Release Date: May 3rd 2026

These Release Notes contain new features and enhancements added in version 8.0.23

Axonius Platform New Features and Enhancements

Axonius Introduces: Global Variables

Axonius introduces Global Variables, which provide a centralized way to manage and reference static or dynamic values within the system. A Global Variable is a named, editable value that acts as a system-wide alias for a specific data point, primarily used to establish consistent filters, policy enforcement and standardization across all assets.

Example: Software such as VPN agents, TOR agents, or password managers are often represented in queries as long, complex Regex expressions. If you define the Regex expression as a global variable, then every time the organization’s compliance policy changes, you can update the Regex expression once and apply it to all queries and dashboards pointing to that variable.

Create and manage Global Variables from System Settings > Data Settings.

Dashboard

The following new features and enhancements were added to the Dashboards:

Chart Enhancements

Visualizing Multiple Metrics in Pivot Line Charts

Pivot Line charts now support multi-line configurations. Users can segment lines by dimension or compare multiple measures on the same chart. The Line chart configuration model now aligns with other Pivot visualizations, using a consistent Row and Column structure.

Key improvements:

• Multi-line support - Create Line charts with multiple lines by selecting a dimension in the Dimension Row field to compare trends across categories such as OS, asset type, or status over time.
• Multiple measures - Compare multiple metrics on the same time axis within a single Line chart when no dimension segmentation is applied.
• Consistent configuration - Line chart configuration now follows the same Row/Column model as other Pivot visualizations, reducing complexity when switching between chart types.
• Automatic segmentation limits - When a dimension contains more than 20 values, the chart displays only the top 20 segments based on aggregated metric values.

System Settings

The following updates were made to various System settings:

Enterprise Password Managers

Akeyless Vault- This password manager now supports rotating secrets.

New Network Enrichment Settings

A section titled Network Routes Enrichment Configurations was added to the Network Settings page. Use this section to:

• Exclude specific subnets from Network Routes queries, such as test/development networks, or internal-only subnets
• Control whether assets with outbound internet access are included in the enrichment results

New Adapters

• Adobe Learning Manager - Adobe Learning Manager is a learning management system that provides automated training delivery, compliance tracking, skill development, and learner progress monitoring across enterprise workforces. (Fetches: Users, Groups)

• Alation - Alation is a data intelligence platform that provides data catalog, governance, lineage, and data product capabilities for discovering, understanding, and governing enterprise data. (Fetches: Users, Groups, Application Resources)

• Arctic Wolf Aurora Endpoint Defense - Arctic Wolf Aurora Endpoint Defense is an endpoint protection and detection platform that offers threat prevention, agent management, and device security monitoring. (Fetches: Devices)

• ArmorCode - ArmorCode is an application security posture management platform that provides unified exposure management, vulnerability prioritization, and remediation orchestration across security and development tooling. (Fetches: Business Applications, SaaS Applications, Groups, Users, Aggregated Security Findings)

• Belarc BelManage - Belarc BelManage is an IT asset management and configuration monitoring platform that provides automated discovery, CMDB generation, software license tracking, security configuration visibility, and compliance reporting across enterprise infrastructure. (Fetches: Devices, SaaS Applications, Software)

• F5 rSeries - F5 rSeries is an application delivery controller platform that provides traffic management, security services, and API-driven infrastructure control through F5OS for modern application environments. (Fetches: Devices)

• FortiSASE - FortiSASE is a secure access service edge platform that provides network security, secure web gateway, zero trust access, and traffic inspection for distributed users and devices. (Fetches: Users)

• Genesys Cloud - Genesys Cloud is a cloud-based contact center and customer experience platform that provides omnichannel customer engagement, workforce optimization, and analytics capabilities for organizations managing customer interactions. (Fetches Users, Application Settings)

• Incident.io - Incident.io is an incident management platform that provides on-call scheduling, automated response workflows, and status pages directly within chat applications to streamline engineering operations. (Fetches: Users)

• Nightfall DLP - Nightfall is a DLP (Data Loss Prevention) platform that discovers, monitors, and protects sensitive data across SaaS applications and endpoints via agent-based device coverage. (Fetches: Devices)

• SNMP - SNMP is a network management protocol that allows for the monitoring and management of network devices. (Fetches: Devices)

Updated Adapters

Improved "Last Seen" Data Coverage Across 28 Integrations

Axonius has optimized the Last Seen field for 28 specific integrations. Previously, while the activity timestamp data was available within these integrations, it was not always fully mapped to the unified Axonius "Last Seen" field. This could cause devices to appear stale or show missing timestamps despite recent activity.

Impact on your workflow:

• Greater Data Precision: Enjoy more accurate and comprehensive "Last Seen" timestamps across your entire asset inventory.
• Reduced False Positives: Improved visibility into true device activity helps you more effectively identify genuinely inactive or unmanaged assets.
• Reliable Automation: Increased confidence in queries, security policies, and enforcement actions that trigger based on device recency.

Adapters Optimized

Adapter Updates

• Asimily Insight - Added advanced configuration to filter assets by deviceTag for targeted device discovery.
• Amazon Web Services (AWS)
  • The Correlate ECS Containers with their EC2 Instance advanced setting was removed from the adapter. This setting previously allowed users to correlate ECS containers with their underlying EC2 instances by setting specific fields on the container entities to match the EC2 instance. Now, ECS containers will always use their container ID as the primary identifier.
  • Added support for additional opt-in regions including ap-east-2, ap-southeast-5, ap-southeast-6, ap-southeast-7, and mx-central-1.
  • Added the option to fetch Expenses as assets from the AWS Cost Explorer API.
• BigFix
  • Added advanced configuration for "Use relevance query for device fetching" to optimize device collection performance.
• BitSight Security Ratings
  • Added the option to filter company assets by their importance level, allowing for targeted data collection..
  • Added the option to allow or disallow parsing of the Bitsight rolledup_observation_id field.
• BMC Atrium ADDM - Added the option to collect additional asset types beyond hosts for comprehensive infrastructure discovery.
• Checkpoint MDSM - Added the option to add verbose information to CheckPoint assets.
• Cherwell IT Service Management - The legacy Advanced Fields to Show in Basic Fields setting was superseded by the new Custom Parsing configuration. All existing configuration is retained.
• Cisco Identity Services Engine (ISE) - Enabled custom field parsing for users and devices to support custom JSON mapping for extracting custom attributes and session-level fields.
• Citrix Director - Added the option to parse remote connections and sessions as separate devices for granular visibility.
• CrowdStrike Falcon - Added the option to fetch and parse evaluation logic notable tests from vulnerability data. The results are parsed into a new complex field titled Evaluation Logic.
• Custom File Adapter
  • Added the option to use Google Drive files as a file source.
  • Added support for 4 new asset types: Firewalls, Load Balancers, URLs/Domains, and Network Routes.
• Docebo
  • Added advanced configuration and filters for the users endpoint.
  • Added new enrollments endpoint with the option to enrich users with work orders as a complex field.
• Eracent - Added enrichment of devices with Asset Owner and Technical Owner fields from the assets endpoint.
• ForeScout CounterACT - Added performance optimization through the new 'Fetch policy rules' toggle in advanced settings.
• Freshservice - The legacy Advanced Fields to Show in Basic Fields setting was superseded by the new Custom Parsing configuration. All existing configuration is retained.
• HPE Aruba Networking - Added parsing of the is_network_infra_device field to properly categorize devices under "Network Devices". The adapter now appears in the Network Devices asset category in addition to the existing Devices category.
• HP Integrated Lights-Out (iLO) - Added a new endpoint for fetching iLO firmware version information.
• Jira Service Management (Service Desk) - This adapter now fetches SaaS Applications.
• Landscape - Enhanced device enrichment with additional data collection capabilities.
• Microsoft Defender for Endpoint (Microsoft Defender ATP)
  • Added the option to parse "Unknown" as "False" for the following fields: AV Info Is Signature Up To Date and AV Info Is Engine Up To Date.
  • Added the option to populate the vulnerability's Last Seen field with the value of the Last Seen software field in Defender ATP.
• Microsoft Entra ID (Azure Active Directory) - Added the option to specify user directory extension properties to fetch.
• Microsoft Intune - Added the option to filter devices by ownership type and decide which types to fetch: company devices, personal devices, or all devices.
• Nozomi - Added the option to filter asset types for vulnerability ingestion at the source.
• Okta - Added the option to fetch only the most recent user records for each user to reduce duplicate deprovisioned users.
• Oracle Cloud - Added the option to fetch all tags from Oracle Cloud assets as individual fields in Axonius, allowing for granular, tag-based filtering.
• Palo Alto IoT Security - Added API v1 support configuration for current IoT Security Public API endpoint. When API V1 is selected, new connection settings are required.
• Palo Alto Networks Cortex XSIAM - Enabled custom field parsing for JSON mapping to make custom fields searchable in the Axonius database.
• Palo Alto Networks Prisma Cloud - Added the option to determine asset type filing based on "Common Fields: Service" values for improved asset categorization.
• Qualys Cloud Platform - Added the option to skip inactive Qualys policies before making any host-data API calls.
• Red Hat Automation Controller (Ansible Tower) - The Red Hat Automation Controller (Ansible Tower) adapter now supports the updated API prefix used in Red Hat Ansible Automation Platform version 2.5 and later.
• Sectigo - Added the option to fetch Application Settings for this adapter.
• Socket - The Socket adapter has been enhanced to provide better control over data fetching and vulnerability management. This update adds a new Alerts endpoint that retrieves vulnerability information for repositories, introduces an optional date range filter for scan data, and makes both the Full Scans and Alerts endpoints configurable (disabled by default). Users can now enable these endpoints in advanced settings and filter scan data by date range to optimize data collection.
• Tanium Adapters:Tanium Asset, Tanium Client Status, Tanium Comply, Tanium Discover, and Tanium Interact
  • These adapters and their associated Enforcement Actions now support client-side certificate authentication (Mutual TLS). This enhancement allows Axonius to authenticate to Tanium servers using client certificates in addition to traditional username/password authentication, meeting advanced security requirements for organizations that enforce mutual TLS authentication.
• Tenable Vulnerability Manager
  • Added the option to parse Plugin 83991 (List Installed Mac OS X Software) from Tenable plugins.
  • Added the option to fetch all Tenable plugins directly to the Vulnerability Repository and enrich CVE records in the repository with detailed threat intelligence.
• Tenable.sc (SecurityCenter) - Added an option to specify which plugins to fetch heavy fields from.
• Troverlo - Added API Token authentication option as an alternative to basic authentication.
• Workday/Vndly - Added a new enrichment endpoint that provides Work Orders information, parsed as a complex field for detailed user enrichment.

New Enforcement Actions

• Efecte - Create Incident - Creates incidents in Efecte with asset information for ticketing workflows.

• Efecte - Update Incident - Updates existing incidents in Efecte with new information and status changes.

• Nautobot - Create Device - Creates assets in Nautobot for infrastructure management.

• Nautobot - Update Device - Updates assets in Nautobot for infrastructure management.

Updated Enforcement Actions

• AWS - Send JSON to S3 and AWS - Send CSV to S3 - Added the ability to select a gateway.
• BMC Helix Remedy - Create Ticket - Added TemplateID to the list of body parameter fields.
• Microsoft Fabric - Send Assets to Lakehouse - This action now supports proxy configuration for environments that require HTTP proxy authentication. Three new connection settings have been added to allow users to configure an HTTPS proxy server with optional authentication credentials.
• Microsoft Teams - Send Message - Added the option to use OAuth2 Authentication.
• Tanium Client Status - Create Action and Tanium Client Status: Create Software Deployment - Added support for client-side certificate authentication (Mutual TLS) when configuring the connection fields.