Release Notes
Back to All

Axonius Release Notes 8.0.25

3 days ago

Release Date: May 31st 2026

These Release Notes contain new features and enhancements added in version 8.0.25

SaaS Applications New Features and Enhancements

The following new features and enhancements were added to SaaS Applications:

ISO 27001 standard

The ISO 27001 standard is now supported as a standard in the Compliance field on the SaaS Applications page.

Exposures

Security Findings that arrive as closed from adapters will no longer be enriched by information from external sources.

Axonius Platform New Features and Enhancements

Workflows New Features and Enhancements

Workflow Test Run & Debugging - Build and Test Workflows Incrementally

The capability has been added to test workflows node-by-node as they are built to ensure each step of an automation works correctly before adding the next step. Testing incrementally makes it easier to find and fix issues.

Test Nodes as You Build

Workflow nodes can be tested immediately after they are configured, without waiting for the complete workflow to be finished. As nodes are added and tested, the system verifies that data flows correctly from upstream to downstream nodes. This approach helps developers catch configuration errors early, before the entire workflow is complete, making troubleshooting faster and easier.

Safe Testing

Tests are executed on a single randomly selected asset. This means workflow logic can be built and validated without production risk. Multiple tests with different assets can be run to verify that workflows behave correctly across different scenarios.

Complete Node Coverage

All workflow node types can be tested with node-specific test capabilities. Event nodes allow validation of asset resolution and event payload configuration. Action nodes enable verification of field configuration, dynamic values, and action execution. Condition nodes confirm logic evaluation and branch selection. Query nodes validate query results and asset counts. Variable nodes test variable creation and scope. For Each nodes confirm entity resolution and loop iteration. Delay nodes and other nodes that do not process anything relevant to testing are not tested.

Visual Test Results

When tests are run, the interface displays node-by-node execution status showing success, error, or unreachable states. Input and output data for each node can be reviewed to track how data transforms as it moves through the workflow. Conditional branch visualization shows which paths execute during testing, helping developers understand workflow behavior.

Full Workflow Validation

After individual nodes have been tested, an end-to-end workflow test can be run to confirm everything works together. The system executes the complete workflow sequentially on a randomly selected asset. Multiple full tests with different assets can be run to validate behavior across the environment and find edge cases.

Assets Pages

The following features were added to all assets pages:

Create New Asset

You can now set fields as default fields on Create New Asset.

System Settings

The following updates were made to various System settings:

Enterprise Password Managers

Akeyless Vault

  • Added support for AWS IAM and Universal Identity authentication methods, enabling role-based authentication via AWS EC2 instance profiles and Universal Identity tokens to eliminate static credential rotation.


Adapter and Enforcement Action Updates

New Adapters

  • A10 Control - A10 Control is a centralized management platform that provides lifecycle management, inventory tracking, and configuration control for A10 Networks appliances across distributed environments. (Fetches: Devices)
  • Beamy - Beamy is a SaaS management platform that provides usage intelligence, application portfolio governance, and digital transformation insights for large enterprises. (Fetches: SaaS Applications)
  • Boost Security - BoostSecurity is an application security posture management (ASPM) platform that provides repository scanning coverage, scanner visibility, and security gap analysis across developer source code environments. (Fetches: Application Resources)
  • FortiAuthenticator - FortiAuthenticator is an identity and access management appliance that provides centralized authentication, two-factor authentication, single sign-on, and RADIUS and LDAP services for users and devices. (Fetches: Users, Devices, Groups)
  • GEM One - GEM One is an encryptor management platform that provides centralized discovery, configuration, and health monitoring of dispersed HAIPE and TACLANE encryption devices across enterprise networks. (Fetches: Devices)
  • Netgate pfSense - Netgate pfSense is an open-source firewall and router platform from Netgate. This adapter fetches the pfSense firewall and NAT rules, VPN tunnels (IPsec/OpenVPN), and routing data via the pfSense REST API v2. (Fetches: Networks, Network/Firewall Rules)

Updated Adapters

  • AlgoSec Firewall Analyzer - This adapter now supports fetching allowed devices from the AlgoSec API. This enhancement adds new advanced settings that enable users to retrieve additional device data, including devices configured in the AlgoSec system with support for filtering by device type (BlueCoat devices) and FireFlow compatibility.
  • Azure DevOps - Added support for fetching GitHub Advanced Security vulnerability alerts as Security Findings.
  • BigFix Inventory - Added an option to provide users with control over device fetching behavior when a BigFix Inventory import is running to fetch devices even during an active import, though this may result in incomplete asset data.
  • BitSight Security Ratings - Enhanced asset type classification to parse domain and URL findings as Domain and URL asset types instead of Device assets, improving data accuracy and correlation with internal devices through Network Route data.
  • CIS-CAT Pro - Added the option to fetch benchmark exceptions and rule-level errors per benchmark assessment.
  • Claroty CTD - Enhanced Hostname field handling to prevent MAC addresses from being populated in the Hostname field when they match network interface MAC addresses.
  • CloudFlare Zero Trust - The CloudFlare Zero Trust adapter has been updated to use API Token-only authentication. The User Email connection parameter has been removed, and the API Key / API Token parameter has been renamed to API Token. This change simplifies the authentication process and aligns with CloudFlare's recommended authentication method using Bearer tokens. Existing adapter connections will be automatically migrated to the new authentication method.
  • Cloudflare DNS - This adapter now fetches Network Services. - DNS records of type MX, TXT, SRV, NS, PTR, and other non-address record types are now parsed as Network Service assets instead of URLs.
  • CrowdStrike Falcon - Added an option to fetch only online devices to reduce API load and data volume.
  • CyberArk Endpoint Privilege Manager - Migrated from deprecated API endpoint to new POST /Sets/{set_id}/Endpoints/search endpoint to maintain compatibility with CyberArk EPM v25.4 and later.
  • Databricks
    • Added the option to fetch Application Settings.
    • Added the option to fetch SaaS Applications at the account level using published OAuth app integrations.
  • Exabeam Cloud - Added device log enrichment option to enrich Devices with rule trigger events and activity logs.
  • F5 BIG-IP iControl
    • Added an option to fetch WAF (Web Application Firewall) threat profiles with CVE mappings from ASM (Application Security Manager) signatures.
    • Added an option to configure DNS lookup by disabling hostname resolution for virtual servers with iRule proxy rules when DNS resolution is slow or not needed.
  • FortiManager - This adapter now supports fetching network assets from global interfaces on FortiManager devices.
  • Google Workspace (G Suite) - Added the option to fetch Application Settings.
  • Greenhouse - The Greenhouse adapter now supports both API v1 and API v3, allowing you to choose which version to use based on your organization's needs.
  • Lenel OnGuard
    • This adapter now fetches devices.
    • Added an option to fetch devices from card readers, enriching devices with card reader information and network node identification data.
  • Microsoft Azure - This adapter now fetches Azure AI services (Azure OpenAI, Computer Vision, and Speech Service) as Application Services.
  • Microsoft Defender for Endpoint (Microsoft Defender ATP) - Added an option to filter vulnerabilities by severity level.
  • Microsoft Teams - Added Cloud Environment configuration option to enforcement actions to support Azure US Government Cloud endpoints (graph.microsoft.us) in addition to commercial Azure (graph.microsoft.com).
  • MicroStrategy - Added the option to fetch Application Settings.
  • NetBrain
    • This adapter now fetches networks.
    • Added the option to fetch network site information from NetBrain.
  • Nutanix Prism Central - This adapter now supports API v4 in addition to the existing API v3. A new connection setting Use API v4 (recommended) has been added, allowing users to choose which API version to use when connecting to Nutanix Prism Central. The v4 API is the recommended option and is enabled by default for new connections.
  • Okta - The dapter connection test was updated to support connections that do not have the okta.users.read permission scope. Now, if the initial test using the Users API fails, the adapter automatically attempts to test the connection using the Devices API (which requires the okta.devices.read permission).
  • OpenAI
    • This adapter now fetches activities.
    • The OpenAI adapter now supports the OpenAI Compliance API, enabling organizations to fetch compliance-related user data and audit/activity logs. Additional configuration options are required to enable this as well as advanced configuration options.
  • Oracle Fusion HCM Cloud
    • Added the option to upload certificate and private key files for mutual TLS (mTLS) authentication.
    • Added configurable OAuth Scope field with default value "urn:opc:idm:myscopes" to support flexible authentication scope configuration.
    • Added the option to configure the page size for API requests.
  • Palo Alto Networks Panorama - Added support for fetching and parsing Threat Profiles and IPS Signatures for firewall rules.
  • Ring Central - Added advanced configuration option to filter device endpoint queries by extension type, reducing unnecessary API calls and 404 errors by only fetching devices for extension types that support them (such as DigitalUser).
  • RSA SecurID - Updated to use the RSA Cloud Administration Report API to fetch users and hardware tokens.
  • ServiceNow
    • Merged and simplified the Table Mapping component, to drastically reduce configuration overhead. This removes workflow complexity, protecting users from cognitive overload and speeding up time-to-value. This unified configuration interface for mapping ServiceNow tables to Axonius entity types allows custom query criteria and field selection per table. As part of this simplification, the following advanced settings were removed and merged to Table Schema mapping. All existing configuration is retained.
      • Fetch only cmdb_ci_computer table
      • Additional device table names
      • Fetch VPN devices from 'cmdb_ci_vpn' table
      • Exclude VMs tables
      • Save only virtual devices
      • Include/Exclude assets if they have the following field with the following value(s)
  • ServiceNow Tickets Fetch - The legacy Advanced Fields to Show in Basic Fields setting was superseded by the new Custom Parsing configuration. All existing configuration is retained.
  • Silverfort - Updated authentication configuration to support different App User ID and App User Secret credentials for each API key category instead of requiring separate API keys.
  • SolarWinds Network Performance Monitor - Added the option to fetch historical interface traffic metrics from the SolarWinds NPM (Network Performance Monitor) module. This feature allows users to retrieve network interface utilization data and bandwidth statistics for up to 90 days of history, enabling better network performance analysis and capacity planning.
  • Splashtop - Added the option to fetch user and computer groups through a new advanced configuration setting.
  • Tenable Vulnerability Management
    • Added an option to parse OS data from network fingerprinting for devices scanned without credentials (such as F5 load balancers and network devices).
    • Added the Scan Name field to Security Findings, allowing correlation of vulnerabilities with their originating vulnerability scan.
  • Wiz
    • Added new asset types for Firewall (Network/Firewall Rules) and Organizational Unit (Namespace), enabling better classification and querying of network infrastructure and Kubernetes namespaces.
    • Removed the "Fetch compute images as devices" advanced configuration setting, as this functionality is now achievable through legacy IFF (Ingestion Filter Framework).
    • Reorganized all advanced configuration settings into categories (Fetch and Parse, Data Enrichment. etc.).

New Enforcement Actions

Updated Enforcement Actions