Axonius-4.7 Adapter and Enforcement Actions Updates

The following includes new Adapters and Enforcement Actions and ongoing updates to Adapters and Enforcement Actions as they are added to Axonius 4.7.

• View full information about new and updated features in Axonius 4.7

New Adapters

The following new adapters were added:

• A10
  • A10 provides load balancing for application deliverability, availability, and security. (Fetches: Devices)
• Acunetix
  • Acunetix is an automated web application security testing tool that checks for vulnerabilities like SQL Injection, Cross-site scripting, and other exploitable vulnerabilities. (Fetches: Devices, Users)
• Addigy
  • Addigy is a real-time Apple mobile device management platform (MDM) that is combined with live agent capabilities. (Fetches: Devices, Users)
• ADP Vantage HCM
  • ADP Vantage HCM is an all-in-one HR platform that includes payroll, benefits, and talent management administration. (Fetches: Users)
• Akamai App and API Security
  • Akamai App and API Security provides protection against web application attacks including SQL injections, cross-site scripting, and remote file inclusion. (Fetches: Devices)
• AlgoSec Firewall Analyzer
  • AlgoSec Firewall Analyzer (AFA) is a device analysis solution that builds a model of users' network security postures and Layer 3 connectivity. (Fetches: Devices)
• Apple Business Manager
  • Apple Business Manager supports deployment and remote MDM enrollment of corporate-owned Apple devices. (Fetches: Devices)
• AppNeta
  • AppNeta provides monitoring of network paths, flows, packets, and web applications. (Fetches: Devices)
• Auth0
  • Auth0 provides authentication and authorization solutions for web, mobile, and legacy applications. (Fetches: Users)
• Avi Networks
  • Avi Networks (now part of VMware) delivers multi-cloud application services used for load balancing, web application firewall and container ingress. (Fetches: Devices)
• Barracuda CloudGen Firewall
  • Barracuda CloudGen Firewall provides real-time network protection against a broad range of network threats, vulnerabilities, and exploits. (Fetches: Devices, Users)
• BloodHound
  • BloodHound is used to find relationships within an Active Directory (AD) domain to discover attack paths. (Fetches: Devices)
• Checkmk
  • Checkmk provides powerful monitoring of networks, servers, clouds, containers and applications. (Fetches: Devices, Users)
• Citrix DaaS
  • Citrix DaaS (device as a service) is a cloud-based solution that allows companies to securely deliver DaaS and VDI apps and desktops to any device, over any network. (Fetches: Devices)
• CrashPlan
  • CrashPlan provides backup and recovery, ransomware recovery, and device migration services for small businesses and enterprises. (Fetches: Devices, Users)
• Cyberhaven
  • Cyberhaven provides a data detection and response (DDR) solution, based on big data graph analytics of all user interactions with data over time and across the enterprise. (Fetches: Devices)
• ECI FMAudit
  • ECI FMAudit is print management software that allows users to remotely monitor print environments and maintain visibility into their operations. (Fetches: Devices)
• Equinix
  • Equinix provides digital infrastructure and data center services. (Fetches: Users)
• Exabeam Datalake
  • Exabeam Data Lake (previously known as Exabeam Log Manager) is a cloud-native data lake architecture to securely ingest, parse, and store security data at scale from any location, across multi-year data. (Fetches: Devices)
• FortiNAC
  • FortiNAC is a network access control solution that provides protection against IoT threats, control of third-party devices, and automated responses to networking events. (Fetches: Devices)
• Genian
  • Genian NAC identifies and monitors all hardware and software in the network environment to determine each device’s security state then establish the appropriate level of access to ensure compliance. (Fetches: Devices)
• GLPI
  • GLPI is an open-source service management software tool to manage Helpdesk and IT assets. (Fetches: Devices, Users)
• GRR Rapid Response
  • GRR Rapid Response is an incident response framework focused on remote live forensics delivered through a client-server architecture. (Fetches: Devices)
• Hawk
  • HAWK.io is a fully automated, multi-tenant, cloud-based, managed detection and response (MDR) service. (Fetches: Devices)
• Hoxhunt
  • Hoxhunt provides security awareness training for employees based on cognitive automation and risk calculations. (Fetches: Users)
• IBM Spectrum Protect Plus
  • IBM Spectrum Protect Plus provides recovery, replication, retention, and reuse for VMs, databases, applications, file systems, SaaS workloads, and containers in hybrid cloud environments. (Fetches: Devices)
• Invicti
  • Invicti (formerly Netsparker) is DAST and IAST vulnerability scanning for web applications. (Fetches: Devices)
• Island
  • Island is an enterprise browser, built on Chromium, with numerous built-in capabilities for protecting against user-, data-, and network-based threats. (Fetches: Devices, Users)
• JFrog
  • JFrog Artifactory is a DevOps solution for housing and managing artifacts, binaries, packages, files, containers, and components throughout the software development lifecycle. (Fetches: Devices, Users)
• Lansweeper Cloud
  • Lansweeper Cloud federates data from all local Lansweeper discovery instances into a single source of truth. (Fetches: Devices)
• ManageEngine Mobile Device Management
  • ManageEngine MDM is a mobile device management solution. (Fetches: Devices, Users)
• ManageEngine OpManager
  • ManageEngine OpManager enables monitoring of routers, switches, firewalls, servers and VMs for fault and performance. (Fetches: Devices)
• MarkMonitor
  • MarkMonitor provides domain management, security, and consulting. (Fetches: Devices)
• MoroCloud
  • Moro Cloud is a software-defined datacenter (SDDC) that offers integrated cloud components such as compute, network, storage, and security. (Fetches: Devices)
• N2WS
  • N2WS Backup & Recovery offers orchestrated recovery for core AWS and Azure services. (Fetches: Devices, Users)
• NetMotion Mobility
  • NetMotion Mobility is mobile VPN software that maximizes mobile field worker productivity by maintaining and securing their data connections as they move in and out of wireless coverage areas and roam between networks. (Fetches: Devices, Users)
• Oracle Fusion HCM Cloud
  • Oracle Cloud Human Capital Management is a cloud-based HCM software application suite for global HR, talent, and workforce management. (Fetches: Users)
• Outpost24
  • Outpost24 is a cyber risk management platform that helps organizations assess their attack surface and prioritize vulnerabilities. (Fetches: Devices)
• PeopleHR
  • PeopleHR is HR automation software (HRIS) for small and growing businesses. (Fetches: Users)
• Phosphorus
  • Phosphorus provides IoT discovery, password management, and patch management. (Fetches: Devices)
• Proofpoint Endpoint DLP
  • Proofpoint Endpoint DLP helps identify risk user behavior and protect sensitive data. (Fetches: Devices)
• Qush Reveal
  • Qush enables customers to discover risks, educate employees, enforce policies and prevent data loss. (Fetches: Devices)
• Radiflow
  • Radiflow provides visibility and anomaly detection for OT assets. (Fetches: Devices)
• Rippling
  • Rippling provides an HR software used to collect, maintain, and analyze data for hiring, onboarding employees, and managing company culture. (Fetches: Users)
• RSA SecurID
  • RSA SecurID provides identity and access management capabilities for on-premise deployments – in authentication, access management, and identity governance. (Fetches: Users)
• SailPoint IdentityNow
  • SailPoint IdentityNow is a SaaS identity and access management (IAM) solution. (Fetches: Users)
• SecureAuth
  • SecureAuth is an identity access management security solution that provides passwordless authentication, multi-factor authentication, SSO, and more. (Fetches: Users)
• Shadowserver
  • Shadowserver gathers and analyzes data on malicious internet activity including malware, botnets, DDoS, fraud, and more. (Fetches: Devices)
• SimpleMDM
  • SimpleMDM is a mobile device management solution for Apple devices. (Fetches: Devices)
• Syncro MSP
  • Syncro MSP is a combined remote monitoring and management (RMM) and professional services automation (PSA) platform that manages invoicing, credit card payments, help desk, customer relationship tracking, remote access and support, and more managed IT services. (Fetches: Devices)
• TalentLMS
  • TalentLMS is an all-in-one training platform. (Fetches: Users)
• Talon
  • Talon is a secure enterprise browser designed to defend against malware and prevent data loss for managed and unmanaged devices. (Fetches: Devices)
• Tessian
  • Tessian is a cloud email security platform that prevents email threats and protects against data loss. (Fetches: Devices)
• Trend Micro Conformity
  • Trend Micro Conformity provides real-time monitoring, automated security and compliance checks, and auto-remediation for cloud infrastructure. (Fetches: Devices)
• Tychon
  • TYCHON is an endpoint analytics and remediation platform that allows users to search, visualize, remediate, and monitor security compliance across assets. (Fetches: Devices)
• Unisys Stealth
  • Unisys Stealth transforms existing networks—both on-premises and in the cloud—into a Zero Trust Network through identity-based microsegmentation. (Fetches: Devices)
• Viptela (Cisco) SD-WAN
  • Cisco SD-WAN (previously Viptela) allows users to establish an SD-WAN overlay fabric that connects data centers, branches, campuses, and colocation facilities. (Fetches: Devices)
• VMware SD-WAN
  • VMware SD-WAN (formerly by VeloCloud) is a software-based network technology that virtualizes WAN connections. (Fetches: Devices)
• Whitehat
  • WhiteHat provides SAST, DAST, SCA, and IaC security solutions. (Fetches: Devices)
• Zscaler ZDX
  • Zscaler Digital Experience (ZDX) is a monitoring solution providing end-to-end visibility and troubleshooting of end-user performance issues for any user or application, regardless of location. (Fetches: Devices, Users)

Updated Adapters

The following adapters were enhanced:

• Aha - added the capablity to fetch only active users.

• Amazon Web Services (AWS)

  • Added the capability to fetch information about AWS Security Hub findings.
  • Added the capability to expand AWS IAM policies.
  • Added the capability to propagate all tags of each AWS account to its hosted devices.
  • Added the capability to select which AWS Inspector settings to fetch.
  • Added the capability to fetch AWS Secrets Manager objects.
  • Added the capability to fetch information about AppStream devices.
  • Added the capability to fetch information about AppStream users.
  • Added the capability to fetch Volume Snapshots when ec2:DescribeSnapshots and ec2:DescribeSnapshotAttribute permissions are added. The Fetch Volume Snapshots Advanced setting was removed.
  • Added the capability to enrich ELB information with EC2/ECS instances.
  • Added the capability to fetch Site-to-Site VPNs.
  • Added the capability to fetch transit gateways.

• Ansible Tower was renamed Red Hat Automation Controller.

• Automox

  • Added the capability to prioritize Last Disconnect Time when calculating Last Seen.
  • Added the capability to exclude Public IP addresses from appearing in the Network Interfaces of fetched devices.

• BambooHR - Added the option to exclude inactive users from the fetch.

• Checkpoint Infinity

  • Added the capability to select to create devices from Smart Management API logs.
  • Added the capability to enter the internal CIDR blocks that you want to fetch from
  • Added the capability to filter search results of logs by the specified timeframe
  • Added the capability to filter search results of logs by specific types of devices and products.

• Cisco

  • Added the capability to fetch all connected devices with data from SNMP.
  • Added the capability to add all connected devices from the port security entities as assets with the same fields as in Create assets from connected devices.

• Citrix ADC - Added the capability to fetch load balancer virtual server fields.

• Citrix Director - Added the capability to select the API version to fetch data.

• Claroty

  • Added the capability to exclude devices that are greater than the specified number of MAC addresses.
  • Added the capability to exclude devices that are greater than the specified number of IP addresses.

• Cloudflare DNS

  • Added the capability to fetch additional custom hostname information.
  • Added the option to fetch users in addtition to devices.

• CrowdStrike Falcon Identity Protection (Preempt) - Added the capability to only fetch users who aren't archived.

• CSV - Added the capability to parse CVE ID, CVE Description, CVE Severity, and CVE Status.

• Cybereason Deep Detect & Respond

  • Added the capability to fetch only the device with the latest last_seen value.
  • Added the capabilty to ignore agents with a 'Stale' status.

• Cynet 360 - Added the capability to use the Cloud version of Cynet 360.

• Dell OpenManage Enterprise - Added the capability to fetch inventories related to devices.

• DigiCert CertCentral - Added the capability to exclude specified certificate statuses from the fetch.

• DivvyCloud

  • Added the capability to fetch information from container objects.
  • Added the capability to not fetch machines that have a State field value of 'stopped'.

• Dropbox - Added support for App Key, App Secret, and Refresh Token authentication.

• Elasticsearch

  • Added the capability to fetch devices that do not have a hostname.
  • Added the capability to inspect all logs within the last specified hours and extract devices from all data received.

• F5 BIG-IP iControl - Added the capability to fetch policy information for each virtual server.

• FlexNet Manager Suite Cloud - Added the option to authenticate to the EU domain instead of the US domain to access the API.

• Forcepoint Web Security Endpoint was renamed Forcepoint ZTNA Private Access.

• Fortinac - Added the option to not fetch devices without hostnames of MAC addresses.

• Fortinet FortiGate

  • Added the capability to allow fetching IPSEC VPN devices.
  • Added the capability to fetch managed FortiGate devices.

• Forward Neworks - Added the capability to enter a list of comma-separated network names to include in the fetch.

• FreeIPA - Added the capability to enter the LDAP Search size limit

• Freshservice

  • Added the capability to fetch installed software.
  • Added the capability to fetch disabled users.
  • Added the capability to fetch devices.
  • Added the capability to fetch agents as users.
  • Added the capability to fetch requestors as users.
  • Added the capability to fetch assets as users.

• Google Workspace - added capability to select whether to exclucde disabled user accounts from the fetch.

• The HP Radia Client Automation Software (RCA) adapter was renamed Persistent Systems Radia Endpoint Manager.

• The IBM BigFix adapter was renamed BigFix.

• IGEL Universal Management Suite (UMS) - Added the capability to specify the port to connect.

• The Indegy Industrial Cybersecurity Suite adapter was renamed Tenable.OT.

• Ivanti Unified Endpoint Manager (Landesk) - Added the option to not fetch devices with an “Unassigned” GUID.

• The Kolide Fleet adapter was renamed FleetDM.

• Jira Service Desk was renamed Jira Service Management (as a result of changes in Atlassian)

• Jira Service Management

  • Added the capability to use the asset name for the hostname if the hostname doesn't exist.
  • API Key is used as a credential instead of a password.

• Kaseya VSA - Authentication method updated with the addition of an API key.

• Lansweeper Cloud - added the capability to add one or more comma-separated device types to ignore.

• LastPass - Added the option to only fetch accounts that are enabled.

• LogRhythm - Added the option to only fetch the most recent device logs to determine the 'Last Seen' value.

• ManageEngine Service Desk Plus (SDP)

  • ManageEngine Service Desk Plus (SDP) is an IT help desk and customer support system. (Fetches: Devices)

• Microsoft Azure

  • Added the option to swap the information in the Asset Name with the Hostname field.
  • Added the option to consider Azure managed disks as SSE encrypted.
  • Added the option to swap the information from os_profile > computer_name to instance_view > computer_name.

• Microsoft Azure Active Directory (Azure AD) and Microsoft Intune

  • Added the capability to retrieve the app roles that are assigned to a user.
  • Added the capability to enter a filter expression to exclude Azure AD devices from the fetch.
  • Added the capability to enter a filter expression to exclude Intune devices from the fetch.
  • Added the capability to fetch only users with an account enabled in the Azure AD.
  • Added the option to not fetch devices from Intune.

• Microsoft Defender for Endpoint (Microsoft Defender ATP)

  • Added the capability to fetch missing KBs (security updates).
  • Added the capability to fetch API DeviceAlertEvents.

• Microsoft System Center Configuration Manager (SCCM) - Added the capability to enter a custom Admin Data table name when the customer is missing Local Admin data in their SCCM device records.

• NetBox - Added the option to not include the domain within the hostname.

• Nutanix AHV - Added the option to fetch only devices that are powered on.

• Orca Cloud Visibility Platform

  • Added the capability to fetch container tags to the GUI.
  • Added the capability to filter endpoint values to fetch by the specified endpoints.
  • Added the capability to filter asset results to fetch by the specified inventory values.
  • Added the capability to fetch assets per specified current states.
  • Added the capability to to ignore devices not seen by the source in the last specified number of days.
  • The Axonius API Key parameter was renamed API Token.

• Okta - added the capability to Select whether to only fetch user records from Okta.

• Outpost24

  • Added the option to fetch network security devices.
  • Added the option to fetch network security vulnerabilities.
  • Added the option to fetch vulnerabilities.
  • Added the option to specify the number of seconds Axonius should wait for a response for each request sent.

• Palo Alto Networks Expanse Expander was renamed Palo Alto Networks Cortex Xpanse.

• PDQ Inventory - Added the capability to select specific tables to enrich the device's information.

• Qualys Cloud Platform

  • Added the capability to fetch compliance scans.
  • Added the capability to avoid fetching devices that have one or more of the following tracking methods: Cloud Agent, DNSNAME, INSTANCE_ID, IP, QAGENT
  • Added the option to not include Public IP addresses in Network Interface devices.
  • Added the capability to fetch parent tags.
  • Added the capability to exclude packages from software.

• Radiflow - Added the capability to fetch CVEs related to devices.

• Rapid7 InsightIDR - Added the capability to use the agent data last update time for the Last Seen parameter.

• Rapid7 Nexpose Warehouse

  • Added the capability to parse Rapid7 tags as fields.
  • Added the capability to include large raw fields in the fetch.

• Red Canary - Added the capability to fetch Users, in addition to Devices.

• The Rumble Network Discovery adapter was renamed runZero.

• runZero - Added the capability to add the ARP MAC from services to the aggregated MACs.

• SentinelOne

  • Added the capability to fetch CVE security vulnerability information for software.
  • Added the capability to fetch devices that are decommissioned.

• ServiceNow

  • Added the capability to fetch Portfolio fields in the u_ip_portfolio_mapping table.
  • Added the capability to avoid calculating 'Last Seen' for all devices.
  • Added the capability to create the table hierarchy of a device.
  • Added the capability to fetch information from the cmn_cost_center table.

• SolarWinds Network Performance Monitor - Added the capability to use the value in the DNS field for the FQDN field.

• Sunbird - Added the capability to select which tiClass types to fetch.

• Sweepatic - added the capability to select which types of devices to fetch.

• Tanium Asset - Added the capability to make ci_running_services visible and queryable.

• Tanium Interact - Added the capability to enter a comma separated lists of columns in Tanium, that contain CVE IDs that will be displayed in the Vulnerability Management module.

• Tenable.io

  • Added the capability to use an agent name as an asset name.
  • Added the capability to fetch vulnerabilities with severity equal or above a specified level.
  • Added the capability to exclude fetching devices without a MAC address and without a hostname.
  • Added the capability to fetch compliance scans

• Tenable.sc (SecurityCenter) - Added the capability to fetch a new request (scan details) for each repository.

• Twistlock - Added the capability to fetch Users, as well as Devices.

• Veeam - Added the capability to select whether to fetch job devices, customer data platform jobs and backup statuses.

• VMware Workspace ONE (AirWatch) - Added the capability to specify a rate limit for the number of requests per minute to be sent to VMware.

• Wiz

  • Added the option to authenticate the API token by Amazon Cognito instead of Auth0.
  • Added the option to use the legacy connection or the new Report API connection.
  • Added the capability to select which types of assets to fetch.
  • Added the capability to fetch issues and enrich devices with issue data.
  • Added the capability to fetch issues evidence data when using a non-legacy connection.
  • Added the capability to select which severity levels to filter issues that are fetched.
  • Added the capability to select which statuses to filter issues that are fetched.
  • Added the capability to select which severity levels of vulnerability findings to filter findings that are fetched.

• Workday

  • Added the capability to fetch the full management chain data.
  • Added the option to exclude a specified user email from the fetch.
  • Added the capability to include contingent workers in the fetch.

• Zoom - Added the option to authenticate by the Server-to-Server OAuth method.

For more details:

• Explore the entire list of supported and integrated adapters.

  
  

New Enforcement Actions

The following Enforcement Actions were added:

• Adobe Workfront - Create Issue - Adobe Workfront issues can be created automatically by this Enforcement Action.
• Automox - Run Worklet per Asset - runs a worklet in Automox for each asset that matches the parameters of the saved query supplied as a trigger (or from the assets selected in the asset table).
  Custom Enrichment - Enrich Assets with CSV File - enriches assets with information from a CSV file using the Custom Enrichment feature.
• Email - Send per Asset - action sends an email to each email address in the list of recipients for each asset that matches the parameters of the selected query.
• GSuite - Add Users - adds the users retrieved from the saved query supplied as a trigger (or users that have been selected in the asset table) as GSuite users.
• GSuite - Add Users to Group - adds the users retrieved from the saved query supplied as a trigger (or users that have been selected in the asset table) to a GSuite group.
• GSuite - Remove Users - removes each GSuite user retrieved from the saved query supplied as a trigger (or users selected in the asset table).
• Microsoft Active Directory (AD) - Remove Assets from AD - removes the assets (users or devices) retrieved from the saved query supplied as a trigger (or devices that were selected in the asset table) from Active Directory.
• Microsoft Azure (Azure AD) - Delete Assets - deletes an asset record from an Azure AD for each asset that matches the parameters of the saved query supplied as a trigger (or devices that have been selected in the asset table).
• Microsoft Azure (Azure AD) - Enable or Disable Assets -enables each of the assets that are the results of the query, which are Microsoft Azure (Azure AD) blocked/disabled managed devices or users or assets selected on the relevant asset page or disables and blocks each of the assets that are the results of the query, which are Microsoft Azure (Azure AD) managed devices or users or assets selected on the relevant asset page.
• Qualys Cloud Platform - Update Asset Names to Host Names - Updates the Asset Name to be the same as the Host Name for all Qualys devices which are the result of the query run, or for the assets selected.
• TOPdesk Enterprise Service Management - Create Asset - creates an asset in TOPdesk Enterprise for each asset that matches the parameters of the selected query or assets selected in one of the asset tables.
• SolarWinds Service Desk - Create Incident - creates an incident in SolarWinds for all the assets retrieved from the saved query supplied as a trigger (or for the assets selected in the asset table).

Updated Enforcement Actions

Enforcement action names have been updated for clarity and consistency. There may be slight differences between Enforcement names in the documentation, and those in the system.

The following Enforcement Actions were updated:

• Adobe Workfront - Create Issue - Option to configure Team ID added.
• Create Jira Service Desk Incident per Asset -
  • An option was added to have the device identifier added to the incident description.
  • Values of Adapter fields can be mapped to placeholder names and included in the incident description.
• Isolate/Unisolate in Microsoft Defender ATP - Updated the required permissions.
• Jira Service Desk - Create Insight Asset per Asset Enforcement Action was renamed Jira Service Management - Create Insight Asset per Asset
• Jira Service Desk - Update Insight Asset - was renamed Jira Service Management - Update Insight Asset
• Jira Service Desk - Create Issue per Asset - was renamed Jira Service Management - Create Issue per Asset.
• Jira Service Management - Create Issue per Asset - API Key is used instead of the password.
• Microsoft Active Directory (AD) - Enable or Disable Assets
  • Changed the name from Enable Users or Devices in Microsoft Active Directory (AD) Services.
  • An option was added to add credentials.
• Microsoft Azure - Send Assets to Microsoft Power BI - Added support multi factor authentication.
• Microsoft System Center Configuration Manager (SCCM) - Add Assets to Collection - Now renamed Microsoft System Center Configuration Manager (SCCM) - Add or Remove Assets to Collection. This action also removes assets from an SCCM Collection.
• Send Email to Assets
  • The Send Email to Assets action can now also send emails to the Latest Used User Email for each device.
  • It is possible to limit the number of recipients to whom emails are sent, and further customize the recipients.
• ServiceNow - Create Assets, ServiceNow - Update Assets - added capability to display the total RAM in Megabytes instead of in Gigabytes.
• SQL - Send Assets to Table -
  • An option was added to send data to a PostgreSQL table.
• Tenable.io - Add or Remove Tags to/from Assets -
  • Indicated that the Category Name field is required when adding tags.