Contents x
    Axonius
    • 4 Minutes to read
    • Print
    • PDF
    Contents

    Axonius

    • 4 Minutes to read
    • Print
    • PDF
    Article summary

    About this document

    This document provides the step-by-step procedure to configure Axonius in SAFE.

    Introduction

    This integration fetches and updates asset metadata in the SAFE. It retrieves details like FQDN, IP Address, and Asset Type, along with Custom Fields such as Tags and Connection Labels from Axonius. Additionally, it pulls Adapter Tags from Axonius. To sync Custom Fields, corresponding fields must be created in SAFE One. While some Custom Field keys follow standard naming, Adapter Tags require specific key creation.

    Prerequisites

    • SAFE Admin Access

    • Add Custom Fields in SAFE
      To set up custom fields in SAFE, create the standard fields axonius-connection-label, axonius-tags, and axonius-id with the Custom Field Type set to Any and Multi-Valued set to Yes." Additionally, create custom fields in SAFE that match the Tag Key combinations from Adapter Tags on the Axonius Devices Page. For example, if a tag key in Axonius is AX-LO, a corresponding custom field with the same name should be created in SAFE. Refer to Custom Fields.

    • Axonius Base URL

    • Axonius API Key and Secret (available in the user’s account)

    • User Role Permissions in Axonius:

      • Full Access to API

      • View Access for Device Assets

    • Applicable SAFE ONE attack surface types for sync
      If a customer needs to pull in the All attack surface, they must enter all names in this field.

    Generate Connection Details (API Token and Secret)

    1. Log in to Axonius using a user or service account.

    2. Verify the role permissions as follows for the users account or service account you loggedin with:

      1. Go to Settings (top-right corner).

      2. Navigate to User and Role Management > Role.

      3. Make sure the assigned role has:

        1. Full API Access

        2. “View Column Views” access for Device Assets

    3. If the above permission are not available for the user/service account, ask your Axonious Admin to provide the same access.
      Axonious 1.png

    4. Navigate to User Profile available at the bottom-left of the screen

    5. Click the User Settings options.

    6. Navigate to API Keys Tab.

    7. [Optional] If needed, click Reset Key to generate new credentials.

    8. Copy and Save the API Key and Secretv to be used while configuring Axonious in SAFE.

    9. If needed, click Reset Key to generate new credentials.
      Axo 2.png

    Configure Axonious in SAFE

    1. Log in to your SAFE account as an Admin

    2. Navigate to the Integrations page and search for Axonius integration card.

    3. Hover on it and click Configure.

    4. Enter the following details:

      1. Axonius Base URL : The same URL used to log into the Axonius portal.

      2. Axonius API Key and Secret : Refer to /safe-4/docs/axonius#generate-connection-details-api-token-and-secret

      3. Enter the Auto Sync frequency in days.

      4. Enter the applicable SAFE ONE Attack Surface Types for Sync
        Enter a comma-separated list specifying the attack surfaces to pull, such as Cloud, Others. If syncing all, enter all names.

    5. Click Test Connection to verify the setup.

    6. Once successful, click Save to store the configuration.

    7. Click Sync Now to trigger an on-demand sync.

    8. Upon a successful sync, the system pulls the Axonius assets and their findings in SAFE. You can track the status of the sync in the History table.

    Note

    It is crucial to note that only metadata is retrieved; therefore, the Findings View & Asset View will remain blank post-configuration. This is a normal part of the process and distinguishes this integration type, as typically there are findings and assets visible after sync with other integrations.

    FAQs

    Question: Which type of Assets can I sync from Axonius to SAFE ?

    Answer: Currently we support only sync for Compute > Devices to SAFE.

    Question: Can I see the that which asset is synced from Axonius?

    If Custom Field is created for Axonius ID, the value for the field will be populated for the asset fetched from Axonius when sync completes. The field in SAFE maps to “Asset Unique ID” column in Axonious Portal.

    How to confirm Axonius API access and permissions are correct?

    If there are API access or permissions problems suspected then basic connectivity can be confirmed by executing the below cURL request from the internet (outside of any corporate network/VPN).

    The values <Axonius Base URL> , <api-key> and <api-secret> should be replaced with the correct values for the target Axonius endpoint.

    The expectation is that this request will successfully return a json document of attributes for one device. If connectivity or authorisation errors are returned then the API user configuration in Axonius likely needs to be reviewed. For further analysis of the returned data this can be forwarded to SAFE to review.

    curl --location 'https://<Axonius Base URL>/api/devices' \
--header 'api-key: <api-key>' \
--header 'api-secret: <api-secret>' \
--header 'Content-Type: application/json' \
--data '{
  "meta": null,
  "data": {
    "type": "entity_request_schema",
    "attributes": {
      "page": {
        "offset": 0,
        "limit": 1
      },
      "use_cache_entry": false,
      "always_cached_query": false,
      "fields": {
        "devices": [
          "specific_data.data.name_preferred",
          "specific_data.data.hostname_fqdn_preferred",
          "specific_data.data.network_interfaces.mac_preferred",
          "specific_data.data.network_interfaces.ips_preferred",
          "labels",
          "specific_data.connection_label",
          "specific_data.data.adapter_properties",
          "specific_data.data.os.type_preferred",
          "specific_data.data.os.combined_os_fields_preferred",
          "specific_data.data.tags",
          "specific_data.data.tags.tag_key",
          "specific_data.data.tags.tag_source",
          "specific_data.data.tags.tag_value",
          "specific_data.data.physical_location_preferred",
          "internal_axon_id"
        ]
      },
      "get_metadata": true,
      "include_details": true
    }
  }
}'

    View Results

    You can navigate to Technology and filter the asset list by the same Attack Surface. Check for the matching Asset Name or FQDN which exists both in SAFE and Axonious, metadata should be updated when the sync is complete.

    History

    Learn more about Integration History here.

    SAFE's Outgoing IP Addresses

    Click here to find the outgoing IP addresses of SAFE. All traffic to any integrations in SAFE will see one IP address as the source IP of the incoming connection.

    Was this article helpful?
    What's Next