-
Notifications
You must be signed in to change notification settings - Fork 0
Understanding Output
Colby Farley edited this page Apr 4, 2026
·
1 revision
AzureFox writes table, JSON, CSV, and loot artifacts from the same underlying model output. That means the formats are different views of the same collected result, not separate collectors.
-
--output tablefor quick operator reading in the terminal -
--output jsonfor structured review and automation -
--output csvfor spreadsheet-style inspection
Example:
azurefox --outdir ./azurefox-demo whoami --output jsonAll commands write under <outdir>/:
loot/<command>.jsonjson/<command>.jsontable/<command>.txtcsv/<command>.csv
all-checks also writes:
run-summary.json
run-summary.json is orchestration metadata for all-checks.
It tells you which commands ran and where their artifacts were written.
It is not a separate evidence source.
- Start with terminal table output for quick triage.
- Open the JSON artifact when you want the exact structured result.
- Use the table or CSV files later if you want saved views outside the terminal.
- For
all-checks, userun-summary.jsonto jump into the per-command artifacts.
- JSON output is deterministic.
- Table output should not invent fields that are absent from the JSON contract.
- Schema files under
schemas/and snapshots undertests/golden/are the regression baseline.
If you need the versioned contract details, use the repo docs rather than the wiki:
docs/output-contracts.mddocs/api-mapping/
- Home
- Getting Started
- Platform Notes
- Running Against The Proof Lab
- Understanding Output
- Command Guides
Core
Identity
Config
Secrets
Storage
Resource
Compute
Investigations
- Axios - Post Exposure Azure Triage
- FAQ / Known Limits (coming soon)