Skip to content

ASP CLI

ASP CLI provides the asp command for analysts, automation scripts, and skill-aware agents to access ASP from the command line. It supports authentication, resource queries, comments and files, Playbook execution, SIEM queries, threat intelligence, CMDB lookups, and other common tasks. It is also the stable command boundary used by Skills to call the ASP Agent Operations API.

Install

Install pipx first.

macOS

bash
brew install pipx
pipx ensurepath

Linux

bash
python3 -m pip install --user pipx
python3 -m pipx ensurepath

Windows

powershell
scoop install pipx
pipx ensurepath

For more detailed installation instructions, see the full pipx documentation.

Install ASP CLI with pipx:

powershell
pipx install asp-cli

After installation, check the command help:

powershell
asp --help

Login and verify

Log in with your ASP URL and personal API key:

powershell
asp auth login --api-url https://asp.example.com --api-key asp_xxx

Verify local configuration and server connectivity:

powershell
asp doctor --output json

Output format

The default output is optimized for human reading. For scripts, automation, and Skills, prefer explicit JSON output:

powershell
asp case list --output json

Common features

ScenarioCommon commandsPurpose
Auth and configurationasp auth status, asp doctorCheck the current login state and server connectivity.
Case / Alert / Artifactasp case list, asp case show case_000001, asp alert list, asp artifact show artifact_000001Query core investigation records and related context.
Comment / Fileasp comment list case_000001, asp comment add case_000001 --body "...", asp file upload ./evidence.txt, asp file read-text <file_key>Read discussions, add comments, upload files, or read attachments.
Playbookasp playbook template list, asp playbook run investigation case_000001 --user-input "..."List runnable templates and trigger Case automation tasks.
SIEMasp siem schema list, asp siem search keyword "powershell" --from 2026-07-01T00:00:00Z --to 2026-07-02T00:00:00Z, `asp siem query spl "index=mainhead 10" --from ... --to ...`
Threat Intelligence / CMDBasp ti query 8.8.8.8 --artifact-type IP, asp cmdb lookup IP 10.0.0.5Query IOC reputation and asset context.
Knowledge / Enrichmentasp knowledge search phishing, asp enrichment create artifact_000001 --name "TI result" --value maliciousSearch reusable knowledge or write structured enrichment results.

To let skill-aware agents use these capabilities, continue with Skills.