters: t.Optional[t.List[dict]] = None,
field_filters: field filters to apply to this query
excluded_adapters: adapters to exclude from this query
asset_excluded_adapters: adapters to exclude from this query
asset_filters: asset filters to apply to this query
FIX schemas
- Fixed
json_api.assets.asset_id_response.AssetGetByIdSchemato correctly definelabels
field as List[str] instead of List[dict] (REST API defines it improperly as List[dict]) - Fixed
json_api.assets.asset_id_response.AssetGetByIdto correctly definelabelsfield as
List[str] instead of List[dict] (REST API defines it improperly as List[dict]) - Added new fields in
json_api.adapters.adapter_node.AdapterNodeCnx:
last_successful_fetch: t.Optional[datetime.datetime]
latest_configuration_change: t.Optional[datetime.datetime]
axonius_api_client/api/json_api/adapters/fetch_history_response.py
- Added new fields in
json_api.adapters.fetch_history_response.AdapterFetchHistorySchema:
has_configuration_changed = SchemaBool(
description="Shows if the configuration changed since last fetch",
load_default=False,
dump_default=False,
)
last_fetch_time = SchemaDatetime(
description="The last fetch time",
allow_none=True,
load_default=None,
dump_default=None,
)
- Added new fields in
json_api.adapters.fetch_history_response.AdapterFetchHistory:
has_configuration_changed: bool
last_fetch_time: t.Optional[datetime.datetime]
FIX tools.get_diff_seconds TypeError
- Error:
TypeError: unsupported operand type(s) for -: 'function' and 'datetime.datetime'
- Fixed typo where dt_now was not called as a function when a None value was supplied
FIX None.strip errors
- Found a few potential errors with
stripusage and fixed them
FIX Signup not being implemented properly
- Fixed a bug where the
signupmethod was not implemented properly
FIX Circular import reference
- Fixed a circular import reference introduced in 5.0.0
FIX tests
- test fix for when data scopes are not enabled
- test fix for adapter connection label no longer being returned in adapter connection configuration
- lint fixes
- fixed a number of possible bugs with
stripusage against strings
What's Changed
Full Changelog: 5.0.0...5.0.1
Contributors
gluemaker
Assets 2
5.0.0
5.0.0
- 5.0.0
- Massive back-end library changes
- Bugfix: Logging in with credentials KeyError access_token
- Bugfix: Signup object has no attribute auth
- Bugfix: Multiple with datascopes
- Axonshell Changes
- New command group in axonshell enforcements for tasks
- Added Cloudflared support
- Updated Enforcement Set Warning
- Added new option to enable max logging
- Saved Query now required for Enforcement Sets
- Add options to asset fetches to give more control over exports
- Add support for using column filters in get-by-saved-query
- Add options to asset fetches to support REST API features
- New help-detailed option for asset fetches
- Startup banner enhancements
- axonshell tools shell enhancements
- Library changes
- New projects directory
- axonius_api_client.http.Http signature rewrite
- Docstring updates galore
- ApiEndpoint refactor
- get_env_connect returns more Connect args
- JSONAPI models refactor
- AuthModel refactor
- axonius_api_client.connect.Connect signature rewrite and refactor
- New ApiModel client.enforcements.tasks
- New project cf_token
- AssetMixin.get_generator signature rewrite
- AssetMixin.get_by_saved_query rewrite
- AssetMixin.count rewrite
- Remove v4.0 from all ApiEndpoints
Massive back-end library changes
Transitioning to a modular approach and minimizing package dependencies as much as possible.
The axonshell interface remains unchanged and although the Python library interface has changed in several places, the actual usage remains consistent and will still work the same way for now.
For a comprehensive list of changes to the Python library, see below the axonshell changes.
Bugfix: Logging in with credentials KeyError access_token
In this release, the issue related to logging in with credentials resulting in a KeyError for 'access_token' has been fixed.
The response from the REST API has changed, and the access_token must now be accessed from the response headers instead of the response body of the login endpoint.
Bugfix: Signup object has no attribute auth
In this release, the issue with the Signup object not having the 'auth' attribute has been addressed and fixed.
Users should no longer encounter this error, and the Signup object should now function as expected.
Bugfix: Multiple with datascopes
A bugfix has been implemented to address issues related to datascopes when adding a saved query.
Previously, when datascopes were enabled, the default folder for saving a new query was /Shared Queries.
However, with datascopes enabled, saving to this folder is no longer allowed.
To resolve this issue, the API client logic has been updated to set the default folder for saving queries to /Global instead of /Shared Queries when datascopes are enabled.
Axonshell Changes
New command group in axonshell enforcements for tasks
A new command group has been added to the axonshell enforcements command group for tasks.
Usage: axonshell enforcements tasks [OPTIONS] COMMAND [ARGS]...
Group: Work with tasks ran by the Enforcement Center.
Options:
--help Show this message and exit.
Commands:
count Get Count of Enforcement Center Tasks matching filters.
get Get Enforcement Center Tasks matching filters.
get-filters Get valid values for filtering count or get of Enforcement...
axonshell enforcements tasks count
Usage: axonshell enforcements tasks count [OPTIONS]
Get Count of Enforcement Center Tasks matching filters.
Options:
-u, --url URL URL of an Axonius instance [env var:
AX_URL; required]
-k, --key KEY API Key (or username if credentials=True) of
user in an Axonius instance [env var:
AX_KEY; required]
-s, --secret SECRET API Secret (or password if credentials=True)
of user in an Axonius instance [env var:
AX_SECRET; required]
-at, --action-types TEXT Only get tasks that were ran by types of
actions (use re_prefix for pattern matching)
(multiple) [env var: AX_ACTION_TYPES]
-ate, --action-types-error / -nate, --no-action-types-error
Error if any action_types provided are not
valid [env var: AX_ACTION_TYPES_ERROR;
default: action-types-error]
-atm, --action-types-minimum INTEGER
Error if matches for action_types are < this
number [env var: AX_ACTION_TYPES_MINIMUM]
-df, --date-from TEXT Only get tasks with creation date >= this
date [env var: AX_DATE_FROM]
-dfa, --date-from-add TEXT seconds to add to date_from (or now if
date_from not provided) [env var:
AX_DATE_FROM_ADD]
-dfs, --date-from-subtract TEXT
seconds to subtract from date_from (or now
if date_from not provided) [env var:
AX_DATE_FROM_SUBTRACT]
-dt, --date-to TEXT Only get tasks with creation date <= this
date [env var: AX_DATE_TO]
-dta, --date-to-add TEXT seconds to add to date_to (or now if date_to
not provided) [env var: AX_DATE_TO_ADD]
-dts, --date-to-subtract TEXT seconds to subtract from date_to (or now if
date_to not provided) [env var:
AX_DATE_TO_SUBTRACT]
-du, --discovery-uuids TEXT Only get tasks that were ran by discovery
UUIDs (use re_prefix for pattern matching)
(multiple) [env var: AX_DISCOVERY_UUIDS]
-due, --discovery-uuids-error / -ndue, --no-discovery-uuids-error
Error if any discovery_uuids provided are
not valid [env var:
AX_DISCOVERY_UUIDS_ERROR; default:
discovery-uuids-error]
-dum, --discovery-uuids-minimum INTEGER
Error if matches for discovery_uuids are <
this number [env var:
AX_DISCOVERY_UUIDS_MINIMUM]
-do, --duration-operator [equal|greater|less]
Operator to evaluate the duration_seconds
value against task run durations [env var:
AX_DURATION_OPERATOR; default: less]
-ds, --duration-seconds INTEGER
Only get tasks where run duration matches
duration_operator [env var:
AX_DURATION_SECONDS]
-en, --enforcement-names TEXT Only get tasks that were ran by enforcement
names (use re_prefix for pattern matching)
(multiple) [env var: AX_ENFORCEMENT_NAMES]
-ene, --enforcement-names-error / -nene, --no-enforcement-names-error
Error if any enforcement_names provided are
not valid [env var:
AX_ENFORCEMENT_NAMES_ERROR; default:
enforcement-names-error]
-enm, --enforcement-names-minimum INTEGER
Error if matches for enforcement_names are <
this number [env var:
AX_ENFORCEMENT_NAMES_MINIMUM]
-re, --re-prefix TEXT Any strings provided to action_type,
discovery_uuids, enforcement_names,statuses,
or statuses_result that start with this
value will...
Contributors
gluemaker
Assets 2
4.60.4
4.60.4
- Bugfix: Errors on Windows with multiple axonshell instances
- Feature: Remove logging output for certificate handling
Bugfix: Errors on Windows with multiple axonshell instances
Errors that happen when running a second instance of axonshell at the same
time when rolling over the logs are now caught and logged.
Feature: Remove logging output for certificate handling
Removed the logging output for certificate handling, all errors are stored
internally now.
Full Changelog: 4.60.3...4.60.4
4.60.3
4.60.3
- Bugfix: Error while getting dashboard spaces
- Bugfix: Warning while getting adapter fetch history events
- Feature: Add option to disable log secret hiding
Bugfix: Error while getting dashboard spaces
The schema for Chart objects within Dashboard Spaces was raising errors due to newly added attributes 'shared' and 'private'.
Bugfix: Warning while getting adapter fetch history events
The schema for Adapter Fetch History Events was raising warnings due to newly added attributes 'axonius_version'.
Feature: Add option to disable log secret hiding
New command line argument for axonshell:
-lhs, --log-hide-secrets / -nlhs, --no-log-hide-secrets
Enable hiding of secrets in log output [env
var: AX_LOG_HIDE_SECRETS; default: log-hide-
secrets]
New parameter for axonius_api_client.connect.Connect:
log_hide_secrets: bool = True
log_hide_secrets: enable or disable hiding of secrets in logging system
What's Changed
Full Changelog: 4.60.2...4.60.3
Contributors
gluemaker
Assets 2
4.60.2
4.60.2
Feature: Reduce logging levels in certificate land
All logging from cert_human is now done at debug level.
4.60.1
4.60.1
Bugfix: Python 3.8.x errors
Trying to use the API client on Python 3.8.x would cause exception like:
TypeError: Optional[t] requires a single type. Got Field(name=None....
Cause: Global namespace confusion with class attributes named 'type' and using a type hint like t.Optional[type].
Resolution: Replaced with t.Any.
Feature: Add include history dates when getting assets
New axonshell argument:
axonshell devices get --include-dates
Will add history_date and current_date to as columns to each asset in output.
What's Changed
- [SA-3427] Add Include Dates (History and Current) by @bryce-ax in #227
- 4.60.1 by @lifehackjim in #228
- 4.60.1 by @lifehackjim in #229
New Contributors
Full Changelog: 4.60.0...4.60.1
Contributors
gluemaker and bryce-ax
Assets 2
4.60.0
4.60.0
- Breaking change: You can no longer remove queries from Enforcement Set
- Feature: Folder support
- Feature: Add ability to use username and password for credentials
- Feature: Get the API keys from an Axonius instance and write them to a file
- Feature: Add log filtering to avoid potential credential storage
Breaking change: You can no longer remove queries from Enforcement Set
Trying to do so will now give an error.
Feature: Folder support
This release marks the addition of support for folders for Queries and Enforcements.
Axonshell changes
Added new optional arguments --folder and --create to the following:
- axonshell devices saved-query add
- axonshell devices saved-query copy
- axonshell enforcements copy
- axonshell enforcements create
- axonshell users saved-query add
- axonshell users saved-query copy
- axonshell vulnerabilities saved-query add
- axonshell vulnerabilities saved-query copy
Added new commands:
- axonshell devices saved-query update-folder
- axonshell enforcements update-description
- axonshell enforcements update-folder
- axonshell users saved-query update-folder
- axonshell vulnerabilities saved-query update-folder
Added new command group:
- axonshell folders
- axonshell folders queries
- axonshell folders enforcements
Each command group under folders exposes the same set of commands for working with folders for their respective object types:
- create: Create a folder.
- delete: Delete a folder.
- find: Find a folder.
- get-tree: Get a tree view of all subfolders and their...
- move: Move a folder.
- rename: Rename a folder.
- search-objects: Search for objects in a folder.
- search-objects-copy: Search for objects in a folder and make copies...
- search-objects-delete: Search for objects in a folder and delete them.
- search-objects-move: Search for objects in a folder and move them.
API Changes
New API module under client:
- client.folders -> axonius_api_client.api.folders.Folders
- client.folders.queries -> axonius_api_client.api.folders.FoldersQueries
- client.folders.enforcements -> axonius_api_client.api.folders.FoldersEnforcements
Each API module exposes the same set of methods for working with folders for their respective object types:
- api_endpoint_group: Endpoint group to use for this folders object type
- get: Get the root for this folders object type
- get_cached: Get the root for this folders object type
- get_tree: Get a tree view of all subfolders and their objects
- find: Get a folder by path, id, or folder model for this folders object type
- find_cached: Get a folder by path, id, or folder model for this folders object type
- search_objects: Search for objects in a folder
- search_objects_copy: Search for objects in a folder and copy them, optionally to a different folder
- search_objects_move: Search for objects in a folder and move themto a different folder.
- search_objects_delete: Search for objects in a folder and move themto a different folder.
- create: Create a folder
- rename: Rename a folder
- move: Move a folder
- delete: Delete a folder
_get: direct api method to get root folders_rename: direct api method to rename a folder_move: direct api method to move a folder_create: direct api method to create a folder_delete: direct api method to delete a folder
Feature: Add ability to use username and password for credentials
Axonshell changes
A new option is available to be used at the beginning of the command line:
-creds, --credentials / -keys, --keys
Treat key as Username and secret as password
[env var: AX_CREDENTIALS; default: keys]
This option, when used like:
axonshell -creds devices count
Will treat the value stored in --key or AX_KEY as username, and the value stored in --secret or AX_SECRET as the password.
API changes
Connect has a new argument:
credentials: bool = FalseIf this is True, key is treated as username and secret is treated as password and instead of using the Auth module ApiKey, it will use the new Auth module Credentials.
Credentials logs in with username and password, then fetches the api key and secret and uses that for the duration of the session.
Feature: Get the API keys from an Axonius instance and write them to a file
A new command group has been added to Axonshell:
Usage: axonshell account [OPTIONS] COMMAND [ARGS]...
Group: Account commands.
Options:
--help Show this message and exit.
Commands:
get-api-keys Get the API keys for the current user.
signup Perform the initial signup to an instance.
use-password-reset-token Use a password reset token.
write-config Create/Update a '.env' file with url, key,...
The signup, use-password-reset-token, and write-config commands are just copied over from axonshell tools.
The get-api-key command is a new command altogether:
Usage: axonshell account get-api-keys [OPTIONS]
Get the API keys for the current user.
Options:
-u, --url URL URL of an Axonius instance [env var:
AX_URL; required]
-k, --key KEY API Key of user in an Axonius instance [env
var: AX_KEY; required]
-s, --secret SECRET API Secret of user in an Axonius instance
[env var: AX_SECRET; required]
-xf, --export-format [json|str|env]
Format of to export data in [env var:
AX_EXPORT_FORMAT; default: str]
-e, --env TEXT Path to .env file when --export-format==env
[env var: AX_ENV; default: .env]
--help Show this message and exit.
You can use this with the new --credentials option and have it prompt you for key (provide username), prompt you for secret (provide password) then create your .env file for you:
axonshell -creds account get-api-keys --url 1.1.1.1 --export-format env
Feature: Add log filtering to avoid potential credential storage
Created a logging formatter in axonius_api_client.logs:
class HideFormatter(logging.Formatter):
"""Hide the rest of the line for any lines against :attr:`HIDE_REGEX`."""
HIDE_ENABLED: bool = True
"""Enable hiding of matches to HIDE_REGEX."""
HIDE_REGEX: t.Pattern = re.compile(r"(password|secret).*", re.I)
"""Pattern of sensitive info to hide."""
HIDE_REPLACE: str = r"\1 ...REST OF LINE HIDDEN..."
"""Value to replace matches to HIDE_REGEX with."""If any line in the logging output contains the word password or secret, the rest of the line after those words will be hidden from the logging system.
What's Changed
- backmerge 4.50.3 by @lifehackjim in #222
- 4.60.0 by @lifehackjim in #223
- 4.60.0 SA-3545 SA-3419 by @lifehackjim in #224
- More features for 4.60.0 by @lifehackjim in #226
- Bugfixes for QA gold release SA-3419 by @lifehackjim in #225
Full Changelog: 4.50.3...4.60.0
Contributors
gluemaker
Assets 2
4.50.3
4.50.3
BugFix: SavedQuery predefined returning None
When getting Saved Queries, an error can sometimes occur where predefined is None instead of a boolean. Schema modified to allow none.
What's Changed
- Allow predefined to be null in saved queries. by @nate-axonius in #216
- Bump werkzeug from 2.0.3 to 2.2.3 by @dependabot in #217
- back-merge patch by @lifehackjim in #219
- 4.50.3 by @lifehackjim in #221
Full Changelog: 4.50.2...4.50.3
Contributors
gluemaker, dependabot, and nate-axonius
Assets 2
4.50.2
4.50.2
- KNOWN BUG: Making private copies of Saved Queries that are public
- Bugfix: Remove spurious json serialization errors in logs
- Bugfix: Reduce warnings from extra attributes
- Bugfix: switch all API endpoints for saved queries from /views/ path to /queries/ path
- Bugfix: axonshell devices count can sometimes throw an error:
- Bugfix: Bug in enforcements schedule_weekly logic
- Features: multiple dashboard spaces and chart features
KNOWN BUG: Making private copies of Saved Queries that are public
- Currently the API Client does not yet know how to work with folders, and private saved queries can not be saved
in a shared folder (the default folder). The next version will be adding support for working with folders.
Bugfix: Remove spurious json serialization errors in logs
- Logging request and/or response bodies will no longer generate errors when bodies are empty
Bugfix: Reduce warnings from extra attributes
- Extra attribute warnings serve as a notice that the version of the API client being used does not know
about a schema change in an object presented by the Axonius API. They serve as a helpful notice that you
may need to update your API client to ensure compatibility with the version of Axonius that is being utilized. - Extra attributes now have their own warning class: axonius_api_client.exceptions.ExtraAttributeWarning
- Extra attribute warnings will now only happen once per schema
- Extra attribute warnings can be disabled entirely using OS environment variable AX_EXTRA_WARN="no"
- Extra attribute warning message updated to:
To silence these warnings please upgrade to latest API client.
If there is not a newer version available yet, you can disable these warnings using:
- from command line, use OS environment variable AX_EXTRA_WARN='no'
- or from python, use warnings module:
import warnings, axonius_api_client
warnings.filterwarnings(action="ignore", category=axonius_api_client.exceptions.ExtraAttributeWarning)
- As part of this effort, all schemas in the API Client have been updated to match the schema definitions in the Axonius 4.8.0.4 API
Bugfix: switch all API endpoints for saved queries from /views/ path to /queries/ path
- The /views/ path is deprecated and problematic.
- A large number of back end changes to saved query schemas and private methods were made to support this effort.
Bugfix: axonshell devices count can sometimes throw an error:
- Running:
axonshell devices count --history-days-ago 1- Would produce an error:
min() arg is an empty sequence
- Implemented check for None when no history is available
Bugfix: Bug in enforcements schedule_weekly logic
- Running:
axonshell enforcements update-schedule-weekly -r 1 -sh 23 -sm 3 --value xyz- Would produce an error:
Enforcements.update_schedule_weekly() got an unexpected keyword argument 'schedule_hour'"
- Updated the keywords being used for the click arguments from "schedule_hour" and "schedule_minute" to "hour" and "minute"
Features: multiple dashboard spaces and chart features
-
CLI command group added: axonshell spaces
-
New commands in axonshell spaces:
- export: Export Dashboard Spaces.
- export-charts-to-csv: Export Multiple Charts to CSV.
- import: Import Dashboard Spaces.
-
API model added: axonius_api_client.api.system.dashboard_spaces.DashboardSpaces
-
Connect now has a new property to access the new API model: connect.dashboard_spaces
-
Methods in axonius_api_client.api.system.dashboard_spaces.DashboardSpaces:
- get: get all dashboard space objects
- export_charts_to_csv: export charts to CSV format
- export_charts_to_csv_path: exports charts to CSV format and save to files in a directory
- export_spaces: export spaces and their charts and their queries to a JSON format
- import_spaces: import spaces and their charts and their queries from a JSON export
- get_exportables: get a list of all exportable space names
- load_export_data: load a JSON export into a dataclass and validate it
- _get_exportables: direct api method to get all exportable space names
- _get: direct api method to get all dashboard space objects
- _get_single: direct api method to get a single dashboard space object along with it's chart objects
- _export_chart_csv: direct api method to export a chart to CSV
- _import_spaces: direct api method to import a JSON export
- _export_spaces: direct api method to create a JSON export
What's Changed
Full Changelog: 4.50.1...4.50.2
Contributors
gluemaker
Assets 2
4.50.1
4.50.1
- Bugfix: Permission errors when using API client with 'Viewer' role
- Bugfix: Version not accessible when using API Client with 'Viewer' role
- Bugfix: Adapter Fetch History schema changes
- Bugfix: Adapter Fetch History Filters schema changes
- Bugfix: Preferred fields not being populated when using explode-entities
Bugfix: Permission errors when using API client with 'Viewer' role
- Endpoint being used for validation requires 'View system settings' permission
on users assigned role - Added new endpoint: ApiEndpoints.system_settings.get_constants
- Switched login verification endpoint from
ApiEndpoints.system_settings.meta_abouttoApiEndpoints.system_settings.get_constants
Bugfix: Version not accessible when using API Client with 'Viewer' role
- Added error:bool = True to client.meta.about()
- if error=False, errors in calls to get about metadata are caught and thrown away
- Changed Connect banner string to get about metadata with error=False
- Connect banner string changed to show 'version: unknown (no permissions)' if about
metadata is empty
Bugfix: Adapter Fetch History schema changes
- new field: discovery_id
Bugfix: Adapter Fetch History Filters schema changes
- new field: discoveries_filter
- new argument for client.adapters.get_fetch_history_generator:
discoveries: OPT_STR_RE_LISTY = None - new argument for axonshell adapters:
-fd/--filter-discoveries
Bugfix: Preferred fields not being populated when using explode-entities
Axonshell reproduction without exploding
Get 1 asset with 2 adapters without exploding entities:
axonshell devices get \
--field 'hostname_preferred' \
--wiz simple 'adapters count_equals 2' \
--max-rows 1 \
--export-file 'not_exploded.json' \
--export-overwriteOutput of not_exploded.json with one asset where
'specific_data.data.hostname_preferred' field value is not empty:
[
{
"adapter_list_length": 2,
"adapters": [
"tanium_adapter",
"tanium_asset_adapter"
],
"internal_axon_id": "e6edbb949369e353d735d78ebf2deb44",
"specific_data.data.hostname": [
"ip-10-0-2-213"
],
"specific_data.data.hostname_preferred": "ip-10-0-2-213",
"specific_data.data.last_seen": "Wed, 26 Oct 2022 12:31:59 GMT",
"specific_data.data.network_interfaces.ips": [
"10.0.2.213",
"fe80::4ba:77ff:fed7:336c"
],
"specific_data.data.network_interfaces.mac": [
"06:BA:77:D7:33:6C"
],
"specific_data.data.os.type": [
"Linux"
]
}
]Axonshell reproduction with exploding
Get 1 asset with 2 adapters and explode entities:
axonshell devices get \
--field 'hostname_preferred' \
--wiz simple 'adapters count_equals 2' \
--max-rows 1 \
--explode-entities \
--export-file 'exploded.json' \
--export-overwriteOutput of exploded.json where each exploded assets
'specific_data.data.hostname_preferred' field value is empty:
[
{
"adapters": "tanium_adapter",
"adapter_asset_entities_info": null,
"adapter_list_length": 2,
"internal_axon_id": "e6edbb949369e353d735d78ebf2deb44",
"meta_data.client_used": "63753df13ac032cb043f72e9",
"specific_data.data.hostname": "ip-10-0-2-213",
"specific_data.data.hostname_preferred": null,
"specific_data.data.last_seen": "Wed, 26 Oct 2022 12:31:59 GMT",
"specific_data.data.name": null,
"specific_data.data.network_interfaces.ips": [
"10.0.2.213"
],
"specific_data.data.network_interfaces.mac": null,
"specific_data.data.os.type": null,
"unique_adapter_names_details": ""
},
{
"adapters": "tanium_asset_adapter",
"adapter_asset_entities_info": null,
"adapter_list_length": 2,
"internal_axon_id": "e6edbb949369e353d735d78ebf2deb44",
"meta_data.client_used": "63753e2df6170824de0193f5",
"specific_data.data.hostname": "ip-10-0-2-213",
"specific_data.data.hostname_preferred": null,
"specific_data.data.last_seen": "Wed, 26 Oct 2022 12:00:04 GMT",
"specific_data.data.name": null,
"specific_data.data.network_interfaces.ips": [
"10.0.2.213",
"fe80::4ba:77ff:fed7:336c"
],
"specific_data.data.network_interfaces.mac": "06:BA:77:D7:33:6C",
"specific_data.data.os.type": "Linux",
"unique_adapter_names_details": ""
}
]Axonshell reproduction with fix
axonshell devices get \
--field 'hostname_preferred' \
--wiz simple 'adapters count_equals 2' \
--max-rows 1 \
--explode-entities \
--export-file 'exploded.json' \
--export-overwriteOutput of exploded.json where each exploded assets
'specific_data.data.hostname_preferred' field value is not empty:
[
{
"adapters": "tanium_adapter",
"adapter_asset_entities_info": null,
"adapter_list_length": 2,
"internal_axon_id": "e6edbb949369e353d735d78ebf2deb44",
"meta_data.client_used": "63753df13ac032cb043f72e9",
"specific_data.data.hostname": "ip-10-0-2-213",
"specific_data.data.hostname_preferred": "ip-10-0-2-213",
"specific_data.data.last_seen": "Wed, 26 Oct 2022 12:31:59 GMT",
"specific_data.data.name": null,
"specific_data.data.network_interfaces.ips": [
"10.0.2.213"
],
"specific_data.data.network_interfaces.mac": null,
"specific_data.data.os.type": null,
"unique_adapter_names_details": ""
},
{
"adapters": "tanium_asset_adapter",
"adapter_asset_entities_info": null,
"adapter_list_length": 2,
"internal_axon_id": "e6edbb949369e353d735d78ebf2deb44",
"meta_data.client_used": "63753e2df6170824de0193f5",
"specific_data.data.hostname": "ip-10-0-2-213",
"specific_data.data.hostname_preferred": "ip-10-0-2-213",
"specific_data.data.last_seen": "Wed, 26 Oct 2022 12:00:04 GMT",
"specific_data.data.name": null,
"specific_data.data.network_interfaces.ips": [
"10.0.2.213",
"fe80::4ba:77ff:fed7:336c"
],
"specific_data.data.network_interfaces.mac": "06:BA:77:D7:33:6C",
"specific_data.data.os.type": "Linux",
"unique_adapter_names_details": ""
}
]What's Changed
- 4.50.1 by @lifehackjim in #213
Full Changelog: 4.50.0...4.50.1
Contributors
gluemaker