Axonius 4.6 Adapter and Enforcement Action Updates
  • 16 Aug 2022
  • 18 Minutes to read
  • Dark
    Light
  • PDF

Axonius 4.6 Adapter and Enforcement Action Updates

  • Dark
    Light
  • PDF

Article Summary

The following presents recent updates to Adapters and Enforcement Actions.
View full information about new and updated features in Axonius 4.6
Axonius adds and updates adapters and enforcement actions all the time. Follow updates to adapters and enforcement actions in Axonius 4.6.

Updated Terminology

In any adapters or actions where the terms blacklist or whitelist were used in Axonius configuration, they were replaced with Include list and Exclude list.

Updated Adapters

The following adapters were enhanced:

  • Absolute

    • Added the capability to specify the maximum number of devices to fetch per paginated API request.
    • Added the capability to specify the maximum number of applications to fetch per paginated API request.
  • Adaptive Shield

    • Added the capability to specify the number of days to fetch data about events.
    • Added the capability to to fetch users managed by the system from Users Inventory, in addition to system users and user activities.
  • Alert Logic MDR

    • Added the capability to designate the account as a Parent account in which the devices of each child account belonging to the Parent account are fetched.
  • Aruba AirWave

    • Added the capability to not fetch any devices that only have a MAC address, but are missing the asset name and IP address.
    • Added the capability to fetch by view name.
    • Added the capability to exclude devices without an IP address from the fetch.
  • Aruba Central

    • Added support for additional regions, and for custom regions.
    • Added option to select multiple device types to fetch, including wired and wireless clients.
  • Amazon Web Services (AWS)

    • Added the capability to select whether to fetch security findings from the AWS Inspector service. When enabled it gets security findings about ec2 instances directly from AWS Inspector.
    • You can now fetch AWS services accessed by IAM Roles as well as by IAM users.
    • Added the capability to fetch IAM groups and create a user for each IAM group fetched.
    • Added the capability to fetch policies and create a user for each policy fetched.
    • Added the capability to specify multiple regions to connect in the Region Names parameter.
    • Added the capability to fetch and process data-intensive parts in parallel, using distribution. This option accelerates the processing stages during the fetch.
    • Added the option to specify the number of workers (independent processes that run in parallel) that process data.
    • Added the capability to select whether the public DNS, private DNS, or both use the Axonius host name.
    • Added the capability to specify the number of distributed workers (processes) to fetch data during the users fetch phase.
    • Added the capability to add information about Amazon GuardDuty findings to assets.
    • Added the capability to fetch information obtained by Amazon Macie about S3 buckets.
  • Atlassian Jira Service Desk - added support for Cloud-based installations of Jira Service Desk with Jira Insight.

  • Azure AD

    • Added possibility to not populate the "Cloud Provider Account Name" aggregated field for devices for Azure AD.
    • Added capability to select to fetch data from the users authentication_methods endpoint.
  • BeyondTrust Privilege Management for Windows - added option to fetch only the latest record for each host.

  • BeyondTrust Remote Support (Bomgar) - added the capability to specify the maximum days of history to fetch clients.

  • Bitdefender GravityZone Business Security - added the option to exclude devices defined as Organizational Units.

  • BlackBerry Unified Endpoint Management (UEM)

    • Added the capability to fetch external data for each device and simple user information for each device.
    • Added the capability to fetch user IT policies for each device.
  • BMC Atrium CMDB

    • Added the capability for the API Source to use the AR System server (arsys)
    • Added an allow list to limit fields fetched.
  • Centrify Identity Services - This adapter now fetches devices in addition to users.

  • Cherwell IT Service Management (SQL) - added the capability to fetch devices by specified statuses.

  • Cisco Identity Services Engine (ISE) - added support for Cisco ISE versions 2.4 and 2.7

  • Cisco Prime - added capability to fetch data about access point devices and create new devices for each access point.

  • Cisco Unified Communications Manager - added support of API version 10.5

  • Citrix ShareFile - added the capability to fetch folder data.

  • CloudHealth - added the capability to consider AWS Account tags as adapter tags.

  • Code42 - added the capability to authenticate via client credentials.

  • CrowdStrike Falcon

    • Added the capability to fetch users.
    • Added the capability to specify the maximum number of results fetched per page.
    • Added the option to ignore devices that have not been seen by an existing adapter connection in the last specified number of hours.
    • Added the option to avoid returning duplicate AWS machines when using the scroll API.
    • Added the capability to specify a comma-separated list of product_type_desc parameters in Crowdstrike to fetch.
  • CSV - added the capability to set the time zone of date fields fetched with this adapter.

  • CylancePROTECT - added the capability to exclude specific zones from the fetch.

  • Darktrace

    • Added the capability to offset the timestamp of the Axonius client in order to synchronize with the timestamp value of the server.
    • Added the option to exclude fetching devices without a hostname.
    • Added the option to only fetch devices with a MAC address and hostname.
  • Dell iDRAC - added the capability to specify multiple hostnames/IP addresses of the Dell iDRAC server.

  • Dragos Platform - added the capability to only fetch devices where the "internal" flag is set to 'True', and therefore not fetch devices with an external IP address.

  • Druva Cloud Platform - added the capability to fetch the last successful backup for each device.

  • Duo Beyond - added the option to fetch admin user details.

  • Dynatrace - added support for Dynatrace API version 2.

  • F5 BIG-IQ Centralized Management - added the option to fetch pool members of Virtual IPs.

  • FireMon Security Manager - added the option to fetch NAT information for the devices.

  • Flexera IT Asset Management

    • Added the capability to specify an Inventory Database to fetch additional information.
    • Added the option to avoid fetching devices with the same host name multiple times.
    • Added the option for the Status field to fetch the value associated with the AssetStatusID in the Asset table.
  • FlexNet Manager Suite Cloud

    • Added the capability to specify which device types to include in the fetch.
    • Added the capability to specify which types of inventory status to exclude from the fetch.
    • Added the capability to specify the maximum number of results fetched per page.
    • Added the capability to fetch software assets.
  • FortiClient EMS - added the capability to fetch software information together with the devices.

  • Forward Networks - added the option to use the Network Query Engine endpoint to fetch additional devices.

  • GitHub - added the option to authenticate using “github app”.

  • GreyNoise - added a new parameter to limit fetch to specified subnets.

  • Infoblox DDI

    • Added the option to fetch multiple types of devices, including wired and wireless clients.
    • Added the option to fetch devices with one or more of the following lease states: 'ABANDONED', ‘BACKUP', 'EXPIRED', 'FREE', 'RELEASED'.
    • Added the capability to fetch chassis serial numbers when the selected API version is 2.10.5 or greater.
  • Infoblox NetMRI - added the option to fetch the discovery status of each device.

  • Ivanti Security Controls - As a result of server side (third party) issues previously some fetches failed without logging correctly. This is now fixed. If the fetch is erroneous there is a clear error log and clear fetch machines to clear the error.

  • Jamf Pro - added the option to exclude one or more of the following items from the fetch: accounts, attachments, fonts, local user, plugins, services.

  • Lacework - added the option to exclude devices with a machine status of Offline.

  • LastPass - enabled API integration for LastPass Business accounts.

  • LogRhythm - added the option to fetch data from the 'agent' endpoint.

  • Lookout Mobile Endpoint Security

    • Added the Application Token parameter, which is now required for fetching data.
    • Added the capability to specify the threat data time limit, in hours.
  • ManageEngine Desktop Central and Patch Manager - added the option to set a Domain Authorization Token.

  • McAfee ePolicy Orchestrator (ePO)

    • Added the option to set Non-Compliant Devices Query ID.
    • Added the option to specify the Events Management Query ID to fetch threat events.
    • Added the option to specify the Benchmark Query ID to query audit logs.
    • Added the option to specify the OAM Query ID to fetch additional information.
  • Medigate - added the capability to exclude CIDR ranges of assets from the fetch.

  • Microsoft Active Directory (AD)

    • Added the capability to select whether to fetch and calculate a password expiration date for systems that manage passwords using Specops.
    • Added the option to consider group Managed Service Accounts as users instead of devices.
  • Microsoft Azure - Documentation for Microsoft Azure, Microsoft Azure Active Directory (Azure AD), and Microsoft Intune was previously combined into a single topic. Documentation for Microsoft Azure is now separated from the documentation of Microsoft Azure Active Directory (Azure AD) and Microsoft Intune.

  • Microsoft Azure

    • Added the option to fetch security assessments (such as Qualys vulnerabilities) for devices.
    • Added the capability to fetch security alerts from Azure Security Center service as devices.
    • Added the capability to use Cloud ID for tracking support data as a manufacturer serial number.
    • Added the capability to fetch data from multiple Subscription ID access control roles in IAM.
  • Microsoft Azure Active Directory (Azure AD) and Microsoft Intune - added the option to exclude disabled devices from the fetch.

  • Microsoft Defender for Endpoint (Microsoft Defender ATP) - added the option to ignore devices that have an inactive status.

  • Microsoft System Center Configuration Manager (SCCM)

    • Added the option to only include devices when the ClientInstalled option in SCCM is 'True'.
    • Added the capability to limit fetching by the specified number of days that the installed software was in use.
    • Added the capability to specify the number of minutes that elapse before the MSSQL connection times out.
  • MobileIron EMM

    • Added the option to exclude devices by registration states.
    • Added the option to select whether to use the default URL base path.
  • NetApp - Added the capability to fetch information about the physical storage disks.

  • NetBox

    • Added the capability to fetch by specified roles.
    • Added the capability to include virtual machines in the fetch.
  • NetBrain Integrated Edition

    • Added the capability to specify the number of parallel processes to fetch devices from NetBrain.
    • Added the capability to specify the number of requests per instance to send at once to OneIP.
  • Netskope - added the capability to fetch alerts created in a defined number of days.

  • Nexthink

    • Added the capability to select whether groups of local users, domain users, system users, and unknown users are excluded from a fetch.
    • Added the option to include installed software in the fetch.
  • Nozomi Guardian and CMC - added the option to not populate hostnames and asset names with MAC addresses.

  • OneLogin - added the option to to fetch users who are enrolled in a multi-factor authentication policy.

  • openDCIM - added the option to populate the device Hostname with the value specified in the Label field in Advanced View.

  • OpenLdap

    • Added the capability to fetch by multiple object classes of users.
    • Added the capability to fetch by multiple object classes of devices.
  • Palo Alto Networks Cortex XDR

    • Added the option to not fetch devices that have the 'Disconnected' status.
    • Added the capability to fetch information about installed software
  • Palo Alto Networks Expanse Expander - added the Client ID and Client Secret fields, which can be used instead of the API key.

  • Palo Alto Networks Prisma Cloud - added the option to fetch only active users.

  • Palo Alto Traps Endpoint Security Manager - added the option to not fetch devices where the value in the Is On field is 'No'.

  • PDQ Inventory - added the option to avoid fetching devices that lack MAC address information.

  • Preempt - added the capability to connect to Preempt using CrowdStrike credentials. The name of this adapter was updated to CrowdStrike Falcon Identity Protection.

  • Proofpoint's ObserveIT Insider Threat Management Platform - added the capability to use the alias field as hostname if the macOS is OS X.

  • Puppet - added the capability to exclude any loopback addresses from fetching devices.

  • Qualys Cloud Platform

    • Added the capability to fetch certificates as devices.

    • Added the capability to specify the maximum number of days to fetch from VM detection only assets that have a Fixed vulnerability status.

    • Inventory API is supported. When using Inventory API the following advanced settings also fetch devices:

      • Fetch VM detections
      • Fetch policy compliance
      • Fetch policy posture information
      • Fetch policy posture actual settings
      • Add STIG rules to policy posture
      • Fetch affect exploitable config from VM detection
      • Fetch affect running service from VM detection
      • Fetch affect running kernel from VM detection.
  • Quest KACE Endpoint Systems Management Appliances - added the capability to fetch the drive encryption status for all devices.

  • Randori

    • Added the capability to fetch target information, such as Perspective Name data.
    • Added the capability to fetch implant information from the device.
  • Rapid7 InsightIDR - added the capability to exclude assets with an Agent Status of "Stale" or "Offline" into Axonius.

  • Rapid7 InsightVM

    • Added the capability to exclude devices in which Last Seen or hostname information is unavailable.
    • Added the capability to exclude devices without MAC address or hostname information from the fetch.
  • Rapid7 Nexpose and InsightVM - Added the capability to calculate the last seen field using agent and scan data.

    • Red Hat Satellite
      • Added the capability to fetch the subscriptions fields from Red Hat Satellite.
      • Added the capability to fetch the host collections fields from Red Hat Satellite.
  • RSA Archer

    • Added the capability to specify the directory path used to access the API.
    • Added the capability to enter a custom name of the URL endpoint for devices.
  • Rumble Network Discovery - Added the option to not fetch devices that aren't alive.

  • The name of the SaltStack Enterprise adapter was changed to vRealize Automation SaltStack Config.

  • Secureworks Taegis XDR (Red Cloak TDR) - added the capability to only add IP addresses if they were last seen in the last 24 hours. If there are no IP addresses seen in the last 24 hours, the single latest IP will be added, even if the last seen is older than 24 hours.

  • ServiceNow

    • Added the capability to set a specific date format for timestamps in ServiceNow in cases where the identification of the date format is ambiguous.
    • Added the capability for the Device Manufacturer Serial to parse data even if it contains exclusion keywords.
    • Added the capability to exclude metadata from ServiceNow serial numbers.
    • Added the capability to fetch information from the 'cmdb_ci_appl' table about applications related to a device.
    • Added the capability to fetch information from the 'service_offering' table.
    • Removed the Do not ORDERBY the results from the following tables option from Advanced Settings, as this option is now redundant.
    • Added the option to fetch Application Services extended information from the cmdb_ci_service_auto table and additional fields from the cmdb_ci_service_discovered table not fetched by the Fetch upstream related Application Services information parameter.
    • Added the capability to fetch additional PC attribute data.
  • SolarWinds Network Performance Monitor - added the option to only fetch IPAM devices with a "Used" status.

  • Symantec DLP - added the option to exclude deleted devices from the fetch.

  • Symantec Endpoint Management Suite (Altiris) - added the capability for the BIOS Serial to also populate the Device Manufacturer Serial field.

  • SQL Server

    • Added the capability to not fetch entities that were not seen for a set number of hours.
    • Added the capability to delete entities that were not seen for a set number of hours.
    • Added the capability to use a custom character set (encoding) for connections to MySQL databases.
    • Added the capability to set a custom timeout for MSSQL connections.
    • Added the option to duplicate each date field appearing in the MSSQL database as a text value. The name of the new field is appended with the ‘_raw’ suffix.
  • Tenable.io

    • Added the capability to fetch vulnerabilities in the background and not as part of a fetch.
    • Added the capability to omit dashes from values retrieved from the Agent UUID field of Tenable.io agent devices.
    • Added the option to not include fully qualified domain names (FQDNs) as asset names.
    • Added the option to fetch scan exclusion status for Tenable.io devices.
  • Tenable.sc (SecurityCenter)

    • Added the capability to fetch mitigated vulnerabilities appearing in the Tenable.sc Mitigated table.
    • Added the capability to fetch all plugin IDs equal or greater than 1 million.
    • Added the capability to parse certificate information from plugin ID number 10863.
    • Added the capability to enable Axonius to send requests using client side certificates to allow Mutual TLS configuration.
    • Added the option to only fetch devices with either a MAC address or hostname.
  • Trend Micro Deep Security

    • Added the option to to avoid returning duplicate hostname fetches.
    • Added the option to not fetch devices when the Status field is set to 'inactive'.
  • Ubiquiti Networks UniFi Controller - added the capability to select the Ubiquiti Networks UniFi Controller version.

  • UKG Pro (Ultimate Software UltiPro) - added the capability to exclude one or more fields from the Basic and Advanced views.

  • Vectra AI - added the capability to fetch extra data about each host/device, including an asset with a low risk status.

  • VMware Carbon Black Cloud (Carbon Black CB Defense

    • Added the capability to specify the number of entities returned per page request.
    • Added the capability to fetch vulnerabilities on devices.
    • Added the capability to only include active devices in the fetch.
  • VMware ESXi and vSphere - added the capability to fill the 'device_manufacturer_serial' field with the value of the UUID.

  • VMware vRealize Operations (vROps)

    • Added the capability to specify the name of the authentication parameter that is sent to the API.
    • Added the option to specify the type of serial number to fetch.
  • VMware Workspace ONE (AirWatch) - added option to include only installed software in the fetch.

  • Windows DHCP Server

    • Added the capability to ignore devices from specified subnets or address pools.
    • Added option to specify encoding for legacy PowerShell versions.
  • Windows Server Update Services (WSUS)

    • Added the capability to specify which port to connect.
    • Added the capability to select whether to use SSL for the PowerShell connection to the WSUS server.
    • Added the capability to specify a custom share and directory instead of requiring full local administrator permissions to fetch data.
  • Wiz

    • Added the capability to not fetch devices with an 'off' power state.
    • Added the capability to fetch vulnerability information.
    • Added the capability to connect the adapter to a proxy instead of directly connecting it to the domain.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Updated Enforcement Actions

The following Enforcement Actions were updated:



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.