Adapter Advanced Settings

Basic adapter connection configuration settings are configured separately for each of the adapter's connections.
You can configure the following Advanced Settings for all adapter connections or for each connection separately:

• Adapter Configuration - all adapter connections, or for each adapter separately for specific settings only.
• Advanced Configuration - all adapter connections or for each connection separately only for specific adapters.
• Discovery Configuration - all adapter connections or for each connection separately.
• Ingestion Rules Configuration - all adapter connections.

Adapter Configuration

To configure the adapter's Advanced Settings, do the following:

1. Open the Adapters page. Click the icon on the left navigation panel.
2. Search and click the relevant adapter. The Adapter Connections page opens displaying the list of connected connections.
3. Click Advanced Settings. The adapter advanced settings pane appears, displaying the Adapter Configuration tab.
4. To save any configuration changes, click Save Config.

You can control and configure the following settings:

1. Ignore devices that have not been seen by the source in the last X hours
2. Delete devices and other assets that were not returned from the source by a successful fetch in the last X hours
3. Delete devices and other assets that have not been returned from the source in the last X hours
4. Ignore users that have not been seen by the source in the last X hours
5. Delete users that have not been returned from the source in the last X hours
6. Delete users that were not returned from the source by a successful fetch in the last X hours
7. Override the global discovery schedule for this adapter to wait X hours before fetching
8. Wait for a connection to the source for up to X seconds
9. Wait for a response from the source for up to X seconds
10. Set as inactive after X failed attempts to connect
11. Number of connection attempts before fetch failure
12. Ignore matching assets from the source if a subsequent asset was seen by the source before the previously fetched asset
13. Enable real-time adapter (ignores all discovery cycle settings and continuously repeats fetches from the source)
14. Collect real-time adapter fetch history and events
15. Exclude devices within IP ranges (IPv4 and IPv6)
16. Fetch order

Configuring Custom Settings for Each Adapter Connection

You can configure the following settings for each adapter connection:

• 'Ignore devices that have not been seen by the source in the last X hours'
• 'Delete devices and other assets that were not returned from the source by a successful fetch in the last X hours'
• 'Delete devices that have not been returned from the source in the last X hours'
• 'Delete users that were not returned from the source by a successful fetch in the last X hours'
• 'Ignore users that have not been seen by the source in the last X hours'
• 'Delete users that have not been returned from the source in the last X hours'
• 'Set as inactive after X failed attempts to connect'

To configure these settings separately for each adapter connection:

1. On the Advanced Settings Adapter Configuration page toggle on 'Enable custom adapter connection settings for each connection separately'

4. Click Save Config. The Adapter Configuration tab now also appears on the Add Connection dialog.
5. Click Add Connection. The Connection Configuration dialog now has an additional tabs (Adapter Configuration).

6. Toggle on Enable custom adapter connection settings. The settings that you can configure are now displayed.

7. Configure the settings that you want to apply for this specific connection, and then select Save or Save and Fetch. Any settings that you did not configure here use the default settings.

Ignore devices that have not been seen by the source in the last X hours

This setting lets you avoid fetching old devices that are no longer part of your network, but that still exist in the data repository of the adapter connection. Note that this setting can either apply for all connections for an adapter, or you can set different settings for specific connections.

• If supplied, the adapter only fetches device information if that device asset entity has been seen by the adapter connection ('Last Seen' field) within the last specified number of hours.
• If not supplied, the adapter always fetches device information.

For example, if the value is 2160 hours, any device asset entity which has not been seen by the adapter connection in the last 90 days is not pulled into Axonius. The best practice for most adapters is to set this value to 2160 hours. For data sources that have frequently changing data, the best practice to have shorter Ignore devices not seen in x hours settings. For example, a network Adapter will update data inclose to real time. 30 days or less is optimal. On the contrary, for a CMDB Adapter you may want to fetch a longer history especially if you are performing CMDB reconciliation or database cleanup.

Delete devices and other assets that were not returned from the source by a successful fetch in the last X hours

Use this setting to only delete devices not returned by the adapter if the most recent fetch was successful. In this way, if there was a temporary issue in a fetch, devices will not be deleted accidently. The value for this setting must always be lower than the value of 'Delete devices that have not been returned from the source in the last X hours'. Note that this setting can either apply for all connections for an adapter, or you can set different settings for specific connections.
For example, assuming you have the discovery schedule set to the default 12 hours, you can set the value of this setting to 12, while the setting for 'Delete devices that have not been returned from the source in the last X hours' is 48. In such a case you ensure that 4 cycles of fetch were not successful before the final deletion.

Delete devices and other assets that have not been returned from the source in the last X hours

This setting lets you avoid keeping data for assets that no longer exist on the ‘source’, under the assumption that if an asset entity has not been fetched from an adapter connection, it no longer exists and can be deleted. Note that this setting can either apply for all connections for an adapter, or you can set different settings for specific connections.

• If supplied, the adapter deletes the asset data fetched from the source if the asset entity was not fetched from that adapter connection (source) in the last specified number of hours. Only the information fetched from that specific adapter is deleted, keeping the rest of the information on that asset (if it exists) intact.
• If not supplied (that is, if left blank or set to 0), the adapter never deletes asset information.

For example, if the value is 48 hours, a device asset entity is deleted if it has not been fetched from the adapter connection in 2 days. The best practice for most adapters is to set this value to 48 hours.

Delete users that were not returned from the source by a successful fetch in the last X hours

Use this setting to only delete users not returned by the adapter if the most recent fetch was successful. In this way, if there was a temporary issue in a fetch, users will not be deleted accidently. The value for this setting must always be lower than the value of 'Delete users that have not been returned from the source in the last X hours'. Note that this setting can either apply for all connections for an adapter, or you can set different settings for specific connections.
For example you can set the value of this setting to 6, while the setting for "Delete users that have not been returned from the source in the last X hours" is 24. In such a case you can ensure that 4 cycles of fetch were not successful before the final deletion.

Ignore users that have not been seen by the source in the last X hours

This setting is the same as the Ignore devices that have not been seen by the source in the last X hours setting, but in the context of user information. Note that this setting can either apply for all connections for an adapter, or you can set different settings for specific connections.

Delete users that have not been returned from the source in the last X hours

This setting is the same as the Delete devices that have not been returned from the source in the last X hours setting, but in the context of user information. Note that this setting can either apply for all connections for an adapter, or you can set different settings for specific connections.

Override the global discovery schedule for this adapter to wait X hours before fetching

This setting lets you schedule a specific adapter discovery cycle that runs longer than the global discovery cycle.

• If supplied, once a fetch starts for an adapter, Axonius waits for the minimum number of hours specified before initiating the next adapter discovery cycle.
• If not supplied, the adapter discovery cycle is always part of the global discovery.

For example, if the value is 2 hours and the global discovery starts every 1 hour, then Axonius pulls data from the adapter every 2 hours instead of every 1 hour.

Wait for a connection to the source for up to X seconds

This setting lets you avoid endless connection attempts when the connection is down.

• If supplied, all connections for the adapter wait for the specified number of seconds before the attempt to connect to the adapter connection is considered timed out. If the connection fails, an error icon is displayed next to the adapter connection icon.
• If not supplied, all connections for the adapter do not have any connection timeout.

For example, if the value is 300 seconds, as part of the discovery cycle, Axonius displays an error icon next to the adapter connection if a connection has not been established within 300 seconds. Axonius then continues the discovery cycle and tries to connect the next adapter connection.

Wait for a response from the source for up to X seconds

This setting lets you avoid endless data fetching attempts when there is any error during the process. This setting determines when Axonius stops fetching data from the adapter connection if issues are identified during the discovery process.

• If supplied, all connections for the adapter wait for the specified number of seconds to pass from the last data fetched during the discovery cycle.
• If not supplied, all connections for the adapter do not have any timeout.

For example, if the value is 5400 seconds (90 minutes), and Axonius identifies an issue with fetching the data and no new data is retrieved for over 90 minutes, Axonius terminates the transaction and continues to the next one. A best practice is to set this to 7200 seconds.

Set as inactive after X failed attempts to connect

Use this setting to configure a number of connection attempts after which the adapter connection is set to inactive. When you leave this field empty, the connection for the adapter is not automatically set as inactive after consecutive failed connection attempts.
This is useful when connected to systems which change their credentials from time to time. The number of connection attempts includes all connections to the server, including periodic connection updates (if set in Data Aggregation Settings). Note that this setting can either apply for all connections for an adapter, or you can set different settings for specific connections.

Number of connection attempts before fetch failure

Use this setting to configure the number of times a fetch reattempts to connect before failing to retrieve data. You can specify up to 5 reattempts. By default, the value is empty (a single attempt to connect). The sleep interval between each reattempt to connect is 5 minutes.

Ignore matching assets from the source if a subsequent asset was seen by the source before the previously fetched asset

In some cases, Axonius may fetch device information from several different adapter connections of the same adapter type. The device information from each of those sources may be different due to the last time the device information was updated in that adapter connection ('Last Seen' field).

• If enabled, all connections for the adapter ignore older device or user data (based on fetched ‘Last Seen’ field) when data for a specific device or user is received from connections of the same adapter type.
• If disabled, all connections for the adapter do not ignore any device or user data, even if fetched from connections of the same adapter type.

For example, if a device named 'Device123' information is fetched from two adapter connections.
'Last Seen' fetched is:

• From server1 - Jan-1-2019.
• From server2 - Jan-5-2019.

Therefore, if set, Axonius discards and ignores the data fetched from server1.

Enable real-time adapter (ignores all discovery cycle settings and continuously repeats fetches from the source)

This setting lets you constantly fetch adapter data. This means that once Axonius completes the discovery cycle for the adapter connection, it initiates another cycle immediately.
If the adapter’s collected data is updated in very short cycles (seconds or minutes), use this setting to make sure the fetched data is always up to date.

• If enabled, Axonius pulls information from the adapter constantly.
• If disabled, Axonius does not pull information from the adapter constantly.
  NOTE

  If Override the global discovery schedule for this adapter to wait X hours before fetching is configured, this setting is ignored. The start of the next discovery cycle for the adapter is based on the Override the global discovery schedule for this adapter to wait X hours before fetching setting.

Collect real-time adapter fetch history and events

This setting lets you to decide whether to collect the real-time fetch data and events.
If the adapter’s collected data is updated in very short cycles (seconds or minutes), this can affect the retention of the Adapters Fetch History.

• If enabled, Axonius collects the real-time fetch data and events from all connections for the adapter.
• If disabled, Axonius does not collect the real-time fetch data and events from all connections for the adapter.

This setting is displayed only if the Enable real-time adapter (Ignores all discovery cycle settings and continuously repeats fetches from the source) setting is enabled.

Exclude devices within IP ranges (IPv4 and IPv6)

This setting lets you exclude a device within one or more comma-separated IPv4 or IPv6 address ranges from the fetch. For example, if 127.0.0.1-127.0.0.20, 127.0.0.30-127.0.0.50 is entered, all devices that have an IPv4 address in the specified ranges are excluded from the discovery cycle. If 2001:db8:3333:4444:5555:6666:7777:5555-2001:db8:3333:4444:5555:6666:7777:8888 all devices that have an IPv6 address in the specified ranges will be excluded from the discovery cycle.

Fetch order

By default all adapters run at the same time in a fetch cycle. Use this field to set a fetch order for adapters. Use values of 0, 1, 2, 3 etc. Adapters with Fetch order set to 0 run first, then those set to 1 which will run only after the first set completes its run, then 2 etc. Adapters with no value set in this field run after any configured adapters complete their run This field is optional.
By default, this field is empty as all adapters should run right at the beginning of the cycle phase. This increases the length of the fetch cycle. Use this field for advanced scenarios only, such as running endpoint protection adapters after cloud adapters.