Release Notes
Back to All

Axonius Release Notes 9.0.1

1 day ago

Release Date: June 29th 2026

These Release Notes contain new features and enhancements added in version 9.0.1

SaaS Applications New Features and Enhancements

The following new features and enhancements were added to SaaS Applications:

Customize Recommended Value Setting

Users can now set their own "custom setting recommended values" to define their own compliance standards for SaaS application settings. When users define their own Custom setting recommended value, that value is used instead of the Axonius default recommendations. In this way, users can adjust compliance status settings based on their own custom recommendations.

Axonius Platform New Features and Enhancements

Dashboard

The following new features and enhancements were added to the Dashboards:

Dashboard Management Enhancements

Set a Saved Filter as a System Default

Users with Edit Dashboard permissions can now set a saved filter as the system default for a dashboard. The default filter automatically applies to users who have not yet selected a specific filter, giving teams a consistent starting view without overriding individual preferences. To set a default, open Saved Filters, hover over a filter, click the 3-dot menu, and select Set as Default. To clear the default, hover over the System Default item, click the 3-dot menu, and select Clear System Default.

System Settings

The following updates were made to various System settings:

Access Settings Updates

SAML: Advanced Mapping for Roles and Data Scopes

Axonius now supports independent mapping of roles and data scopes in SAML configurations. When Advanced Mapping is enabled, two separate tables replace the combined mapping table — one for role assignment and one for data scope assignment — allowing each to match a different SAML claim. This gives organizations the flexibility to assign roles based on one attribute, such as group membership, and data scopes based on another, such as department.

New Adapters

  • Bold Security - Bold Security is an endpoint security platform that provides device inventory, agent status monitoring, and browser extension protection for enrolled organizational endpoints.
  • EasyDNS - EasyDNS is a domain registrar and DNS management platform that provides domain registration, zone management, and DNS record configuration services.
  • Google Threat Intelligence Attack Surface Management (ASM) - Google Threat Intelligence ASM is an attack surface management platform that provides continuous discovery, external asset monitoring, exposure analysis, and threat intelligence context for internet-facing environments. (Fetches: Domains & URLs, Networks, Network Services, Aggregated Security Findings, Installed Software)
  • Lenovo Device Orchestration - Lenovo Device Orchestration is a device management platform that provides AI-driven fleet health monitoring, hardware diagnostics, warranty tracking, and software update orchestration for Lenovo endpoints. (Fetches: Devices, Users)
  • One Identity Safeguard - One Identity Safeguard is a privileged access management solution that provides automated credential vaulting, session monitoring, and access request workflow for managed assets and accounts. (Fetches: Devices)

Updated Adapters

  • Abion:

    • Added new endpoint to fetch domain-specific information including hosts and contacts data.
    • Fixed DNS records parsing to correctly extract record types and values from zone configurations.

  • Abnormal Security

    • This adapter now fetches secrets
    • The Abnormal Security adapter now fetches SOAR tokens as a new data source. This lets you inventory and track the API tokens connecting Abnormal Security to your security automation tools. This new endpoint is configurable and disabled by default.

  • Airlock Digital - Agent version information is now available. The adapter now populates the Agent Versions field for devices, allowing you to track the version of the Airlock Digital Agent installed on each device.

  • Akamai Kona WAF - Added an advanced setting to configure which DNS resolver is used when parsing URL IP addresses. When enabled, hostname resolution uses the operating system DNS configuration instead of the default Quad9 DNS resolver. This can improve fetch performance in environments where local network resources are not accessible from the public internet.

  • Amazon Web Services (AWS)

    • Renamed the advanced setting "Fetch Organizations as assets" to "Fetch Organization Accounts as assets" for clarity.
    • Updated advanced settings titles to be more descriptive and simplified, making it easier to understand the purpose of each setting.

  • Anthropic (Claude) - Updated the adapter to automatically enable the appropriate endpoints based on the selected API Type (Enterprise or Compliance) connection setting.

  • Archer IRM - This adapter now supports fetching Application Settings, which provide visibility into security posture configurations such as password policies, session timeout settings, and account lockout policies. A new advanced setting, Fetch Application Settings, was added to enable this functionality.

  • Arnica.io - The Arnica.io adapter now includes a new optional advanced setting that allows you to filter findings by severity level. This enhancement enables you to focus on specific severity levels (critical, high, medium, low, info, or unknown) when fetching vulnerability and security findings data from Arnica.io, improving query performance and allowing more targeted analysis.

  • Check Point Infinity - Enhanced the adapters’ capabilities for fetching threat profiles. Now, when this option is enabled, the adapter enriches firewall policies with associated threat profiles and mitigated CVEs, providing visibility into which CVEs are actively blocked by Checkpoint's IPS threat prevention system.

  • Cisco Meraki

    • Enabled custom parsing support for devices.

  • Cisco Secure Access - This adapter can now be used in the Agent Coverage Workspace. This enhancement allows you to track and monitor Cisco Secure Access agent deployments across your environment, view agent version information, and identify coverage gaps using Axonius's Agent Coverage analytics.

  • Cisco Webex

    • This adapter now fetches Activities as a new asset type.
    • Added optional advanced settings to enrich user data with role information and OAuth authorizations. These updates enable security teams to track user activity events, monitor admin actions, and gain visibility into OAuth application authorizations within their Webex environment.

  • CloudFlare Zero Trust

    • This adapter now fetches Network Services
    • The Cloudflare Zero Trust adapter now supports fetching tunnel connections as Network Services. This enhancement allows you to retrieve information about Cloudflare tunnels and their active connections, providing visibility into your Cloudflare tunnel infrastructure within Axonius.

  • CrowdStrike Falcon

    • This adapter now fetches AWS ECS Fargate assets as Serverless Functions.

    • The adapter's POD asset configuration settings were restructured to provide more granular control over how assets with POD IDs are parsed.

  • Custom Files - This adapter now fetches Application Settings.

  • CyberArk Endpoint Privilege Manager

    • This adapter now supports Software assets.
    • Added an advanced setting to fetch installed programs and enrich devices with installed software information.

  • CyberArk Idaptive - The CyberArk Idaptive adapter now includes a new advanced setting that allows users to control whether device entities are fetched during discovery.

  • CyberArk Privilege Cloud - Added a configurable Safes page size setting to prevent timeouts when fetching large volumes of safes.

  • CyberArk Privileged Account Security - Added the option to parse devices from user account domain values. You can now enable or disable device creation from account addresses using the new "Parse Device from User Account" advanced setting.

  • Duo Beyond - Account settings are now available. Added support for fetching application-level security settings including password policies, multi-factor authentication requirements, lockout thresholds, and administrative access controls.

  • Freshdesk - This adapter now fetches Tickets.

  • GitHub

    • Added an option to fetch and store SSH keys as Secrets in Axonius.
    • Added an option to fetch repository last login per user.

  • Google Security Operations SIEM - The Google Security Operations SIEM adapter has been updated to provide more flexible UDM query configuration. The Queries advanced setting now accepts a single delimited string instead of a list, and a new Delimiter setting allows you to specify the character used to separate multiple queries.

  • HPE Aruba Networking ClearPass Policy Manager

    • Added the option to skip the per-device async fallback if bulk time-range fetch is not used. This can improve performance by preventing unnecessary per-device API calls.
    • Added the capability to set the number of hours per API segment when fetching extended info by time range.
    • The values for Extended Info Fetch Window (Days) need to be between 0 and 90. Existing configurations with values outside the 0-90 day range will need to be updated to comply with the new constraints.

  • Jamf Pro - Added an option to fetch device compliance information from Jamf's Conditional Access API.

  • Jira Service Management (Service Desk)

    • This adapter now supports [Custom Parsing] for Firewalls.

    • Added support for Groups entity type from Jira Insight.

    • Added support for URLs entity type from Jira Insight.

  • Microsoft Active Directory (AD) - Added the option to fetch printers as Devices.

  • Microsoft Defender for Endpoint (Microsoft Defender ATP)

    • Added an option to include detailed vulnerability information in vulnerability records, such as summary, impact, remediation, and more.

    • Changed the default value for vulnerability aggregation to True.

  • New Relic - Added the option to enrich Windows Services (WIN_SERVICE entities) onto their parent HOST devices instead of creating them as separate device records, improving asset correlation accuracy.

  • NodeZero

    • Added extra fields fetch for MAC address and UUID.
    • Added an advanced setting to fetch network services data for each pentest endpoint.
    • Added support for Active Directory password audit findings. When enabled, the adapter retrieves password audit results from NodeZero pentests, including information about cracked passwords, password strength, and users with similar passwords.

  • Observium - This adapter now fetches Network Devices.

  • OpenText GroupWise - Updated adapter branding from Micro Focus GroupWise to OpenText GroupWise following OpenText's acquisition of Micro Focus. The following four adapters were renamed:

    • Micro Focus GroupWise to OpenText GroupWise
    • Micro Focus SiteScope to OpenText SiteScope
    • Micro Focus Universal CMDB to OpenText Universal CMDB
    • Micro Focus Server Automation to OpenText Server Automation

  • Oracle Cloud - Added support for fetching Vaults, Vault Secret, Keys, and Volume Backup Policy using the generic adapter engine. Each asset type is individually configurable under Advanced Settings → Endpoints Config and is disabled by default.

  • Proofpoint Endpoint DLP - Enhanced the Proofpoint Endpoint DLP adapter to parse additional directory fields from endpoint data. These fields are now automatically extracted from the API response and available for querying in Axonius without requiring any user configuration or action.

  • Qualys Cloud Platform - Added a new advanced setting to fetch software install paths via CSAM API.

  • Rapid7 Nexpose and InsightVM - The boolean setting "Parse Proof and Key Rich Text Fields for vulnerabilities" was replaced with a granular configuration that allows selecting specific vulnerability rich text fields to parse.

  • ServiceNow

    All Relationship settings were consolidated into a dedicated "Relationship enrichment configuration" section with three modes:

    • Disabled - Do not fetch relationships for asset enrichments
    • Fetch always - Fetch relationships every time, even if no assets are being fetched
    • Use cached relationships data (if available).

    This consolidation introduces the ability to persist and reuse cached relationship data across connections, thus reducing fetch time for connections that don't require fresh relationship data.

    • The "Fetch only parsed fields for users" advanced setting was removed and replaced with the Table Schema Mapping functionality, providing more flexibility and granular control over which fields are fetched from any ServiceNow table, including the users table.

  • Tenable Vulnerability Management - Added an option to enable concurrent download mode for vulnerability exports. This option improves fetch performance for large vulnerability datasets by downloading vulnerability export chunks in parallel, while the default serial mode remains available for standard deployments.

  • Tenable.asm - Added the option to ingest device tag names instead of tag IDs, to ensure more human-readable tag information in Axonius queries and reports.

  • Tenable.sc (SecurityCenter)

    • Added an option to fetch cipher inventory data from Tenable Plugin 277652.

    • Added an option to fetch file paths and software versions from Nessus plugins 242325 and 63155.

  • Veeam - Added support for API version 1.3-rev1 for Veeam Backup & Recovery 13. This new API version is available as an additional option in the API Version connection setting dropdown, alongside the existing API versions.

  • Veracode -

    • Added support for Business Applications.
    • The adapter now creates Business Applications from Veracode application profiles when the new "Fetch Business Applications" advanced setting is enabled, providing visibility into application metadata such as business criticality and business unit.

New Enforcement Actions

Updated Enforcement Actions