Jump to content

Asset Management Audit Trail - Updates via API


Frank Reay

Recommended Posts

We will shortly be integrating Intune/Endpoint Manager into Hornbill for our personal devices (maybe every night).

The Audit function is very useful for us but I have noticed that when I update records via the API route (using my CMD prompt) that this is not recorded as a change. Can you confirm if that will be the same with the automated import from a discovery tool? If that is the case then this is 'good' and 'bad'(!) so I am wondering what the thinking was behind this (I totally accept this is a complex area but unfortunately I need to satisfy our auditors with some answers!). In particular...

  • Most fields will not be updated as the info will be static. However the API will still inject the data (albeit the same). When entered manually this is NOT detected as a change. Is this the same via the API route (if it does actually record in the audit trail).
  • Sometimes Intune does update a field eg 'last logged on user' (will only change occasionally) or 'last seen date' (which will change quite frequently). I can see that for some fields we would want to see the history of changes. So is it possible to switch the audit on/off for fields updated via the API? 
  • We have 1 field which will be updated with the current system date whenever the integration runs. So that is definitely a change and we really don't want that appearing in the audit trail every night!
Link to comment
Share on other sites

@Frank Reay if you use Asset entity APIs then is very likely they will do the audit as they have this built-in. If you use APIs from the data service directly then is very unlikely they will do the audit (since they are not app aware). If you can tell me which APIs you use to update asset records I can tell you if the do the audit or not and which one you can possibly use to have the audit recorded.

Link to comment
Share on other sites

@Frank Reay ah, I understand. Indeed, creating and updating assets using either of these tools will not create an audit record. The tools do not use the Asset entity APIs, they use the data service APIs to create and update the asset record.

On 1/27/2021 at 10:22 AM, Frank Reay said:

Can you confirm if that will be the same with the automated import from a discovery tool?

It depends what APIs this automated import from discovery tool is/will use.

On 1/27/2021 at 10:22 AM, Frank Reay said:

Most fields will not be updated as the info will be static. However the API will still inject the data (albeit the same). When entered manually this is NOT detected as a change. Is this the same via the API route (if it does actually record in the audit trail)

The tool will not check if the "new" data already exists and skip the update if it does. The way it works is that the tool will prepare an API payload for updating the record. Then it will invoke the data service API to update this record. Now, the data service API has a built in mechanism to reject the update if the values are not new. So from this perspective, the answer is no, it will not inject the same data. The tool will pass the same data which will be refused by the data service. When updating manually the UI "knows" if you are inputting new values therefore it will allow or prevent the user performing the update.

On 1/27/2021 at 10:22 AM, Frank Reay said:

So is it possible to switch the audit on/off for fields updated via the API?

The import tool (which is what you refer to as "API") does not create an audit record.

Link to comment
Share on other sites

@VictorCan I confirm something please. As mentioned above we are looking at using the Database Asset Import tool (as per the link provided earlier). You seem to refer to this as using the Data Service APIs. You say that the Asset entity APIs are different and would trigger an audit record. So is there anything in the wiki (or elsewhere) about these 'Asset entity API's.

I ask because when I look at the Database Asset Import the heading would infer that it is using the Asset Entity APIs. 

 

Link to comment
Share on other sites

@Frank Reay without going into too much technical detail:

  • Database Asset Import - when creating and updating records it's using entityAddRecord and entityUpdateRecord. These are data service APIs that manipulate data for specific entities (e.g. assets). They don't have any audit capabilities.
  • Asset Manager (via UI) - when creating and updating records it's using createAsset and updateAsset2. These are Service Manager APIs for the Assets entity. They have audit capabilities, specifically for the Assets entity.

Important to mention:

  • createAsset and updateAsset are more complex APIs, since they work with data input from the UI (pre-processing). They incorporate entityAddRecord and entityUpdateRecord for manipulating data for the purpose of DB storage.
  • entityAddRecord and entityUpdateRecord are used by the import tool since the API payload is straightforward, there is no processing required as it would be with data from the UI. They are simpler and faster than entity APIs hence they are preferred to be used by an import tool. 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...