Axonius 6.1 Ongoing Adapter and Enforcement Action Updates

The following includes new Adapters and Enforcement Actions and ongoing updates to Adapters and Enforcement Actions as they are added to Axonius 6.1

• View full information about new and updated features in Axonius 6.1

New Adapters

The following new adapters were added:

• 3Play Media
  • 3Play Media offers video accessibility services through transcription, captioning, and audio description. (Fetches: Users) (6.1.1.0)
• Abnormal Security
  • Abnormal Security is an email security provider that helps companies protect against targeted email attacks. (Fetches: Users) (6.1.8.0)
• A Cloud Guru
  • A Cloud Guru is an online learning platform that specializes in teaching cloud computing and related technologies. (Fetches: Users) (6.1.0.0)
• Acronis
  • Acronis is a backup solution providing data protection and recovery for servers and endpoints. (Fetches: Devices) (6.1.12.0)
• Action1
  • Action1 is a cloud-based platform that automates patch management and vulnerability remediation. (Fetches: Devices) (6.1.5.1)
• Akamai CDN Cloud
  • Akamai CDN Cloud is a content delivery network that accelerates web and video content delivery globally. (Fetches: Users) (6.1.12.0)
• Amplitude
  • Amplitude is a digital analytics platform that tracks and analyzes user behavior across various platforms. (Fetches: Users) (6.1.1.0)
• Anecdotes
  • Anecdotes is a compliance management platform. (Fetches: Devices) (6.1.0.2)
• Apple App Store Connect
  • Apple App Store Connect is a platform for developers to manage, release, and report on their iOS apps. (Fetches: Devices) (6.1.0.3)
• Arnica.io
  • Arnica.io is a cloud-based security platform that scans APIs to identify vulnerabilities. (Fetches: Devices) (6.1.14.0)
• Atlassian Access
  • Atlassian Access is an identity and access management solution for controlling user access to applications and resources. (Fetches: Users) (6.1.11.2)
• Atlassian Confluence
  • Atlassian Confluence provides information on Confluence entities, like pages and blog posts, spaces, users, groups, and more. (Fetches: Users) (6.1.1.0)
• Azure DevOps (On-Prem)
  • Azure DevOps (On-Prem) is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. (Fetches: Users, Groups) (6.1.10.4)
• Cisco Common Service Platform Collector (CSPC)
  • The Cisco Common Service Platform Collector (CSPC) is an SNMP-based tool that discovers and collects information from the Cisco devices installed on companies' networks. (Fetches: Devices) (6.1.6.0)
• Citrix Application Delivery Management (ADM)
  • Citrix Application Delivery Management (ADM) is a platform enabling automation, orchestration, management, and analytics across hybrid multi-cloud environments. (Fetches: Devices) (6.1.7.0)
• Claroty Cloud
  • Claroty Cloud is a cyber-physical security (CPS) platform for IoT security. (Fetches: Devices) (6.0.18.8)
• CyberArk Privilege Cloud
  • CyberArk Privilege Cloud is a privileged access management (PAM) solution for securing, managing, and monitoring privileged accounts. (Fetches: Users) (6.1.12.0)
• CyberGRX (Global Risk Exchange)
  • CyberGRX (Global Risk Exchange) is a collaborative risk exchange platform for managing third-party cyber risk assessments. (Fetches: Devices) (6.1.10.0)
• DeviceTotal
  • DeviceTotal is an agentless attack surface management solution. (Fetches: Devices) (6.1.8.0)
• Dialpad
  • Dialpad is a cloud-based communication and collaboration platform for voice, video, and messaging. (Fetches: Users) (6.1.10.7)
• Docker Engine
  • Docker Engine is an open-source containerization technology that helps development teams build and manage applications. (Fetches: Devices) (6.1.5.0)
• EcoStruxure IT Advisor (Electric EcoStruxture)
  • EcoStruxure IT Advisor (Schneider Electric) is asset and planning software that facilitates OpEx management. (Fetches: Devices) (6.1.10.0)
• Efecte
  • Efecte is an IT service management (ITSM) and collaboration platform with a focus on SaaS security and configuration management. (Fetches: Devices) (6.1.4.0)
• Exabeam Cloud
  • Exabeam Cloud is a cloud-based Security Information and Event Management (SIEM) solution. (Fetches: Devices) (6.1.12.0)
• FireMon Asset Manager
  • FireMon Asset Manager is a network visibility solution for cyber situational awareness and compliance monitoring. (Fetches: Devices) (6.1.6.0)
• FortiCloud
  • FortiCloud is a cloud-based platform offering compliance, security and management services for Fortinet solutions. (Fetches: Devices) (6.1.8.0)
• IBM Turbonomic
  • IBM Turbonomic is a performance and cost optimization platform for public, private, and hybrid cloud. (Fetches: Users) (6.1.11.0)
• JFrog Xray
  • JFrog Xray is a software composition analysis (SCA) tool that scans software artifacts for security vulnerabilities, open source license compliance, and software quality. (Fetches: Devices) (6.1.10.0)
• Lattice
  • Lattice is a people management platform that allows human resources teams to engage employees and measure performance. (Fetches: Users) (6.1.13.0)
• LeanIX
  • LeanIX is a cloud-based software platform that helps companies manage and optimize their IT infrastructure and applications. (Fetches: Devices) (6.1.6.4)
• Microsoft Teams
  • Microsoft Teams is a workspace for real-time collaboration and communication, meetings, file and app sharing. (Fetches: Devices) (6.1.11.0)
• Mimecast - V2
  • Mimecast provides a mail management system designed to protect email, ensure access and simplify the tasks of managing email. (Fetches: Users) (6.1.1.0)
• Nautobot
  • Nautobot is a network documentation and automation platform for managing network resources. (Fetches: Devices) (6.1.8.2)
• Netreo
  • Netreo is an IT infrastructure monitoring platform. (Fetches: Devices) (6.1.5.1)
• Nexthink Query Language (NQL)
  • Nexthink Query Language (NQL) is a programming language developed by Nexthink for querying data from its platform. (Fetches: Devices, Users) (6.1.3.2)
• Onapsis
  • Onapsis cybersecurity solutions automate the monitoring and protection of SAP and Oracle applications. (Fetches: Devices) (6.1.11.0)
• Oracle Identity and Access Management (IAM)
  • Oracle Identity and Access Management (IAM) is a software suite that enables enterprises to manage and automate user identities. (Fetches: Users) (6.1.10.0)
• PowerDNS
  • PowerDNS is an open-source DNS server program, offering both authoritative and recursive DNS services. (Fetches: Devices) (6.1.1.3)
• Proxyclick
  • Proxyclick App is a visitor management system that helps companies digitize the check-in process for employees, contractors, and visitors. (Fetches: Users) (6.1.0.3)
• Qualys VMDR OT
  • Qualys VMDR OT is a cloud-based platform for asset inventory and vulnerability management of critical industrial infrastructure. (Fetches: Devices) (6.1.5.0)
• RemotePC
  • RemotePC is a tool for remote access and control of computers and devices. (Fetches: Devices, Users) (6.1.5.2)
• SolarWinds Pingdom
  • SolarWinds Pingdom is a website and server monitoring tool that helps organizations track the uptime, performance, and availability of their web-based applications and services. (Fetches: Users)
• SPEKTRA
  • NTT SPEKTRA (Sentient Platform for Network Transformation) is a managed network services platform. (Fetches: Devices) (6.1.0.2)
• Tangoe Managed Mobility Services (MMS)
  • Tangoe Managed Mobility Services (MMS) provides end-to-end mobile lifecycle management. (Fetches: Devices, Users) (6.1.6.0)
• Trace3 LAMP
  • Trace3 Technology Lifecycle Management Platform (LAMP) is an IT Asset Management (ITAM) platform. (Fetches: Devices) (6.1.4.2)
• UnifiedFX PhoneView
  • UnifiedFX PhoneView is a Cisco Preferred Solutions Partner which offers Cisco Phone Management Software. (Fetches: Devices) (6.0.18.8)
• Veritas NetBackup
  • Veritas NetBackup is an enterprise backup solution offering data management, automation, artificial intelligence, and elastic architecture. (Fetches: Devices) (6.1.2.2)
• Windows Server Update Services (WSUS) SQL
  • Windows Server Update Services (WSUS) - SQL, previously Software Update Services (SUS), enables administrators to manage the distribution of updates and hotfixes released for Microsoft products. (Devices) (6.1.1.0)
• Zscaler Client Connector
  • Zscaler Client Connector enables secure access to business applications from any device. (Fetches: Devices) (6.0.18.8)

Updated Adapters

The following adapters were enhanced:

• Abnormal Security - Email Domain was added to connection parameters. (6.1.14.0)

• Absolute - Added the option to fetch only the latest installed app version of devices. (6.1.13.0)

• Adobe Acrobat Sign

  • Added the option to fetch full data per user. (6.1.5.0)
  • Added the capability to enter a comma-separated list of users to filter with specified user statuses. (6.1.5.0)

• Airlock Digital - Added the option to fetch information about group policies. (6.1.3.0)

• Aruba ClearPass - Added the option to set endpoint devices as network infrastructure devices. (6.1.1.5)

• AssetPanda

  • Added the option to parse the invoice number. (6.1.8.0)
  • Added the option to parse the PO number. (6.1.8.0)
  • Added the option to parse the employee status field. (6.1.8.0)

• AWS

  • Added the option to split subnets of a VPC network into individual assets. (6.1.3.0)
  • Added the option to fetch CloudFormation Stacks as assets. (6.1.4.0)
  • Added the option to fetch AWS step functions as assets. (6.1.4.0)
  • Added the option to fetch AWS Service Catalogs as assets. (6.1.4.0)
  • Added the option to fetch CloudWatch Alarms as assets. (6.1.4.0)
  • Added the option to fetch the Kinesis Data analytics as devices. (6.1.5.0)
  • Added the option to fetch Direct Connect data assets associated with Network Services. (6.1.6.0)
  • Amazon Route 53 DNS records can now be fetched as Network Service assets (6.1.11.0)

• Axonius Network Discovery - Added the capability to configure how to fetch certificates, either
  in normal fetch, background fetch or not all. (6.1.10.0)

• Axonius Users - Added the capability to enter a number of days to retrieve all activity logs for that user in that time range. (6.0.0.1)

• Azure DevOps - Added the option to fetch the Git Repositories from the projects in Azure DevOps. (6.1.8.0)

• BambooHR

  • Added the capability to enter the name of the LOA employee table to fetch from. (6.1.0.0)
  • It is now possible to fetch data from more than one table. (6.1.10.0)

• BigFix Compliance Analytics (formerly SCA) - Added the capability to enter a comma-separated list of checklist IDs to fetch from. (6.1.8.0)

• BitSight Security Ratings - Added the option to fetch company assets. (6.1.8.0)

• BloodHound - Added support for SaaS instances of BloodHound. (6.1.5.0)

• Cisco DNA Center

  • Added the option to fetch additional devices from the default “Client Detail” report. (6.1.4.0)
  • Users can now configure the “Client Detail” report by name. (6.1.5.2)

• Cisco Identity Services Engine (ISE) - Added the option to add authentication status data for each fetched endpoint. (6.1.15.0)

• Cisco Intersight

  • Added the option to fetch chassis devices as assets. (6.1.12.0)
  • Added the option to fetch SAN switches as assets. (6.1.12.0)

• Cloudflare DNS - Added the option to fetch certificates. (6.1.13.0)

• Cloudflare Zero Trust

  • Added the option to add subdomain data for each device. (6.1.5.0)
  • Added the option to add policy data for each user. (6.1.5.0)

• Code42 Incyder - Added the option to ignore devices fetched from Code42 with the values “Deactivated” or “Blocked” in the status field. (6.1.4.0)

• CrowdStrike Falcon - Added the option to enable the parsing of vulnerability descriptions (disabled by default). (6.0.19.3)

• CrowdStrike Falcon Discover

  • Added the capability to only fetch applications used in the selected amount of days. (6.1.1.2)
  • Added the option to configure a pattern to apply to an interface alias in order to identify a historical IP address and record it separately from current IP addresses. (6.1.2.0)
  • Added the capability to filter devices by their discoverer count field. (6.1.6.0)

• CrowdStrike Falcon Identity Protection (Preempt)

  • Added the option to rename risk factors. (6.1.9.0)
  • Added the option to exclude devices with the risk factor type of 'UNMANAGED_HOST'. (6.1.11.0)

• CSV - Added the option to allow the system to support assets with empty fields. If an asset was created with a field that contained a value, when the CSV file subsequently contains an empty field with the same name, the device or user asset will display that field without a value in it. (6.1.15.2)

• CyberArk Alero

  • Tenant ID and Service Account JSON were added to connection parameters. (6.1.4.0)
  • API Key was removed from connection parameters. (6.1.4.0)

• CyberArk Privileged Account Security

  • Added the option to fetch the activities for each account. (6.1.0.0)
  • Added the option to fetch additional data about each account. (6.1.0.0)
  • Added support for OAuth2 authentication. (6.1.4.0)
  • Added the option to parse the domain value as an associated device. (6.1.10.0)

• Darktrace - Added the capability to select the types of devices to fetch. (6.1.5.0)

• Dell OpenManage Enterprise - Added the option to fetch warranties of each device. (6.1.11.0)

• Duo Beyond

  • Added the option to not fetch phones as devices. (6.1.10.0)
  • Added the option to fetch users with the Telephony Logs by phone number. (6.1.14.0)

• Dynatrace - Added the option to categorize devices under different asset types. (6.1.12.0)

• Eagle Eye Networks - Added the option to enrich the device with extra device information. (6.1.4.0)

• FireMon Security Manager - Added the option to try to parse SyslogMatch Names as IP addresses or serial numbers. (6.1.9.0)

• FortiClient EMS - Added support for cloud version of FortiClient EMS. (6.1.9.0)

• Fortinet FortiGate - Added the option to fetch VPN SSL sessions as Devices. (6.1.0.0)

• Forward Networks - Added the option to use the networks API to fetch devices. (6.1.13.0)

• Freshservice - Added the option to fetch device relationships from Freshservice. (6.1.7.0)

• GoDaddy

  • Added support for the GoDaddy v2 API. (6.1.2.0)
  • Added support for certificates as assets. (6.1.10.0)

• Google Cloud Platform (GCP)

  • Added the option to fetch all Google Cloud Compute Disk Images, Snapshots and Templates. (6.1.2.0)
  • • Added the option to split subnets of a VPC network into individual assets. (6.1.5.0)
  • Added the option to fetch only compute devices that are turned on. (6.1.11.0)

• Google Workspace

  • Added an advanced setting to populate the asset name with the value of the Annotation ID (when the value exists) instead of using the value in the Name field. (6.1.2.2)
  • Added proxy values (Proxy address, Proxy port, Proxy username, and Proxy password) to the adapter connections. (6.1.6.4)
  • Added the option to use the host name as the asset name, when the host name exists. (6.1.9.1)*

• Guardicore - Added the option to fetch full agent information for a device. (6.1.7.0)

• Have I Been Pwned - Added the capability to retrieve all breached accounts associated with a domain. (6.1.9.0)

• Infoblox DDI

  • Added the option to fetch DNS CNAME records. (6.1.5.0)
  • Added the option to fetch DHCP address ranges. (6.1.7.0)
  • Added the option to fetch Infoblox networks as assets. (6.1.11.0)
  • Added the option to fetch shared A records from Infoblox. (6.1.12.0)

• JSON - JSONL format now supported. (6.1.15.1)

• Juniper Junos Space - Added the option to fetch users. (6.1.12.0)

• Kandji - Added the option to fetch devices not yet enrolled. (6.1.7.0)

• Kolide K2 - Added the capability to enrich Kolide devices using a custom report that will be fetched from api/v0/reporting/queries/{query_id}. (6.1.14.0)

• Lakeside SysTrack - Added the option to fetch the local member inventory for each system. (6.1.4.0)

• Linux SSH Scan now supports Solaris. (6.1.6.0)

• Lookout Mobile Endpoint Security - Added the option to use the version 2 of the API, which uses only the API key (without a username or password). (6.1.7.0)

• ManageEngine Endpoint (Desktop) Central and Patch Manager Plus

  • Added the option to fetch vulnerability data (6.1.11.2)

• ManageEngine OpUtils

  • Added the option to fetch assets asynchronously. (6.1.8.2)
  • Added the option to ignore devices without IP to DNS values. (6.1.8.2)

• Mandiant

  • Added the option to fetch entities last seen by the number of days specified. (6.1.5.0)
  • Added the option to use last_seen_after:configured_scan_count query to fetch only active entities. (6.1.5.0)
  • Added the option to add more details to the information fetched per each entity. (6.1.5.0)

• MarkMonitor - Added the option to remove user fetch functionality. (6.1.8.0)

• McAfee ePolicy Orchestrator (ePO)

  • Added the capability to enter values to the list of query IDs to enrich each device. (6.1.6.0)
  • Added the option to fetch COAMS data. (6.1.7.0)

• Microsoft Active Directory (AD) - Added the option to fetch data from Active Directory Sites. (6.1.8.0)

• Microsoft Azure -

  • Tenants added to list of Azure services to fetch as assets. (6.1.11.0)
  • This adapter now supports the asset type ‘Certificate’ (6.1.13.0)
  • Certificates From Key Vaults added to list of Azure services to fetch as assets. (6.1.13.0)
  • Secrets From Key Vaults added to list of Azure services to fetch as assets. (6.1.13.0)

• Microsoft Cloud App Security

  • Added the option to ignore Microsoft Cloud App Security users that do not have a domain field. (6.1.4.0)
  • Added the option to ignore external users. (6.1.10.0)

• Microsoft Defender for Endpoint (Microsoft Defender ATP) - Added the option to only fetch devices with hostname values. (6.1.5.0)

• Microsoft Endpoint Configuration Manager (MECM)

  • Added the option to parse historical compliance status information to the Current Compliance Status field. (6.0.18.8)
  • Added the option to parse the latest compliance status information to the Current Compliance field. (6.0.18.8)
  • Added support for SSL. (6.1.8.0)
  • Added the option to fetch software reported as uninstalled by SCCM. (6.1.9.1)

• Microsoft Entra ID (Azure AD) and Microsoft Intune

  • The name of the 'Microsoft Azure AD and Microsoft Intune' adapter was changed to Microsoft Entra ID (Azure AD) and Microsoft Intune in line with changes by Microsoft. (6.1.1.0)
  • Added the option to fetch autopilot device identities from Intune. (6.1.4.0)
  • Added the option to disable fetch of groups and to list groups not to fetch. (6.1.7.0)
  • Added the option to fetch administrative units as groups. (6.1.1.0)
  • The option to fetch group app roles is now available to Cyber-Security Asset Management, not just SaaS Management. (6.1.11.0)
  • Added the option to enrich mobile devices from Intune with application data. (6.1.1.0)
  • Added the option to fetch role eligibility schedule instances of groups. (6.1.13.0)

• Microsoft SCOM - Added support for SSL. (6.1.9.0)

• Mist - This adapter now fetches users (note that only admin users are fetched). (6.1.14.0)

• NetBrain - NetBrain Domain Name and NetBrain Tenant Name were added to the connection parameters. (6.1.4.0)

• Netskope - Added permissions for endpoints that are required in order to use API V2. (6.1.3.0)

• NTT Application Security - The name of the 'WhiteHat' adapter was changed to NTT Application Security.

• Nucleus Security - Added the capability to enter a list of project IDs to specify which projects you want to fetch from. (6.1.15.0)

• Okta -

  • Added the option to specify a list of data fields to exclude from the fetch. (6.1.10.0)
  • Added the option to fetch security logs based on security.request.blocked and security.threat.detected events. (6.1.7.0)
  • Added the option to fetch user information to populate in the relevant device-specific fields. (6.1.7.0)

• Oracle Cloud - Added the capability to enter a comma-separated list of tag keys to be saved as fields. (6.1.8.0)

• Oracle Enterprise Manager - Added the capability to enter a comma-separated list of devices with specified type names to be fetched. (6.1.4.2)

• Orca Cloud Visibility Platform - Added the option to parse all Orca tags as fields. (6.1.6.0)

• OneLogin - Added the 'SSO Provider' option. (6.1.6.0)

• Palo Alto Networks Cortex XDR - Added the option to fetch the device serial number. (6.1.14.0)

• Palo Alto Networks Cortex Xpanse

  • Added the option to categorize devices into different asset categories using their asset type. (6.1.11.0)

• Palo Alto Networks IoT Security (Zingbox)

  • Added the option to fetch vulnerabilities. (6.1.10.0)

• Palo Alto Networks Panorama

  • Added the option to connect NAT firewall rules (public to private IPs only) with Network assets. (6.1.6.0)
  • Added the option to connect Access firewall rules (from untrust sources) with Network assets. (6.1.6.0)

• Palo Alto Networks Prisma Cloud

  • Added the capability to select how many days of alerts to fetch into devices. (6.1.7.0)
  • Added the option to add the heuristicSearch: true parameter to the request. (6.1.8.0)
  • Added the capability to enter a comma-separated list of account names to fetch from. (6.1.12.0)
  • Added the option to not include resource JSON. (6.1.12.0)

• PaperCut - API Health Token added to connection parameters. (6.1.3.1)

• Proofpoint Endpoint DLP - Added the option to use the latest version of the API. (6.1.2.0)

• PRTG Network Monitor - Added support for API Token. (6.1.14.0)

• Qualys Cloud Platform

  • Added the option to fetch Web Applications. (6.1.5.0)
  • Added the capability to enter Qualys tags to skip device ingestion. (6.1.11.0)

• Rapid7 InsightCloudSec - Added the option to fetch Insight findings. (6.1.11.1)

• Rapid7 InsightIDR - Added the option to use the FQDN as a Host Name for devices. (6.1.1.2)

• Rapid7 Nexpose Warehouse

  • Added the option to utilize complex queries to fetch data from the database. (6.1.6.0)
  • Added the capability to fetch only devices and corresponding information if they were seen by Rapid7 Nexpose Warehouse in the number of days set. This allows the system to pull a recent history of the devices rather than the entire system history every fetch. (6.1.6.0)

• Red Hat Automation Controller (Ansible Tower)

  • Added the option to enable using the device name for the asset ID. (6.1.10.0)
  • Added support for API Token. (6.1.12.0)

• Red Hat Insights - Added the option to use API authentication for this adapter. (6.1.4.0)

• RedSeal - Added the option to fetch metrics data. (6.1.14.0)

• SailPoint IdentityNow - Added the capability to enter a list of private attributes to include with the users. (6.1.13.0)

• Salesforce

  • Added the option to fetch new audit logs: URI and Lightning URI events. (6.1.3.2)
  • Added the option to use the http://login.salesforce.com URL for login in instead of sub-domain.salesforce.com. (6.1.14.0)

• SAP Concur 4.x - Refresh Token is now used in the adapter connection instead of Company ID and Company Auth Token. (6.0.10.2)

• ScienceLogic - Added the option to ingest all ScienceLogic custom fields.

• Secureworks Taegis XDR (Red Cloak TDR) - Added the capability to enter a list of tags to filter. (6.1.7.0)

• SentinelOne

  • Added the option to remove old tags that are no longer being fetched from SentinelOne. (6.1.6.0)
  • Added the option to fetch only the version with the most recent installed date for each software.(6.1.8.0)
  • Added the option to fetch only the latest installed app. (6.1.9.0)
  • Added the option to ignore vulnerabilities of software detected as an ubuntu package. (6.1.10.0)

• ServiceNow

  • Added the option to fetch active extensions. (6.1.3.2)
  • Added the ability to fetch the Application Settings SaaS Data from Script Action, Email Filter, and Antivirus settings. (6.1.5.3)
  • Added the option to extract the correct software name and version when the field fetched by ServiceNow does not contain this correctly. (6.1.8.0)
  • Added the option to fetch active model lifecycle information from the cmdb_hardware_model_lifecycle table and parse it as a list object named “Model Lifecycle”. (6.1.12.0)

• SharePoint

  • Added the option to fetch sites as Application Resource assets instead of devices. (6.1.5.0)
  • Added the option to fetch site permissions.(6.1.10.7)

• SolarWinds Network Performance Monitor

  • Added the option to select the IPAM devices to fetch according to their status. (6.1.3.2)
  • Added the option to fetch stack members. (6.1.13.0)
  • Added the option to fetch dependencies information. (6.1.15.0)

• Sophos Endpoint Protection - Added support for the Sophos Central APIs and the Sophos Endpoint API. This included updating the connection screen to use Client ID and Client Secret and adding Required Permissions. (6.1.9.3)

• Stairwell - Added the option to parse the hostname and serial number if there are spaces surrounding the hyphen in the asset name for macOS devices. (6.1.11.0)

• Tanium Comply - Added the option to fetch installed software. (6.1.11.0)

• Tenable.asm - Added the capability to enter a list of tags to filter. (6.1.3.0)

• Tenable Identity Exposure (formerly Tenable.ad) - API Secret no longer required for configuration. (6.1.1.0)

• Tenable.io - Added the option to use the most recent CVSS version as the CVSS Score. (6.1.12.0)

• Tenable.sc

  • Added the option to fetch devices from mobile repositories. (6.0.19.4)
  • Added the option to use CVE dates for the device last seen calculation. (6.1.9.0)
  • Added the capability to enter a number of days to only fetch vulnerabilities from that number of days back. (6.1.15.0)

• Velociraptor - Added the option to use FQDN as the hostname. (6.1.12.0)

• VMware Workspace ONE (AirWatch) - Added the option to fetch Smart Groups. (6.1.2.3)

• Vulcan - Added the option to fetch vulnerabilities. (6.1.1.4)

• WhatsUp Gold

  • Added the option to fetch additional device attributes from the endpoint WhatsUp Gold Device_FindAttributes API. (6.1.7.0)
  • Added the option to fetch device credentials from the endpoint WhatsUp Gold Device_Credentials API. (6.1.7.0)
  • Added the capability to enter a number of months to fetch data on the state of the device as well as the uptime of the device's power supply from the endpoint WhatsUp Gold DeviceReport_DeviceStateChangeReport API. (6.1.7.0)

• WhiteHat - Added the capability to set the number of assets to fetch in the API response from the WhiteHat API. (6.1.4.0)

• Wiz

  • Added the capability to filter vulnerabilities by detection method. (6.1.9.3)
  • Added the option to fetch installed software. (6.1.11.0)

• Wiz Reports - Additional fields are now supported for the Hosted Technology report. (6.1.12.1)

• Workday

  • Added the option to create users only from the custom report data. (6.1.1.0)
  • Added the option to include custom organization data. (6.1.3.3)
  • Added the option to fetch application settings. (6.1.3.3)
  • Tenant Login URL, Read Only Admin Username/Password, and 2FA Secret Key added to connection parameters. (6.1.3.3)
  • Added the option to fetch only application settings. (6.1.6.0)

• Zabbix - Added the option to set hostnames from the relevant item in the inventory section that has a hostname. (6.1.9.0)

• ZeroFox - Added the option to use API Key authentication for this adapter. (6.1.9.0)

• Zerto ZVM - Added the option to fetch only protected VMs. (6.1.9.0)

• Zoom - Added the option to fetch application settings and licenses for accounts with Axonius SaaS Management. (6.1.11.0)

• Zscaler Client Connector

  • Added a default value for Host name or IP address. (6.1.1.5)
  • Added the capability to enter the maximum rate of requests per hour by Axonius to the Zscaler server.

• Zscaler Web Security

  • Added the option to include devices that have the Linux operating system on the device fetch. (6.1.3.2)
  • Added the option to not fetch SaaS application users. (6.1.4.0)
  • Added the capability to enter the maximum rate of requests per hour by Axonius to the Zscaler server. (6.1.11.0)

• Zscaler ZDX - Added the capability to enter the maximum rate of requests per hour by Axonius to the Zscaler server. (6.1.11.0)

For more details:

• Explore the entire list of supported and integrated adapters.

New Enforcement Actions

The following Enforcement Actions were added:

• Change Policy - VMware Carbon Black App Control(6.1.6.0) - Changes the VMware Carbon Black Cloud (Carbon Black CB Defense) policy assigned to each asset.
• Cisco Identity Services Engine (ISE) - Apply Policy to Devices (6.1.0.3) - Applies policies to devices.
• Create new case (6.1.13) - Automates Case creation, creating an ongoing Case on assets resulting from the query, and optionally on added query results only.
• Google Workspace - Activate User (6.1.9.0) - Activates the Google Workspace account for each asset that matches the parameters of the selected query or selected assets.
• Google Workspace - Suspend User (6.1.9.0) - Deactivates the Google Workspace account for each asset that matches the parameters of the selected query or selected assets.

• Jira Service Management - Remove Insight Asset (6.1.8.0)

• Microsoft Entra ID (Azure AD) - Create Role (6.1.7.0)

• Microsoft Entra ID (Azure AD) - Update Role (6.1.7.0)

• Microsoft Entra ID (Azure AD) - Delete Role (6.1.7.0)

• Okta - Create User (6.1.5.0)

• Okta - Create Group (6.1.5.0)

• Okta - Update Group (6.1.5.0)

• Okta - Delete Group (6.1.5.0)

• Okta - Update User (6.1.5.0)

• Okta - Create Role (6.1.5.0)

• Okta - Update Role (6.1.5.0)

• Okta - Delete Role (6.1.5.0)

• Snow Software Asset Management - Send Software XML to SCP.

• TeamDynamix - Create or Update Asset - Creates and updates assets in TeamDynamix. (6.1.7.0)

• Update Zendesk Tickets - Enables updating tickets, which have specific ticket IDs. (6.1.9.1)

• Wiz - Add Tags to Assets - Correlates and adds tags to assets in Wiz. (6.1.5)

• Zendesk - Create Custom Object per Asset - Creates a custom object per asset in Zendesk for each asset that matches the parameters of the selected query or assets selected in one of the asset tables. (6.1)

Updated Enforcement Actions

The following Enforcement Actions were updated:

• Axonius - Send Email to Assets - Added the fields From to customize the sender email address and Reply-To to enable sending an email reply to an email address other than the sender email address.(6.1.9.0)

• Axonius - Send Email per Asset - Added the fields From to customize the sender email address and Reply-To to enable sending an email reply to an email address other than the sender email address.(6.1.9.0)

• Axonius - Deploy Files and Run Shell Command on Windows Assets - Added the field Replace command variables with Axonius fields that allows values from assets to be used in the Windows command. (6.1.2.0)

• AWS - Send CSV to S3 - Updated the Export Method field. (6.1.3.2)

• CSV - Send to SCP - Updated the Export Method field. (6.1.3.2)

• CSV - Send to Share - Updated the Export Method field. (6.1.3.2)

• CSV - Send to SFTP - Updated the Export Method field. (6.1.3.2)

• Microsoft Azure AD - Enforcement Actions renamed to Entra ID to reflect the name change in Microsoft. (6.1.1.0)

• Entra ID (Azure AD) - Forward Email Rule - Added the ability to remove an email address from the rule. (6.1.1.2)

• Updated the Freshservice Enforcement Actions with a note regarding case sensitivity of field names in Freshservice.

  • Creating a Freshservice Ticket Using Axonius
  • Freshservice - Create Ticket per Asset
  • Freshservice - Create Assets
  • Freshservice - Update Assets

• Google Workspace - Add Users

  • It is possible to use the Enforcement Action to create a single Google Workspace user from scratch, in addition to the already existing method of creating single/multiple assets from existing assets (Clone operation). (6.1.6.0)
  • The Google Workspace Users have new fields - First Name, Last Name, Email, and Username. (6.1.6.0)
  • There is a new option to auto-generate passwords, in addition to the already existing manually entered passwords. (6.1.6.0)

• Google Workspace - Add Users to Group - Added ability to create a single Google Workspace user from scratch with new fields (First Name, Last Name, Email, and Username) and auto-generate passwords. (6.1.1.7)

• Jira Service Management - Create Ticket and Jira Service Management - Create Ticket per Asset - Changed the name of these Enforcement actions from "Issue" to "Ticket". (6.1.3.0)

• PagerDuty - Create Incident - Added 'Requester Email' field. (6.1.3.2)

• GSuite Enforcement Actions Renamed to Google Workspace (6.1.1.3)

  • The following Enforcement Actions were renamed from GSuite to Google Workspace:
    • Google Workspace - Add Users
    • Google Workspace - Add Users to Group
    • Google Workspace - Change Users OU
    • Google Workspace - Delete Extension
    • Google Workspace - Remove Users
    • Google Workspace - Remove Users From Group
    • Google Workspace - Reset Users Logon Cookies
    • Google Workspace - Role Assignments Actions
    • Google Workspace - Send Message

• SentinelOne - Add or Remove Tag to/from Assets - Added required permissions information.

• Zendesk - Create Ticket and Zendesk - Create Ticket Per Entity - Added the ability to add any field to the ticket with the Additional Fields field. (6.1.0.2)

• SharePoint - Send CSV - Required Permissions, APIs, and Required Ports were added to the documentation.