Axonius-4.6 On-Going Adapter and Enforcement Actions Updates

The following includes new Adapters and Enforcement Actions and ongoing updates to Adapters and Enforcement Actions as they are added to Axonius 4.6.

• View full information about new and updated features in Axonius 4.6
• View Axonius 4.6 Adapter and Enforcement Actions Enhancements in this release.

New Adapters

The following new adapters were added:

• Adobe Workfront

  • Adobe Workfront is work and project management software for enterprise resource management, cross-team collaboration, and strategic planning. (Fetches: Users)

• Aha!

  • Aha! is a platform enabling customers to build roadmaps, manage projects and development. (Fetches: Users)

• Aruba Mobility Master

  • Aruba Mobility Master enables deployment and management of up to 1,000 Mobility Controllers to scale large deployments. Integrate Aruba Mobility Master with the Axonius Cybersecurity Asset Management Platform. (Fetches: Devices)

• Aviatrix

  • The Aviatrix cloud network platform delivers a single platform for multi-cloud networking, security, and operational visibility. (Fetches: Devices)

• BeyondTrust Cloud Privilege Manager

  • BeyondTrust Cloud Privilege Manager delivers privilege management and application control, allowing organizations to eliminate admin rights across the entire business and enforce least privilege. (Fetches: Devices, Users)

• BlueCoat ProxySG

  • Edge Secure Web Gateway (BlueCoat ProxySG) from Broadcom provides URL filtering, central policy management, and security against malware attacks. (Fetches: Devices)

• BMC Atrium CMDB onPrem

  • BMC Atrium CMDB stores information about the configuration items (CIs) in your IT environment and the relationships between them. (Fetches: Devices)

• Buildkite

  • Buildkite is a continuous integration tool designed to improve software developer productivity. (Fetches: Devices, Users)

• Check Point Harmony Endpoint

  • Check Point Harmony Endpoint is a suite of endpoint protection products that include mobile, email, collaboration, and SASE security.

• CIS CAT Pro

  • CIS CAT Pro is a tool for automating CIS Benchmark testing and reporting. Integrate CIS CAT Pro with the Axonius Cybersecurity Asset Management Platform. (Fetches: Devices)

• Cisco Intersight

  • Cisco Intersight is a cloud operations platform that consists of optional, modular capabilities of infrastructure, workload optimization, and Kubernetes services. (Fetches: Devices)

• CloudFlare Zero Trust

  • Deliver Zero Trust Network Access on CloudFlare's Edge. (Fetches: Devices, Users)

• Cyberint Argos Edge

  • Cyberint Argos Edge is an attack surface management solution providing findings into the external attack surface, phishing threats, brand impersonation, and more. (Fetches: Devices)

• DefenseStorm

  • DefenseStorm provides CyberSecurity, CyberCompliance and CyberFraud solutions specifically built for banking. (Fetches: Devices)

• Digital Guardian DLP

  • Digital Guardian DLP is a SaaS-based platform that provides data-loss prevention across Windows, Mac, and Linux systems and applications. (Fetches: Devices)

• Eracent

  • Eracent provides IT asset management and software asset management solutions to help customers inventory assets and optimize licensing costs. (Fetches: Devices)

• ExtremeCloud IQ

  • ExtremeCloud IQ enables management of wireless access points, switches, and routers. (Fetches: Devices)

• GoDaddy

  • GoDaddy is a domain registrar that also offers additional services such as website building and management, website and email hosting, SSL security, and more. (Fetches: Devices)

• IBM Maximo

  • IBM Maximo Application Suite offers a single platform for asset management, monitoring, maintenance, computer vision, safety and reliability. (Fetches: Devices)

• iCIMS

  • iCIMS is an enterprise recruiting platform allowing employers to attract, engage, hire, and advance employees. (Fetches: Users)

• IT Glue

  • IT Glue is a SOC 2-compliant IT documentation management platform designed for managed service providers (MSPs). (Fetches: Users)

• JetPatch

  • JetPatch is a centralized patch management platform focusing on end-to-end enterprise patch management and vulnerability remediation. (Fetches: Devices)

• Lakeside Systrack

  • Lakeside SysTrack is a digital experience monitoring solution used for workplace analytics, IT asset optimization, and end-user troubleshooting. (Fetches: Devices)

• Litmos

  • Litmos is a learning management system that provides pre-built courses and eLearning solutions. (Fetches: Users)

• ManageEngine OpUtils

  • ManageEngine OpUtils is an IP address and switch port management software geared toward helping engineers efficiently monitor, diagnose, and troubleshoot IT resources. (Fetches: Devices)

• N-able

  • N-able provides integrated monitoring, management, security, and ticketing for managed service providers. (Fetches: Devices)

• New Relic

  • New Relic provides cloud-based software to monitor and track servers, instances and services. (Fetches: Devices)

• OnDMARC

  • OnDMARC provides automated management for DMARC, DKIM and SPF records. (Fetches: Devices)

• OpenVPN Cloud

  • OpenVPN Cloud is a VPN-as-a-Service solution that eliminates the need for VPN server installation. (Fetches: Devices, Users)

• Palo Alto Networks Prisma Cloud Workload Protection

  • Prisma Cloud Workload Protection (CWPP) provides protection across hosts, containers, and serverless deployments in any cloud, throughout the application lifecycle. (Fetches: Devices)

• PingID

  • Ping offers an identity management solution that includes multi-factor authentication, single sign-on, identity verification, and more. (Fetches: Users)

• PluralSight

  • PluralSight offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. (Fetches: Users)

• Portnox Clear

  • Portnox CLEAR provides automated security, visibility and control for every device accessing the network including Internet of Things (IoT), BYOD, mobile and unmanaged systems. (Fetches: Devices)

• Projector PSA

  • Projector PSA is a cloud-based Professional Services Automation (PSA) solution that helps services organizations optimize their delivery to provide better resource usage, stronger project profitability, and comprehensive measurement and management of their services business. (Fetches: Users)

• SailPoint IdentityIQ

  • SailPoint IdentityIQ is an identity and access management (IAM) solution that delivers automated access certifications, policy management, access request and provisioning, password management, and identity intelligence. (Fetches: Users)

• Secureworks Taegis VDR

  • Secureworks Taegis VDR is a cloud-based vulnerability management solution. (Fetches: Devices)

• Site24x7

  • Site24x7 offers a performance monitoring solution for websites, servers, cloud environments, networks, applications, and users. (Fetches: Devices)

• Snowflake Data Warehouse

  • Snowflake is a data warehouse built on top of the Amazon Web Services or Microsoft Azure cloud infrastructure, and allows storage and compute to scale independently. (Fetches: Devices)

• Snow Software Exceptions

  • Snow Software Exceptions adapter provides a way to track and manage software exceptions. (Fetches: Devices)

• SonicWall Network Security Manager

  • SonicWall Network Security Manager enables organizations to deploy and manage all firewalls, connected switches and access points in one interface. (Fetches: Devices)

• Syxsense

  • Syxsense is an endpoint security management tool that combines IT management, patch management, and vulnerability scanning. (Fetches: Devices)

• Tableau

  • Tableau is a data visualization and analysis tool used to create charts, graphs, maps, dashboards, and stories. (Fetches: Users)

• Tailscale

  • Tailscale is a minimal-configuration WireGuard-based VPN. (Fetches: Devices)

• TeamViewer

  • TeamViewer is remote access and remote control computer software, allowing maintenance of computers and other devices. (Fetches: Devices)

• Thycotic Privilege Manager

  • Thycotic Privilege Manager mitigates malware and security threats from exploiting applications by removing local administrative rights and enforcing least privilege on endpoints. (Fetches: Devices, Users)

• Varonis CSV

  • Varonis is a data security and analytics company providing data security, threat detection and response, and privacy protection. (Fetches: Devices)

• WhatsUp Gold

  • WhatsUp Gold is network monitoring software. (Fetches: Devices)

• Xshield

  • ColorTokens Xshield is a zero trust-based, cloud-delivered micro-segmentation solution that secures critical corporate assets, including applications and workloads. (Fetches: Devices)

• Zenoss

  • Zenoss enables monitoring of all physical and virtual networks as one part of a real-time model that includes both cloud and on-premises infrastructure. (Fetches: Devices)

• Zscaler Workload Segmentation

  • Zscaler Workload Segmentation is a SaaS solution for applying and managing network segmentation in cloud and on-prem environments. (Fetches: Devices)

Updated Adapters

The following adapters were enhanced:

• Amazon Web Services (AWS)

  • The documentation has been split into several pages to provide a better user experience.
  • Added the capability to fetch AWS ECR (Elastic Container Registry) public and private images as devices.
  • Added the capability to correlate ECR hosted images with existing AWS ECS/EKS assets.
  • Added the capability to fetch Amazon FSx metadata as devices.

• Aruba ClearPass - Added the capability to fetch network devices.

• Aruba Mobility Master - Added the option to exclude all Access Point devices from the fetch if a valid Access Point Type field value is present in the device.

• Assure1 - Added the capability to specify a different username instead of the reqular Assure1 username.

• Atlassian Jira Software - Added the capability to support older Jira versions.

• Azure Defender for IoT

  • Added the capability to exclude multiple device asset names from the fetch.
  • Added the capability to to fetch vulnerabilities and attach them to their matching assets.

• Ceridian Dayforce - Added the capability to set the aggregated Employee ID field with the Employee Number to correlate users.

• Check Point Infinity

  • Added the option to calculate Last Seen based on the Last Modified Date or Creation Date.
  • Added the capability to compare devices to the UID record in the Unused Objects database. Each matching record in the new Detected as Unused Object field in the Query Wizard is set to Yes.
  • Added the capability to exclude devices from the fetch that match the Unused Objects database

• Cisco - Added the capability to specify the number of seconds that SNMP requests should wait for a response before timing out.

• Cisco Prime - Added the capability to set the Last Seen value equal to the Fetch Time for reachable devices that have an invalid date-time value for associationTime.

• Cisco UCS Manager - Added the ability to fetch chassis equipment information as devices.

• Citrix Director - The API Access Token parameter was removed.

• CloudHealth

  • Added the capability to fetch offline assets.
  • Added the capability to fetch the Google project ID and name for GCP assets.

• The Code42 adapter has been renamed Code42 Incyder.

• Code42 Incyder - Added the advanced option to ignore users fetched from Code42 with the values “Deactivated” or “Blocked” in the status field.

• Cofense PhishMe - Added the capability to use the latest Date Finished value as the User Last Seen value.

• CrowdStrike Falcon Identity Protection (Preempt) - Added the capability to use a proxy for the adapter connections.

• CSCDomainManager - Aded the capability to fetch all devices from all zone names of a specified CSGGlobal account.

• CyberArk Endpoint Privilege Manager - Added the SAML authentication support to this adapter. The Application ID field was renamed Application ID or IDP Token to support this.

• Dell iDRAC - Added the capability to fetch from CIDR blocks, in addition to multiple hostnames or IP addresses.

• Digital Guardian DLP - Added the option to remove the device name prefix.

• DivvyCloud - Added the option to use an API key for authentication instead of using a username and password.

• Duo Beyond - Added the advanced option to exclude specific fields from being fetched.

• F5 BIG-IP iControl - Added the capability to fetch Device configuration information as devices.

• Forward Networks - Added the option to not display the asset name for devices.

• GitHub - Added the capability to fetch each user role in the organization and additional information about the organization.

• Google Cloud Platform (GCP) - Added the capability to filter by projects accessible by the active account.

• HP Integrated Lights-Out (iLO) - Added the capability to fetch from multiple hostnames, IP addresses or CIDR blocks.

• IBM BigFix Inventory - Added the capability to fetch installed software data for fetched devices.

• Infoblox DDI

  • Default API Version in dropdown is now Version 2.5.
  • Added the capability to fetch data from host records.
  • Added the capability to fetch data from fixed addresses.
  • Added the option to not parse Last Seen of A Records.

• Jamf Pro - Added the capability to fetch the names of buildings and departments of users when using the Jamf Pro API. Previously, IDs were being fetched instead of names.

• Kandji

  • Added the option to fetch additional device information about the device.
  • Added the option to fetch additional information about all installed apps on devices.

• Kaseya VSA - Added the option to avoid using paginated API requests.

• Kenna Security Platform - Added the option to exclude fetching devices without a MAC address and without a hostname.

• LimaCharlie - Added the capability to ignore devices that have not been seen in the last specified number of hours.

• McAfee ePolicy Orchestrator (ePO)

  • Added the capability to include devices with no Agent GUID, using their EPOLeafNode.NodeName as the ID.
  • Added the capability to enter a Query ID for Solidcore client data.
  • Added the capability to use a

• Microsoft Azure - Added the capability to use the Cloud ID as a manufacturer serial number.

• Microsoft Defender for Endpoint (Microsoft Defender ATP) - Added the option to access the Azure US government environment.

• Microsoft System Center Configuration Manager (SCCM) - The Check for installed software used in the past X number of days, where x is greater than 1 parameter in Advanced Settings was changed to Populate Installed Software: Last Used On for software used within the past number of days, greater than 0. Enter 0 to disable. This change gives you the option to not retrieve Installed Software: Last Used On information for a faster fetch.

• NetBox

  • Added the capability to fetch all known IPs with their hostnames.
  • Added the option to connect to NetBox API versions below V3.0

• Neustar UltraDNS - Added the capability to only add the IP for aggregation if the RDATA type is an A record.

• Ninja One (RMM) - Added the option to fetch software and patch information for devices.

• Nutanix AHV - Added the capability to select the API version that you want the Nutanix AHV adapter to access.

• Okta - Added the advanced capability to specify the number of results per page when Axonius makes the API call.

• openDCIM - Added the capability to populate the device Hostname with the value specified in the Label field in Advanced View.

• OpenLDAP

  • Added the capability to retrieve LDAP operational attributes, which are used internally by the server.
  • Added the capability to fetch devices.
  • Added the capability to fetch users.
  • Added the capability to filter by one or more object classes of users.
  • Added the capability to filter by one or more object classes of devices.
  • Added the option to populate the Mail field with the contents of the specific Owner Email field.

• Palo Alto Networks Prisma Cloud Workload Protection

  • Added the capability to not fetch information about Users.
  • Added the capability to not fetch information from security groups.
  • Added the option to fetch image information for containers.

• Pulse Connect Secure - Added the capability to add a prefix to the host URL.

• Qualys Cloud Platform - Added the capability to fetch VM scan information from the /api/2.0/fo/scan/ endpoint of the connected devices.

• Quest KACE Endpoint Systems Management Appliances - Added the capability to select which version of Quest KACE to use.

• Rapid7 InsightIDR - Added the ability to specify the number of entities returned per each GraphQL page request.

• Rapid7 InsightVM - Added the option to fetch the software for a device using the Get Asset Endpoint.

• Remediant SecureONE (JITA) - Added the capability to ignore devices that don't have Last Seen information.

• Salesforce - Added the capability to fetch only "standard" Salesforce users.

• The SaltStack Enterprise adapter was renamed vRealize Automation SaltStack Config.

• Secureworks Taegis XDR (Red Cloak TDR) - Added the capability to select the region of your domain.

• SecurityScorecard - Added the option to fetch IP addresses from a portfolio.

• ServiceNow

  • Added the capability to ignore retired devices that haven't been seen by the source in the last specified number of hours.
  • Added the capability to use the OAuth method of authentication instead of the username and password.
  • Added the capability to obtain subtable cache information (additional device/user information) during delta fetches.
  • Added the capability to exclude subtable cache information for specified tables.
  • Added the capability to fetch from the Technology GVP field in the u_ip_portfolio_mapping table.
  • Added the capability to fetch network interface information from the cmdb_ci_network_adapter table that have an IP address.

• SOTI MobiControl - Added the capability to fetch installed software for devices.

• Splunk - Added the advanced capability to select whether to limit the agent search timeframe for Splunk devices to the most recent snapshot.

• Tenable.sc (SecurityCenter)

  • Added the capability to select whether to fetch asset tags for devices.
  • Added the option to fetch additional device data in the background, such as fetching installed software per device and asset groups.
  • Added the capability to specify the number of hours to wait before running a background fetch.

• Thycotic Secret Server - Added the option to not fetch disabled users.

• Veeam

  • Added the capability to fetch managed servers.
  • Added the capability to fetch backup servers.

• Wazuh

  • Added the capability to fetch vulnerabilities data via Wazuh API v4. This capability wasn’t supported in older API versions.
  • Added the capability to use the cloud version of Wazuh.

• Webroot Endpoint Protection

  • The Site ID parameter is now optional. If omitted, the adapter will attempt to fetch all sites that the API client has permissions to retrieve.
  • When using the API, Axonius now requires the Console.GSM scope instead of the SkyStatus.Reports scope.

• Wiz - Added the capability to limit the fetch to a specific account Project ID.

• Workday

  • Added the capability to enter the preferred domain for work email addresses.
  • Added the capability to specify the number of users per a single request.

• Zscaler Web Security - Added the capability to fetch enrolled devices from the Zscaler Client Connector.

For more details:

• Explore the entire list of supported and integrated adapters.

• View Axonius 4.6 Adapter and Enforcement Actions Enhancements.

  
  

New Enforcement Actions

The following Enforcement Actions were added:

• Enrich Device Data with Greynoise IO
• Tag in SentinelOne

Updated Enforcement Actions

The following Enforcement Actions were updated:

• Add Assets to SCCM Collection - Added the capability to add assets to an SCCM collection.
• Create Azure DevOps Task - Added ability to create user stories, to add Tags, to be able to link a Parent worked item based on ID.