Axonius 4.5 Adapter and Enforcement Action Updates
  • 28 Feb 2022
  • 11 Minutes to read
  • Dark
    Light
  • PDF

Axonius 4.5 Adapter and Enforcement Action Updates

  • Dark
    Light
  • PDF

Article summary

The following presents recent updates to Adapters and Enforcement Actions.
View full information about new and updated features in Axonius 4.5

Updated Adapters

The following adapters were enhanced:

Enable Client Side Certificate: You can upload client side certificates to enable Axonius to send requests using client side certificates to allow Mutual TLS configuration for ServiceNow, SentinelOne and Azure.

  • Amazon Web Services (AWS)
    Added a new tag allow/block list for fetching devices option to the Advanced Configuration File in the Add Connection dialog for this adapter.

  • Auvik - added the capability to enter a comma delimited list of tenant IDs from which to request information. When you list tenant IDs the system only fetches information from the Tenant IDs listed. Otherwise when this field is empty, by default the system fetches for all tenant IDs visible to the user.

  • Cherwell IT Service Management - added the option to wait before sending authentication tokens.

  • Cherwell IT Service Management (SQL)

    • Added the option to map Cherwell's Last Discovery field as the device's Last Seen field.
    • Added the advanced capability to only fetch devices with specified status
  • Cisco Identity Service Engine (ISE) -

    • Added the capability to select whether to propagate errors originating from the PxGrid connection when 'Use pxGrid to fetch live sessions' is enabled for a client.
    • Added the capability to connect to a pxgrid domain instead of the regular domain used for ERS.
  • Cisco Meraki added the capability to use an API prefix.

  • Claroty - added the capability to select whether to fetch only unicast devices.

  • Cloudflare DNS - added the capability to fetch each CNAME record as a separate device.

  • CloudHealth - added the capability to fetch data from Azure and GCP.

  • CrowdStrike Falcon - added the capability to fetch closed vulnerabilities.

  • CyberArk Privileged Account Security - added SAML authentication to this adapter.

  • Dell OpenManage Enterprise added the capability to set the server's time offset in Axonius in order to display the timestamp correctly.

  • Duo Beyond added the capability to select whether to fetch endpoints.

  • F5 BIG-IQ Centralized Management added the possibility to define the Login Provider Name.

  • ForeScout CounterAct - added the capability to set the number of parallel requests that the ForeScout CounterAct server will get data from devices.

  • FortiEDR (enSilo) - the name of the enSilo adapter was changed to FortiEDR (enSilo).

  • Google Cloud Platform (GCP) - added the option fetch Cluster devices and display them in the Devices page.

  • Google Workspace (GSuite)

    • Added the option to ignore devices coming from Cloud Identity without Serial Numbers.
    • Added the capability to fetch users' calendars
  • Greenbone Vulnerability Management (OpenVAS) - The parameters for this adapter were changed to enable better cross-version compatibility with less configuration required at the customers' end.

  • IP Fabric - added the option to connect using an API Key.

  • Ivanti Security Controls (Advanced Settings)

    • Added the option to select whether to fetch the machines last seen.
    • Added the option to select whether to fetch patch scans that apply to a minimum number of machines set.
  • Atlassian Jira Software (Advanced Settings) - Added the option to select whether to exclude fetching disabled users.

  • Kenna Security Platform (Advanced Settings) - Added the option to select whether to fetch vulnerability and fixes information for devices, as well as device information.

  • ManageEngine Desktop Central - added Patch manager functionality to the Desktop Central adapter.

    • Added possibility to add Customer ID when connecting to Desktop Central MSP.
    • Added OAuth authentication.
  • Medigate - added the capability to use both the old and the new API.

  • Microsoft Active Directory

    • Added the capability to configure the DC Address field in the Add Connection tab for this adapter with a customized LDAP port.
    • Added the option to set one or more OUs from which entities will not be fetched.
    • Added the option to show all devices from the Advanced view in Basic view on the Device Profile page.
  • Microsoft Azure (Advanced Settings) - added the capability to fetch Kubernetes Clusters, Storage Accounts, Redis Caches or Key Vaults and represent them as devices, enabling Axonius to present more information from Azure PaaS services.

  • Microsoft Azure AD

    • Added the capability to list a group or groups whose devices will be ignored and not fetched.
    • Added the following Microsoft Azure AD (Advanced Settings)
      • Added the capability to not fetch user groups listed in the new User groups blacklist checkbox. When 'Fetch user groups' is selected, users who have groups listed in this field will not be added to Axonius.
      • Added the capability to select whether to collect “Windows10CompliancePolicy.DefenderEnabled” Compliance state for any Intune device to the ”Windows 10 Defender Enabled State” Field of the adapter.
      • Added the capability to select whether Installed software fetch is conducted in a background thread and the information retrieved will be assigned to its “originating” device on the next device fetch. Background thread re-fetches information every 5 hours, similar to having a fetch cycle only for this information once every 5 hours. This optimizes the fetch cycle.
      • Added the capability to select whether information about user groups is fetched in a background thread and the information retrieved is assigned to its “originating” device on the next device fetch. Background thread re-fetches information every 5 hours, similar to having a fetch cycle only for this information once every 5 hours. This optimizes the fetch cycle.
      • Added the capability to select whether to fetch device ownership information, that is, username and email for all connections for this adapter.
      • Added the capability to select whether to create only one adapter when you fetch entities from Azure AD that contain the same name multiple times. In this case create only one adapter in Axonius using the name with the most recent last seen properties.
      • Added the capability to select whether to fetch the license details for users.
      • Added the capability to select whether to fetch information on every Azure AD group for every device.
      • Added support for Azure US Gov Cloud to the Cloud Environment field.
      • Added the capability to fetch information about managers of Azure AD users.
      • Added the capability to select whether to use a beta API to fetch Intune devices instead of the regular API.
      • Added the capability to select whether to filter the Intune devices fetched by Operating System.

  • Microsoft Defender for Endpoint (Microsoft Defender ATP)

    • Added the capability to select whether to only fetch devices that were onboarded.
    • Added the capability select whether interfaces that have the operational status 'Down' will not be added to devices.
  • Microsoft System Center Configuration Manager (SCCM) - added the capability to fetch fields from thev_CollectionMemberClientBaselineStatus SCCM table and bring online data from various fields.

  • MobileIron EMM (Advanced Settings) -

    • Added the capability to only fetch Core Devices whose Status field matches at least one of the values listed.
    • Added the capability to use the IMEI as the device serial number.
  • NetBrain Integrated Edition - added the option to create One-IP entries as devices.

  • Nmap Security Scanner - added the capability to use the Amazon S3 object location (key) field to fetch all Nmap .xml files recursively from an S3 directory path.

  • Okta - added the capability to select whether to save the users' recovery questions in the Axonius database.

  • Orca Cloud Visibility Platform - added the option to only fetch devices whose asset type appears in an Asset type include list

  • Palo Alto Networks Cortex XDR - added an advanced capability to fetch policies.

  • phpIPAM) - Added a new phpIPAM Advanced Configuration tab to this adapter:

    • Added the capability to specify a comma-separated list of CIDRs to be excluded and to fetch phpIPAM assets from IP addresses in the IP range of the specified CIDRs.
    • Added the capability to specify a comma-separated list of CIDRs to be included to only fetch phpIPAM assets from IP addresses in the IP range of the specified CIDRs.
    • Added the capability to select whether to fetch all the addresses under all the subnets in phpIPAM and create devices from these addresses
  • Qualys Cloud Platform

    • Changed the Fetch PIC Flag checkbox to be Fetch PCI and Patchable Flags. This adds the capability to add PCI and Patchable flags to fetched vulnerabilities. When you fetch the Patchable flag you can create queries based on patch availability.
    • Added the capability to enrich the vulnerabilities information using results from the VM detection information.
    • Added the capability to select whether to parse installed software using the Vulnerability Management detection.
    • Added the capability to fetch the following fields: AFFECT_RUNNING_KERNEL, AFFECT_RUNNING_SERVICE and AFFECT_EXPLOITABLE_CONFIG.
    • Added the capability to select whether to enrich the vulnerabilities information from the vulnerability base API.
  • Rapid7 InsightVM

    • Added the capability to only fetch devices from Rapid7 InsightVM with the Tag Keys provided in a comma-separated list of Tag Keys in Rapid7 InsightVM.
    • Added the capability to exclude devices with no MAC address, no hostname and no IP address from the fetch.
  • Rapid7 Nexpose and InsightVM - added the capability to set a comma separated list of specific tags to be fetched.

  • Rumble Network Discovery - added the capability to select whether not to fetch devices with no MAC address and no hostname.

  • SalesForce - added the capability to select whether all connections for this adapter will skip all inactive users and will only fetch active users.

  • Secureworks Taegis XDR (Red Cloak TDR) - The name of the Secureworks Red Cloak TDR adapter was changed to Secureworks Taegis XDR (Red Cloak TDR).

  • ScopNET - added the capability to select whether to exclude devices that do not have a hostname.

  • ServiceNow - Multiple enhancements:

    • Added the capability to select whether all connections for this adapter will exclude or include devices from the adapter fetch which have a ServiceNow table that contains a field with the value defined.
    • Added the capability to enter one or more ServiceNow table names separated by commas from which Axonius will fetch entries and parse them into users.
    • Added the capability to enter one or more ServiceNow table names separated by commas which will not be filtered by 'Last Seen'. All connections for this adapter will fetch all of the data from these tables from all dates.
    • Added the capability to specify an Operating System name and to not fetch devices which run this Operating System.
    • Added the capability to specify a comma-separated list of one or more numbers that represent operational status to exclude from the fetched data or include in the fetched data.
    • Added the capability to fetch IP addresses only in IPv4 format for devices.
    • Added the capability to select whether to fetch the Business Application information of device assets from ServiceNow.
  • SolarWinds Network Performance Monitor

    • Added the capability to select whether to fetch User Device Tracker endpoint information.
    • Added the capability to select whether to map SolarWinds's Lease Expiration field as the device's Last Seen field.
  • SonicWall- Added the capability to select whether to fetch devices which do not have an IP address.

  • SnipeIT- Added the capability to specify a comma-separated list of Snipe-IT lables in a SnipeIT status label whitelist to only fetch devices whose label is any of the comma-separated list of Snipe-IT labels defined.

  • Splunk (Connection Configuration) - Added the capability to enter a list of macros which can be queried to create User objects that will be parsed into Axonius.

  • Symantec Endpoint Encryption) - Added the advanced capability to fetch only visible devices.

  • Tanium Discover added the capability to define an include list of CIDR blocks from which to fetch devices.

  • Tenable Nessus

    • Added the capability to fetch only the most recent scan.
    • Added the capability to select whether to exclude fetching devices without a MAC address and without a hostname.
  • Tenable.sc (SecurityCenter)

    • Added an API optional prefix to the adapter connection.

    • Added the possibility to use an HTTPS proxy for adapter connection.

    • Added the capability in the advanced settings to select whether all connections for this adapter will parse the device hostname from the Plugin data (text) of the Plugin ID 55472.

    • Added the capability in the advanced settings to select whether all connections for this adapter will parse the installed software from the Plugin data (text) of the Plugin ID 20811.

    • Added the capability in the advanced settings to select whether all connections for this adapter will fetch data from the Windows services plugin 44401 for each device.

  • Tenable.io

    • Added the capability to select whether to only fetch Tenable.io agent data on each device.
    • Added the capability to select whether not to fetch installed software.
  • Trend Micro Worry-Free - Added Login Domain, Console Domain and Tenant ID parameters to the adapter configuration dialog box.

  • Twistlock - added the capability to connect to Twistlock using an API token.

Updated Actions

The following Actions were enhanced:

  • Added Export CSV delimiter to use for multi-value fields field to all of the enforcement actions that use CSV. Use this parameter to set a delimiter to use for fields that can contain more than one value.

  • Add IPs to Rapid7 InsightVM Site - added the capability to select whether to send the hostname name to the Rapid7 InsightVM site.

  • Create Azure DevOps Task - added new Description, Area Path and Iteration Path fields to this action in order to define more information for the task.

  • Create Cherwell Asset and Update Cherwell Asset:

    • Added the capability to specify the number of machines that can be created in parallel.
    • Added the option to wait before sending authentication tokens.
  • Create Jira Issue - added the possibility to use a Jira server that is not that set in the Global Settings.

  • Create Jira Issue per Entity:

    • Added the capability to use the "Description" of the device in Axonius as the description of the ticket.
    • Added the possibility to use a Jira server that is not that set in the Global Settings.
  • Deploy Files and Run Windows Shell Command

    • Added the capability to set the maximum time (in seconds) for the created shell process to run before it is terminated.
    • Added the capability to set the maximum time for each WQL query to return a response.
  • Send email - added the capability to send an email even if the query does not return any assets.

  • Tag Tenable.io Assets - added the capability to add a Tenable.io category name.



Was this article helpful?