ASP CLI
ASP CLI provides the asp command for analysts, automation scripts, and skill-aware agents to access ASP from the command line. It supports authentication, resource queries, comments and files, Playbook execution, SIEM queries, threat intelligence, CMDB lookups, and other common tasks. It is also the stable command boundary used by Skills to call the ASP Agent Operations API.
Install
Install pipx first.
macOS
brew install pipx
pipx ensurepathLinux
python3 -m pip install --user pipx
python3 -m pipx ensurepathWindows
scoop install pipx
pipx ensurepathFor more detailed installation instructions, see the full pipx documentation.
Install ASP CLI with pipx:
pipx install asp-cliAfter installation, check the command help:
asp --helpLogin and verify
Log in with your ASP URL and personal API key:
asp auth login --api-url https://asp.example.com --api-key asp_xxxVerify local configuration and server connectivity:
asp doctor --output jsonOutput format
The default output is optimized for human reading. For scripts, automation, and Skills, prefer explicit JSON output:
asp case list --output jsonCommon features
| Scenario | Common commands | Purpose |
|---|---|---|
| Auth and configuration | asp auth status, asp doctor | Check the current login state and server connectivity. |
| Case / Alert / Artifact | asp case list, asp case show case_000001, asp alert list, asp artifact show artifact_000001 | Query core investigation records and related context. |
| Comment / File | asp comment list case_000001, asp comment add case_000001 --body "...", asp file upload ./evidence.txt, asp file read-text <file_key> | Read discussions, add comments, upload files, or read attachments. |
| Playbook | asp playbook template list, asp playbook run investigation case_000001 --user-input "..." | List runnable templates and trigger Case automation tasks. |
| SIEM | asp siem schema list, asp siem search keyword "powershell" --from 2026-07-01T00:00:00Z --to 2026-07-02T00:00:00Z, `asp siem query spl "index=main | head 10" --from ... --to ...` |
| Threat Intelligence / CMDB | asp ti query 8.8.8.8 --artifact-type IP, asp cmdb lookup IP 10.0.0.5 | Query IOC reputation and asset context. |
| Knowledge / Enrichment | asp knowledge search phishing, asp enrichment create artifact_000001 --name "TI result" --value malicious | Search reusable knowledge or write structured enrichment results. |
To let skill-aware agents use these capabilities, continue with Skills.