Axonius-api-client

<!-- MarkdownTOC -->

- [KNOWN BUG: Making private copies of Saved Queries that are public](known-bug-making-private-copies-of-saved-queries-that-are-public)
- [Bugfix: Remove spurious json serialization errors in logs](bugfix-remove-spurious-json-serialization-errors-in-logs)
- [Bugfix: Reduce warnings from extra attributes](bugfix-reduce-warnings-from-extra-attributes)
- [Bugfix: switch all API endpoints for saved queries from /views/ path to /queries/ path](bugfix-switch-all-api-endpoints-for-saved-queries-from-views-path-to-queries-path)
- [Bugfix: axonshell devices count can sometimes throw an error:](bugfix-axonshell-devices-count-can-sometimes-throw-an-error)
- [Bugfix: Bug in enforcements schedule_weekly logic](bugfix-bug-in-enforcements-schedule_weekly-logic)
- [Features: multiple dashboard spaces and chart features](features-multiple-dashboard-spaces-and-chart-features)

<!-- /MarkdownTOC -->


KNOWN BUG: Making private copies of Saved Queries that are public

- Currently the API Client does not yet know how to work with folders, and private saved queries can not be saved
in a shared folder (the default folder). The next version will be adding support for working with folders.

Bugfix: Remove spurious json serialization errors in logs

- Logging request and/or response bodies will no longer generate errors when bodies are empty

Bugfix: Reduce warnings from extra attributes

- Extra attribute warnings serve as a notice that the version of the API client being used does not know
about a schema change in an object presented by the Axonius API. They serve as a helpful notice that you
may need to update your API client to ensure compatibility with the version of Axonius that is being utilized.
- Extra attributes now have their own warning class: axonius_api_client.exceptions.ExtraAttributeWarning
- Extra attribute warnings will now only happen once per schema
- Extra attribute warnings can be disabled entirely using OS environment variable AX_EXTRA_WARN="no"
- Extra attribute warning message updated to:
text
To silence these warnings please upgrade to latest API client.
If there is not a newer version available yet, you can disable these warnings using:
- from command line, use OS environment variable AX_EXTRA_WARN='no'
- or from python, use warnings module:
import warnings, axonius_api_client
warnings.filterwarnings(action="ignore", category=axonius_api_client.exceptions.ExtraAttributeWarning)

- As part of this effort, all schemas in the API Client have been updated to match the schema definitions in the Axonius 4.8.0.4 API

Bugfix: switch all API endpoints for saved queries from /views/ path to /queries/ path

- The /views/ path is deprecated and problematic.
- A large number of back end changes to saved query schemas and private methods were made to support this effort.

Bugfix: axonshell devices count can sometimes throw an error:

- Running:
shell

axonshell devices count --history-days-ago 1


- Would produce an error:
text
min() arg is an empty sequence


- Implemented check for None when no history is available

Bugfix: Bug in enforcements schedule_weekly logic

- Running:
shell
axonshell enforcements update-schedule-weekly -r 1 -sh 23 -sm 3 --value xyz


- Would produce an error:
text
Enforcements.update_schedule_weekly() got an unexpected keyword argument 'schedule_hour'"


- Updated the keywords being used for the click arguments from "schedule_hour" and "schedule_minute" to "hour" and "minute"

Features: multiple dashboard spaces and chart features

- CLI command group added: axonshell spaces
- New commands in axonshell spaces:
- export: Export Dashboard Spaces.
- export-charts-to-csv: Export Multiple Charts to CSV.
- import: Import Dashboard Spaces.

- API model added: axonius_api_client.api.system.dashboard_spaces.DashboardSpaces
- Connect now has a new property to access the new API model: connect.dashboard_spaces
- Methods in axonius_api_client.api.system.dashboard_spaces.DashboardSpaces:
- get: get all dashboard space objects
- export_charts_to_csv: export charts to CSV format
- export_charts_to_csv_path: exports charts to CSV format and save to files in a directory
- export_spaces: export spaces and their charts and their queries to a JSON format
- import_spaces: import spaces and their charts and their queries from a JSON export
- get_exportables: get a list of all exportable space names
- load_export_data: load a JSON export into a dataclass and validate it
- _get_exportables: direct api method to get all exportable space names
- _get: direct api method to get all dashboard space objects
- _get_single: direct api method to get a single dashboard space object along with it's chart objects
- _export_chart_csv: direct api method to export a chart to CSV
- _import_spaces: direct api method to import a JSON export
- _export_spaces: direct api method to create a JSON export

What's Changed
* 4.50.2 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/214
* 4.50.2 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/215


**Full Changelog**: https://github.com/Axonius/axonius_api_client/compare/4.50.1...4.50.2

<!-- MarkdownTOC -->

- [Bugfix: Permission errors when using API client with 'Viewer' role](bugfix-permission-errors-when-using-api-client-with-viewer-role)
- [Bugfix: Version not accessible when using API Client with 'Viewer' role](bugfix-version-not-accessible-when-using-api-client-with-viewer-role)
- [Bugfix: Adapter Fetch History schema changes](bugfix-adapter-fetch-history-schema-changes)
- [Bugfix: Adapter Fetch History Filters schema changes](bugfix-adapter-fetch-history-filters-schema-changes)
- [Bugfix: Preferred fields not being populated when using explode-entities](bugfix-preferred-fields-not-being-populated-when-using-explode-entities)
- [Axonshell reproduction without exploding](axonshell-reproduction-without-exploding)
- [Axonshell reproduction with exploding](axonshell-reproduction-with-exploding)
- [Axonshell reproduction with fix](axonshell-reproduction-with-fix)

<!-- /MarkdownTOC -->

Bugfix: Permission errors when using API client with 'Viewer' role

- Endpoint being used for validation requires 'View system settings' permission
on users assigned role
- Added new endpoint: ApiEndpoints.system_settings.get_constants
- Switched login verification endpoint from
`ApiEndpoints.system_settings.meta_about` to `ApiEndpoints.system_settings.get_constants`

Bugfix: Version not accessible when using API Client with 'Viewer' role

- Added error:bool = True to client.meta.about()
- if error=False, errors in calls to get about metadata are caught and thrown away
- Changed Connect banner string to get about metadata with error=False
- Connect banner string changed to show 'version: unknown (no permissions)' if about
metadata is empty

Bugfix: Adapter Fetch History schema changes

- new field: discovery_id

Bugfix: Adapter Fetch History Filters schema changes

- new field: discoveries_filter
- new argument for client.adapters.get_fetch_history_generator:
`discoveries: OPT_STR_RE_LISTY = None`
- new argument for axonshell adapters:
`-fd/--filter-discoveries`

Bugfix: Preferred fields not being populated when using explode-entities

Axonshell reproduction without exploding

Get 1 asset with 2 adapters without exploding entities:

bash
axonshell devices get \
--field 'hostname_preferred' \
--wiz simple 'adapters count_equals 2' \
--max-rows 1 \
--export-file 'not_exploded.json' \
--export-overwrite


Output of not_exploded.json with one asset where
'specific_data.data.hostname_preferred' field value is not empty:

json
[
{
"adapter_list_length": 2,
"adapters": [
"tanium_adapter",
"tanium_asset_adapter"
],
"internal_axon_id": "e6edbb949369e353d735d78ebf2deb44",
"specific_data.data.hostname": [
"ip-10-0-2-213"
],
"specific_data.data.hostname_preferred": "ip-10-0-2-213",
"specific_data.data.last_seen": "Wed, 26 Oct 2022 12:31:59 GMT",
"specific_data.data.network_interfaces.ips": [
"10.0.2.213",
"fe80::4ba:77ff:fed7:336c"
],
"specific_data.data.network_interfaces.mac": [
"06:BA:77:D7:33:6C"
],
"specific_data.data.os.type": [
"Linux"
]
}
]


Axonshell reproduction with exploding

Get 1 asset with 2 adapters and explode entities:

bash
axonshell devices get \
--field 'hostname_preferred' \
--wiz simple 'adapters count_equals 2' \
--max-rows 1 \
--explode-entities \
--export-file 'exploded.json' \
--export-overwrite


Output of exploded.json where each exploded assets
'specific_data.data.hostname_preferred' field value is empty:

json
[
{
"adapters": "tanium_adapter",
"adapter_asset_entities_info": null,
"adapter_list_length": 2,
"internal_axon_id": "e6edbb949369e353d735d78ebf2deb44",
"meta_data.client_used": "63753df13ac032cb043f72e9",
"specific_data.data.hostname": "ip-10-0-2-213",
"specific_data.data.hostname_preferred": null,
"specific_data.data.last_seen": "Wed, 26 Oct 2022 12:31:59 GMT",
"specific_data.data.name": null,
"specific_data.data.network_interfaces.ips": [
"10.0.2.213"
],
"specific_data.data.network_interfaces.mac": null,
"specific_data.data.os.type": null,
"unique_adapter_names_details": ""
},
{
"adapters": "tanium_asset_adapter",
"adapter_asset_entities_info": null,
"adapter_list_length": 2,
"internal_axon_id": "e6edbb949369e353d735d78ebf2deb44",
"meta_data.client_used": "63753e2df6170824de0193f5",
"specific_data.data.hostname": "ip-10-0-2-213",
"specific_data.data.hostname_preferred": null,
"specific_data.data.last_seen": "Wed, 26 Oct 2022 12:00:04 GMT",
"specific_data.data.name": null,
"specific_data.data.network_interfaces.ips": [
"10.0.2.213",
"fe80::4ba:77ff:fed7:336c"
],
"specific_data.data.network_interfaces.mac": "06:BA:77:D7:33:6C",
"specific_data.data.os.type": "Linux",
"unique_adapter_names_details": ""
}
]


Axonshell reproduction with fix

bash
axonshell devices get \
--field 'hostname_preferred' \
--wiz simple 'adapters count_equals 2' \
--max-rows 1 \
--explode-entities \
--export-file 'exploded.json' \
--export-overwrite


Output of exploded.json where each exploded assets
'specific_data.data.hostname_preferred' field value is not empty:

json
[
{
"adapters": "tanium_adapter",
"adapter_asset_entities_info": null,
"adapter_list_length": 2,
"internal_axon_id": "e6edbb949369e353d735d78ebf2deb44",
"meta_data.client_used": "63753df13ac032cb043f72e9",
"specific_data.data.hostname": "ip-10-0-2-213",
"specific_data.data.hostname_preferred": "ip-10-0-2-213",
"specific_data.data.last_seen": "Wed, 26 Oct 2022 12:31:59 GMT",
"specific_data.data.name": null,
"specific_data.data.network_interfaces.ips": [
"10.0.2.213"
],
"specific_data.data.network_interfaces.mac": null,
"specific_data.data.os.type": null,
"unique_adapter_names_details": ""
},
{
"adapters": "tanium_asset_adapter",
"adapter_asset_entities_info": null,
"adapter_list_length": 2,
"internal_axon_id": "e6edbb949369e353d735d78ebf2deb44",
"meta_data.client_used": "63753e2df6170824de0193f5",
"specific_data.data.hostname": "ip-10-0-2-213",
"specific_data.data.hostname_preferred": "ip-10-0-2-213",
"specific_data.data.last_seen": "Wed, 26 Oct 2022 12:00:04 GMT",
"specific_data.data.name": null,
"specific_data.data.network_interfaces.ips": [
"10.0.2.213",
"fe80::4ba:77ff:fed7:336c"
],
"specific_data.data.network_interfaces.mac": "06:BA:77:D7:33:6C",
"specific_data.data.os.type": "Linux",
"unique_adapter_names_details": ""
}
]


What's Changed
* 4.50.1 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/213


**Full Changelog**: https://github.com/Axonius/axonius_api_client/compare/4.50.0...4.50.1

<!-- MarkdownTOC -->

- [Bugfix: Errors when using Python 3.11](bugfix-errors-when-using-python-311)
- [Bugfix: axonshell adapters cnx add missing argument for connection label](bugfix-axonshell-adapters-cnx-add-missing-argument-for-connection-label)

<!-- /MarkdownTOC -->

Bugfix: Errors when using Python 3.11

- Most issues due to dataclasses no longer accepting mutable defaults,
set all dataclasses used as constants as frozen=True
- revalidated against:

Versions:

* Python 3.7.8 64 bit
* Python 3.10.8 64 bit
* Python 3.11.0 64 bit

Operating Systems:

* macOS 12.6.1 (Monterey)
* Ubuntu Linux 18.04.05 64 bit (using "ubuntu-18.04.5-desktop-amd64.iso")
* Ubuntu Linux 22.04.01 64 bit (using "ubuntu-22.04.1-desktop-amd64.iso")
* Microsoft Windows 10 x64
* Microsoft Windows 11 x64
* Microsoft Windows Server 2016 x64
* Microsoft Windows Server 2019 x64
* Microsoft Windows Server 2022 x64

Bugfix: axonshell adapters cnx add missing argument for connection label

- Added option --connection-label
- Also added support for -c "connection_label=foo"

What's Changed
* 4.50.0 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/212


**Full Changelog**: https://github.com/Axonius/axonius_api_client/compare/4.40.8...4.50.0

<!-- MarkdownTOC -->

- [Bugfix: updating a connection setting of type file would throw file not found error](bugfix-updating-a-connection-setting-of-type-file-would-throw-file-not-found-error)
- [Error](error)
- [Python Reproduction](python-reproduction)
- [Axonshell Reproduction](axonshell-reproduction)
- [Changes](changes)

<!-- /MarkdownTOC -->

Bugfix: updating a connection setting of type file would throw file not found error

Error

text
raise ConfigInvalidValue(f"{sinfo}\nFile is not an existing file!")
axonius_api_client.exceptions.ConfigInvalidValue: Value "..." of type 'str' supplied for updating settings for connection Adapter Name: 'json', Instance name: 'Master', Instance ID: '55c35820b0284ac5ba28e7ab8f96683c', Connection ID: '55c35820b0284ac5ba28e7ab8f96683c', Connection UUID: '55c35820b0284ac5ba28e7ab8f96683c', Is active: True, Status: success setting 'file_path'
File is not an existing file!


Python Reproduction

python
cnx = client.adapters.cnx.get_by_adapter("json")[0]
updated = client.adapters.cnx.update_by_id(
cnx_id=cnx["id"], adapter_name="json", file_path="~/workdir/json_adapter.json"
)


Axonshell Reproduction

bash
axonshell adapters cnx update-by-id -n json -i 635ab06b875e3b8ba0b1b9a6 -c file_path=~/workdir/json_adapter.json -npo


Changes

- changed axonius_api_client.tools.json_load to not load contents from file if load_file=False
- changed axonius_api_client.adapters.cnx.Cnx.cb_file_upload to pass load_file=False when calling json_load

What's Changed
* 4.40.8 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/211


**Full Changelog**: https://github.com/Axonius/axonius_api_client/compare/4.40.7...4.40.8

<!-- MarkdownTOC -->

- [Bugfix: axonshell system meta about does not return Customer ID](bugfix-axonshell-system-meta-about-does-not-return-customer-id)

<!-- /MarkdownTOC -->

Bugfix: axonshell system meta about does not return Customer ID

- "Customer ID" no longer returned in endpoint "api/settings/meta/about"
- Added new endpoint "api/settings/metadata"
- Modified axonius_api_client.api.system.meta.Meta.about to combine the returns of
endpoint "api/settings/meta/about" and endpoint "api/settings/metadata"

What's Changed
* Bugfix/about missing customer by nate-axonius in https://github.com/Axonius/axonius_api_client/pull/209
* 4.40.7 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/210


**Full Changelog**: https://github.com/Axonius/axonius_api_client/compare/4.40.6...4.40.7

<!-- MarkdownTOC -->

- [Feature: Run Enforcement against manual selection of Asset IDs](feature-run-enforcement-against-manual-selection-of-asset-ids)
- [Axonshell changes](axonshell-changes)
- [API Client library changes](api-client-library-changes)
- [Feature: support semi-colon instead of comma as CSV delimiter for env vars](feature-support-semi-colon-instead-of-comma-as-csv-delimiter-for-env-vars)
- [Bugfix: Role permissions throw KeyError for some RBAC category actions](bugfix-role-permissions-throw-keyerror-for-some-rbac-category-actions)
- [Bugfix: Reduce log output](bugfix-reduce-log-output)

<!-- /MarkdownTOC -->

Feature: Run Enforcement against manual selection of Asset IDs

Axonshell changes

New commands added to groups ``axonshell devices``, ``axonshell users``,
and ``axonshell vulnerabilities``:

- run-enforcement-from-jsonl: Grab Asset IDs from a JSONL file and run
an Enforcement Set against them.

bash
Notes:
1) --path must be a JSONL file with one dictionary per line

Example:
1) Get assets in JSONL format:
axonshell devices get --export-format json --json-flat --export-file data.jsonl --export-overwrite --wiz simple 'os.type equals windows'
2) Run an enforcement set against the asset IDs in the JSON file:
2a) prompting to verify the count:
axonshell devices run-enforcement-from-jsonl --path data.jsonl --eset test
2b) With no prompting (will error out if the count mismatches):
axonshell devices run-enforcement-from-jsonl --path data.jsonl --eset test --no-prompt
2c) With no verification because we know the asset IDs are valid for this instance:
axonshell devices run-enforcement-from-jsonl --path data.jsonl --eset test --verified


- run-enforcement-from-json: Grab Asset IDs from a JSON file and run an
Enforcement Set against them.

bash
Notes:
1) --path must be a JSON file containing a list of dictionaries

Example:
1) Get assets in JSON format:
axonshell devices get --export-format json --export-file data.json --export-overwrite --wiz simple 'os.type equals windows'
2) Run an enforcement set against the asset IDs in the JSON file:
2a) prompting to verify the count:
axonshell devices run-enforcement-from-json --path data.json --eset test
2b) With no prompting (will error out if the count mismatches):
axonshell devices run-enforcement-from-json --path data.json --eset test --no-prompt
2c) With no verification because we know the asset IDs are valid for this instance:
axonshell devices run-enforcement-from-json --path data.json --eset test --verified


- run-enforcement-from-csv: Grab Asset IDs from a CSV file and run an
Enforcement Set against them.

bash
Notes:
1) --path must be a CSV file with headers
2) --path can also be a CSV file exported from the GUI.

Example:
1) Get assets in CSV format:
axonshell devices get --export-format csv --export-file data.csv --export-overwrite --wiz simple 'os.type equals windows'
2) Run an enforcement set against the asset IDs in the CSV file:
2a) prompting to verify the count:
axonshell devices run-enforcement-from-csv --path data.csv --eset test
2b) With no prompting (will error out if the count mismatches):
axonshell devices run-enforcement-from-csv --path data.csv --eset test --no-prompt
2c) With no verification because we know the asset IDs are valid for this instance:
axonshell devices run-enforcement-from-csv --path data.csv --eset test --verified


- run-enforcement-from-text: Grab Asset IDs from any old text file and run an
Enforcement Set against them.

bash
Notes:
1) --path must be a text file with valid asset IDs
2) All lines will have any non alpha-numeric characters removed from them and
if a 32 character alpha numeric string is found it is considered an Asset ID.

Example:
1) Get assets in JSON format then use jq to extract the IDs to a text file:
axonshell devices get --export-format json --export-file data.json --export-overwrite --wiz simple 'os.type equals windows'
jq '.[].internal_axon_id' data.json > data.txt
2) Run an enforcement set against the asset IDs in the text file:
2a) prompting to verify the count:
axonshell devices run-enforcement-from-text --path data.txt --eset test
2b) With no prompting (will error out if the count mismatches):
axonshell devices run-enforcement-from-text --path data.txt --eset test --no-prompt
2c) With no verification because we know the asset IDs are valid for this instance:
axonshell devices run-enforcement-from-text --path data.txt --eset test --verified


API Client library changes

New Methods for client.devices/client.users/client.vulnerabilities:

- run_enforcement: Run an enforcement set against a manually selected list of assets.

python
'''Get a list of assets from a query and manually extract the IDs.
We know assets are valid because we just got them, so we pass verified=True.
'''
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
WIZ = "simple os.type equals Windows" "query of assets to target"
ESET = "test" "name or uuid of enforcement set"
ITEMS = apiobj.get(wiz_entries=WIZ)
IDS = [x['internal_axon_id'] for x in ITEMS]
runner = apiobj.run_enforcement(eset=ESET, ids=IDS, verified=True)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=None,
verified=True,
verify_count=True,
prompt=False,
grabber=None,
)
'''


- run_enforcement_from_items: Get Asset IDs from a list of dicts or strs and run
an Enforcement Set against them.

python
'''Get a list of assets from a query and use the grabber get the IDs.
We know assets are valid because we just got them, so we pass verified=True.
'''
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
WIZ = "simple os.type equals Windows" "query of assets to target"
ESET = "test" "name or uuid of enforcement set"
ITEMS = apiobj.get(wiz_entries=WIZ)
runner = apiobj.run_enforcement_from_items(eset=ESET, items=ITEMS, verified=True)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=None,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=31,
count_found=31,
do_echo=True,
do_raise=False,
source=None,
),
)
'''


- run_enforcement_from_json: Get Asset IDs from a JSON string with a list of
dicts and run an Enforcement Set against them.

python
'''Get a list of assets from a query and export the assets to a JSON str
then run an enforcement against all asset IDs from the JSON str.
We know assets are valid because we just got them, so we pass verified=True.
'''
import io
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
WIZ = "simple os.type equals Windows" "query of assets to target"
ESET = "test" "name or uuid of enforcement set"
FH = io.StringIO()
z = apiobj.get(wiz_entries=WIZ, export="json", export_fd=FH, export_fd_close=False)
FH.seek(0)
ITEMS = FH.getvalue()
runner = apiobj.run_enforcement_from_json(eset=ESET, items=ITEMS, verified=True)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=None,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=31,
count_found=31,
do_echo=True,
do_raise=False,
source='from_json items type=str, length=15519 post_load type=list, length=31',
),
)
'''


python
'''Get a list of assets from a query and export the assets to a JSON file
then run an enforcement against all asset IDs from the JSON file.
We know assets are valid because we just got them, so we pass verified=True.
'''
import pathlib
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
WIZ = "simple os.type equals Windows" "query of assets to target"
ESET = "test" "name or uuid of enforcement set"
PATH = pathlib.Path("data.json")
z = apiobj.get(wiz_entries=WIZ, export="json", export_file=PATH, export_overwrite=True)
runner = apiobj.run_enforcement_from_json(eset=ESET, items=PATH, verified=True)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=None,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=31,
count_found=31,
do_echo=True,
do_raise=False,
source='from_json items type=PosixPath, length=None post_load type=list, length=31',
),
)
'''


- run_enforcement_from_jsonl: Get Asset IDs from a JSONL string with one dict
per line and run an Enforcement Set against them.

python
'''Get a list of assets from a query and export the assets to a JSONL str
then run an enforcement against all asset IDs from the JSONL str.
We know assets are valid because we just got them, so we pass verified=True.
'''
import io
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
WIZ = "simple os.type equals Windows" "query of assets to target"
ESET = "test" "name or uuid of enforcement set"
FH = io.StringIO()
z = apiobj.get(
wiz_entries=WIZ, export="json", json_flat=True, export_fd=FH, export_fd_close=False)
FH.seek(0)
runner = apiobj.run_enforcement_from_jsonl(eset=ESET, items=FH, verified=True)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=None,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=31,
count_found=31,
do_echo=True,
do_raise=False,
source='from_jsonl items type=StringIO, length=None post_load type=list, length=31',
),
)
'''


python
'''Get a list of assets from a query and export the assets to a JSONL file
then run an enforcement against all asset IDs from the JSONL file.
We know assets are valid because we just got them, so we pass verified=True.
'''
import pathlib
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
WIZ = "simple os.type equals Windows" "query of assets to target"
ESET = "test" "name or uuid of enforcement set"
PATH = pathlib.Path("data.jsonl")
z = apiobj.get(
wiz_entries=WIZ, export="json", json_flat=True, export_file=PATH, export_overwrite=True)
runner = apiobj.run_enforcement_from_jsonl(eset=ESET, items=PATH, verified=True)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=None,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=31,
count_found=31,
do_echo=True,
do_raise=False,
source='from_jsonl items type=PosixPath, length=None post_load type=list, length=31',
),
)
'''


- run_enforcement_from_csv: Get Asset IDs from a CSV string and run
an Enforcement Set against them.

python
'''Get a list of assets from a query and export the assets to a JSONL str
then run an enforcement against all asset IDs from the JSONL str.
We can also use a CSV file exported from the GUI.
We know assets are valid because we just got them, so we pass verified=True.
'''
from axonius_api_client.tools import bom_strip
import io
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
WIZ = "simple os.type equals Windows" "query of assets to target"
ESET = "test" "name or uuid of enforcement set"
FH = io.StringIO()
z = apiobj.get(wiz_entries=WIZ, export="csv", export_fd=FH, export_fd_close=False)
FH.seek(0)
ITEMS = bom_strip(FH.getvalue())
runner = apiobj.run_enforcement_from_csv(eset=ESET, items=ITEMS, verified=True)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=None,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=33,
count_found=31,
do_echo=True,
do_raise=False,
source='from_csv items type=str, length=6556 post_load type=list, length=33',
),
)
'''


python
'''Get a list of assets from a query and export the assets to a CSV file
then run an enforcement against all asset IDs from the CSV file.
We can also use a CSV file exported from the GUI.
We know assets are valid because we just got them, so we pass verified=True.
'''
import pathlib
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
WIZ = "simple os.type equals Windows" "query of assets to target"
ESET = "test" "name or uuid of enforcement set"
PATH = pathlib.Path("data.csv")
z = apiobj.get(wiz_entries=WIZ, export="csv", export_file=PATH, export_overwrite=True)
runner = apiobj.run_enforcement_from_csv(eset=ESET, items=PATH, verified=True)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=None,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=33,
count_found=31,
do_echo=True,
do_raise=False,
source='from_csv items type=PosixPath, length=None post_load type=list, length=33',
),
)
'''


- run_enforcement_from_text: Get Asset IDs from a text string and run
an Enforcement Set against them.

python
'''Get a list of assets from a query and export the assets to a text file
then run an enforcement against all asset IDs from the text file.
All lines will have any non alpha-numeric characters removed from them and if a
32 character alpha numeric string is found it is considered an Asset ID.
We know assets are valid because we just got them, so we pass verified=True.
'''
import pathlib
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
WIZ = "simple os.type equals Windows" "query of assets to target"
ESET = "test" "name or uuid of enforcement set"
PATH = pathlib.Path("data.txt")
ASSETS = apiobj.get(wiz_entries=WIZ)
IDS = [x['internal_axon_id'] for x in ASSETS]
PATH.write_text('\n'.join(IDS))
runner = apiobj.run_enforcement_from_text(eset=ESET, items=PATH, verified=True)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=None,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=31,
count_found=31,
do_echo=True,
do_raise=False,
source='from_text items type=PosixPath, length=None',
),
)
'''


- run_enforcement_from_json_path: Get Asset IDs from a JSON file with a list of
dicts and run an Enforcement Set against them.

python
'''Run an enforcement against all asset IDs from a JSON file.
We are unsure if Asset IDs are still valid for this instance so
we do not pass verified=True.
'''
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
PATH = "data.json"
ESET = "test" "name or uuid of enforcement set"
runner = apiobj.run_enforcement_from_json_path(eset=ESET, path=PATH)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=31,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=31,
count_found=31,
do_echo=True,
do_raise=False,
source='from_json_path /Users/jimbo/gh/Axonius/axonapi/data.json /
from_json items type=PosixPath, length=None post_load
type=list, length=31',
),
)
'''


- run_enforcement_from_jsonl_path: Get Asset IDs from a JSONL file with one
dict per line and run an Enforcement Set against them.

python
'''Run an enforcement against all asset IDs from a JSONL file.
We are unsure if Asset IDs are still valid for this instance so
we do not pass verified=True.
'''
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
PATH = "data.jsonl"
ESET = "test" "name or uuid of enforcement set"
runner = apiobj.run_enforcement_from_jsonl_path(eset=ESET, path=PATH)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=31,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=31,
count_found=31,
do_echo=True,
do_raise=False,
source='from_jsonl_path /Users/jimbo/gh/Axonius/axonapi/data.jsonl /
from_jsonl items type=PosixPath, length=None post_load type=list, length=31',
),
)
'''


- run_enforcement_from_csv_path: Get Asset IDs from a CSV file and run
an Enforcement Set against them.

python
'''Run an enforcement against all asset IDs from a JSONL file.
We are unsure if Asset IDs are still valid for this instance so
we do not pass verified=True.
'''
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
PATH = "data.csv"
ESET = "test" "name or uuid of enforcement set"
runner = apiobj.run_enforcement_from_csv_path(eset=ESET, path=PATH)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=31,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=33,
count_found=31,
do_echo=True,
do_raise=False,
source='from_csv_path /Users/jimbo/gh/Axonius/axonapi/data.csv /
from_csv items type=PosixPath, length=None post_load type=list, length=33',
),
)
'''


- run_enforcement_from_text_path: Get Asset IDs from a text file and run
an Enforcement Set against them.

python
'''Run an enforcement against all asset IDs from a text file.
All lines will have any non alpha-numeric characters removed from them and if a
32 character alpha numeric string is found it is considered an Asset ID.
We are unsure if Asset IDs are still valid for this instance so
we do not pass verified=True.
'''
client = globals()['client'] instance of axonius_api_client.Connect
apiobj = client.devices client.devices, client.users, or client.vulnerabilities
PATH = "data.txt"
ESET = "test" "name or uuid of enforcement set"
runner = apiobj.run_enforcement_from_text_path(eset=ESET, path=PATH)
print(runner)
'''
Runner(
state='Ran Enforcement Set against 31 supplied Asset IDs',
eset='test',
executed=True,
count_ids=31,
count_result=None,
verified=True,
verify_count=True,
prompt=False,
grabber=Grabber(
count_supplied=31,
count_found=31,
do_echo=True,
do_raise=False,
source='from_text_path /Users/jimbo/gh/Axonius/axonapi/data.txt /
from_text items type=PosixPath, length=None post_load type=generator, length=None',
),
)
'''


- _run_enforcement: Direct API method to run an Enforcement Set against a
list of Asset IDs

New classes:

- axonius_api_client.api.assets.runner.Runner: verify Asset IDs and run
an enforcement set against them
- axonius_api_client.parsers.grabber.Grabber: grab asset IDs from various
export formats (csv, json, jsonl, text)
- axonius_api_client.constants.fields.AXID: global constant for working with
Asset IDs (ala internal_axon_id)

New Schemas:

- axonius_api_client.api.json_api.assets.RunEnforcementRequestSchema
- axonius_api_client.api.json_api.assets.RunEnforcementRequest
- axonius_api_client.api.json_api.selection.IdSelectionSchema
- axonius_api_client.api.json_api.selection.IdSelection

Feature: support semi-colon instead of comma as CSV delimiter for env vars

- prepending the env var value with "semi:" will now
use ; instead of , as the delimiter for CSV strings passed to AX_COOKIES
and AX_HEADERS, i.e.:

bash
export AX_HEADERS="semi:key1=value1;key2=value2"


Bugfix: Role permissions throw KeyError for some RBAC category actions

- Fallback to False if an action for an RBAC category is not defined on a roles permissions

Bugfix: Reduce log output

- Reduced log spam from Http to make logs easier to read

What's Changed
* Feature/enforcement run manual selection by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/207
* Fix typos by mcsalgado in https://github.com/Axonius/axonius_api_client/pull/204
* 4.40.6 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/208

New Contributors
* mcsalgado made their first contribution in https://github.com/Axonius/axonius_api_client/pull/204

**Full Changelog**: https://github.com/Axonius/axonius_api_client/compare/4.40.5...4.40.6