Frank Reay Posted January 27, 2021 Share Posted January 27, 2021 We will shortly be integrating Intune/Endpoint Manager into Hornbill for our personal devices (maybe every night). The Audit function is very useful for us but I have noticed that when I update records via the API route (using my CMD prompt) that this is not recorded as a change. Can you confirm if that will be the same with the automated import from a discovery tool? If that is the case then this is 'good' and 'bad'(!) so I am wondering what the thinking was behind this (I totally accept this is a complex area but unfortunately I need to satisfy our auditors with some answers!). In particular... Most fields will not be updated as the info will be static. However the API will still inject the data (albeit the same). When entered manually this is NOT detected as a change. Is this the same via the API route (if it does actually record in the audit trail). Sometimes Intune does update a field eg 'last logged on user' (will only change occasionally) or 'last seen date' (which will change quite frequently). I can see that for some fields we would want to see the history of changes. So is it possible to switch the audit on/off for fields updated via the API? We have 1 field which will be updated with the current system date whenever the integration runs. So that is definitely a change and we really don't want that appearing in the audit trail every night! Link to comment Share on other sites More sharing options...
Victor Posted January 28, 2021 Share Posted January 28, 2021 On 1/27/2021 at 10:22 AM, Frank Reay said: when I update records via the API route (using my CMD prompt) that this is not recorded as a change @Frank Reay depends on what APIs are you using and how... Link to comment Share on other sites More sharing options...
Frank Reay Posted January 28, 2021 Author Share Posted January 28, 2021 @Victorso how do I find out what each API route actually does or does not update in the Audit trail? Link to comment Share on other sites More sharing options...
Victor Posted January 28, 2021 Share Posted January 28, 2021 @Frank Reay if you use Asset entity APIs then is very likely they will do the audit as they have this built-in. If you use APIs from the data service directly then is very unlikely they will do the audit (since they are not app aware). If you can tell me which APIs you use to update asset records I can tell you if the do the audit or not and which one you can possibly use to have the audit recorded. Link to comment Share on other sites More sharing options...
Frank Reay Posted January 28, 2021 Author Share Posted January 28, 2021 Thanks @Victor This is what I meant by the 'API route via using my CMD Prompt' route (which does not seem to generate an update item in the audit trail):https://wiki.hornbill.com/index.php/CSV_Asset_Import And this is what I meant by the 'automated route for use from a discover tool': Database Asset Import - Hornbill Link to comment Share on other sites More sharing options...
Victor Posted January 28, 2021 Share Posted January 28, 2021 @Frank Reay ah, I understand. Indeed, creating and updating assets using either of these tools will not create an audit record. The tools do not use the Asset entity APIs, they use the data service APIs to create and update the asset record. On 1/27/2021 at 10:22 AM, Frank Reay said: Can you confirm if that will be the same with the automated import from a discovery tool? It depends what APIs this automated import from discovery tool is/will use. On 1/27/2021 at 10:22 AM, Frank Reay said: Most fields will not be updated as the info will be static. However the API will still inject the data (albeit the same). When entered manually this is NOT detected as a change. Is this the same via the API route (if it does actually record in the audit trail) The tool will not check if the "new" data already exists and skip the update if it does. The way it works is that the tool will prepare an API payload for updating the record. Then it will invoke the data service API to update this record. Now, the data service API has a built in mechanism to reject the update if the values are not new. So from this perspective, the answer is no, it will not inject the same data. The tool will pass the same data which will be refused by the data service. When updating manually the UI "knows" if you are inputting new values therefore it will allow or prevent the user performing the update. On 1/27/2021 at 10:22 AM, Frank Reay said: So is it possible to switch the audit on/off for fields updated via the API? The import tool (which is what you refer to as "API") does not create an audit record. Link to comment Share on other sites More sharing options...
Frank Reay Posted January 28, 2021 Author Share Posted January 28, 2021 @Victoryep - got there in the end. Thanks for your usual detailed response. Now I have the info, I know where I stand. Link to comment Share on other sites More sharing options...
Frank Reay Posted February 1, 2021 Author Share Posted February 1, 2021 @VictorCan I confirm something please. As mentioned above we are looking at using the Database Asset Import tool (as per the link provided earlier). You seem to refer to this as using the Data Service APIs. You say that the Asset entity APIs are different and would trigger an audit record. So is there anything in the wiki (or elsewhere) about these 'Asset entity API's. I ask because when I look at the Database Asset Import the heading would infer that it is using the Asset Entity APIs. Link to comment Share on other sites More sharing options...
Victor Posted February 1, 2021 Share Posted February 1, 2021 @Frank Reay without going into too much technical detail: Database Asset Import - when creating and updating records it's using entityAddRecord and entityUpdateRecord. These are data service APIs that manipulate data for specific entities (e.g. assets). They don't have any audit capabilities. Asset Manager (via UI) - when creating and updating records it's using createAsset and updateAsset2. These are Service Manager APIs for the Assets entity. They have audit capabilities, specifically for the Assets entity. Important to mention: createAsset and updateAsset are more complex APIs, since they work with data input from the UI (pre-processing). They incorporate entityAddRecord and entityUpdateRecord for manipulating data for the purpose of DB storage. entityAddRecord and entityUpdateRecord are used by the import tool since the API payload is straightforward, there is no processing required as it would be with data from the UI. They are simpler and faster than entity APIs hence they are preferred to be used by an import tool. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now