Axonius-4.8 Ongoing Adapter and Enforcement Actions Updates

The following includes new Adapters and Enforcement Actions and ongoing updates to Adapters and Enforcement Actions as they are added to Axonius 4.8

• View full information about new and updated features in Axonius 4.8

New Adapters

The following new adapters were added:

• Adobe Acrobat Sign

  • Adobe Acrobat Sign allows users to create, edit, collaborate, e-sign, and share PDFs, on any device. (Fetches: Users)

• Airtable Enterprise

  • Airtable Enterprise is a spreadsheet-database hybrid serving as a low-code platform for building collaborative apps. (Fetches: Users)

• AssetSonar

  • AssetSonar maintains, tracks, and manages a single source of truth for the IT asset landscape. (Fetches: Devices)

• BOSSDesk

  • BOSSDesk is an IT Service Management and Help Desk Software for both On-Premise and in the Cloud. (Fetches: Devices)

• Bricata

  • Bricata is a network detection and response platform. (Fetches: Devices)

• Brivo

  • Brivo is a cloud-based access control solution that helps protect building, employees, visitors, customers, residents and data. (Fetches: Devices)

• CheckPoint Harmony Mobile

  • CheckPoint Harmony Mobile uses file protection capabilities to block the download of malicious files to mobile devices and prevent file-based cyberattacks on organizations. (Fetches: Devices)

• Cisco Industrial Network Director (IND)

  • Cisco Industrial Network Director (IND) enables deployment and monitoring of Cisco Industrial Ethernet switches in industrial networks. (Fetches: Devices and Users)

• CloudCheckr

  • CloudCheckr is multi-cloud optimization and resource management software that includes cost management, security and compliance management, and resource utilization. (Fetches: Devices)

• Collibra

  • Collibra is a data catalog platform and tool that helps organizations better understand and manage their data assets. (Fetches: Devices and Users)

• CrowdStrike Falcon Discover

  • CrowdStrike Falcon Discover is a network security monitoring tool that provides real-time visibility into devices, users, and applications. (Fetches: Devices)

• CrowdStrike Kubernetes Protection

  • CrowdStrike Kubernetes Protection provides cloud-native application security, including breach prevention, workload protection, and cloud security posture management. (Fetches: Devices)

• CyberArk Idaptive

  • Idaptive Identity Management Platform is an identity and access management solution that unifies identity and access management services. (Fetches: Devices, Users)

• ConnectSecure

  • ConnectSecure provides managed service providers (MSPs) a vulnerability scanning and compliance management tool for their SMB clients. (Fetches: Devices)

• Databricks

  • Databricks combines data warehouses & data lakes into a lakehouse architecture that handles data, analytics, and AI use cases. (Fetches: Devices)

• DOJ CSAM

  • DOJ’s proprietary Cyber Security Assessment and Management (CSAM) automates assessments and authorizations to provide a comprehensive assessment and continuous monitoring service. (Fetches: Devices)

• Dynamics CMDB (HelpDesk)

  • HelpDesk integrated with Microsoft Dynamics provides a complete ticketing solution. (Fetches: Devices)

• Easyvista Service Manager

  • EasyVista is an ITSM (IT Service Management) solution including change, release, incident, problem, and knowledge management. (Fetches: Devices)

• EMASS

  • eMASS is a federal system designed to help maintain information assurance situational awareness, manage risk, and comply with federal regulations.
    (Fetches: Devices, Users)

• ExtraHop Reveal(x) 360

  • ExtraHop Reveal(x) 360 is a SaaS-based network detection and response (NDR) platform that provides unified security across on-premises and cloud environments. (Fetches: Devices)

• FortifyData

  • FortifyData is a threat exposure management platform for identifying, monitoring, and managing cyber risk. (Fetches: Devices)

• GlobalSign Atlas

  • GlobalSign Atlas offers cloud certificate management and automation. (Fetches: Devices)

• GluWare

  • GluWare provides a Multi-vendor, multi-platform, and multi-domain network automation tool. (Fetches: Devices)

• Gytpol

  • GYTPOL is a security configuration management solution providing both visibility of devices and automation of the hardening process. (Fetches: Devices)

• HAProxy

  • HAProxy is free and open source software that provides a high availability load balancer and reverse proxy for TCP and HTTP-based applications. (Fetches: Devices and Users)

• Hitachi Operations Center

  • Hitachi Ops Center provides data infrastructure management including automation, analytics, and protection. (Fetches: Devices)

• HPE (SAN)

  • HPE storage area networking (SAN) provides storage solutions for performance, scalability, and manageability. (Fetches: Devices)

• Huntress

  • Huntress is a managed endpoint detection and response (EDR) solution. (Fetches: Devices)

• IBM VPC

  • IBM Cloud Virtual Private Cloud (VPC) is a secure software-defined network (SDN) on which customers can build isolated private clouds. (Fetches: Devices)

• IFS Assys

  • IFS Assys is IT service management (ITSM) software that helps automate business processes. (Fetches: Devices)

• Imperva WAF

  • Imperva Web Application Firewall (WAF) allows customers to monitor, filter, and block incoming and outgoing data packets from a web application or website. (Fetches: Devices)

• Imperva WAF Cloud

  • Imperva Web Application Firewall (WAF) allows customers to monitor, filter, and block incoming and outgoing data packets from a web application or website. (Fetches: Devices)

• Intruder.io

  • Intruder is an online vulnerability scanner that enables the identification of misconfigurations, missing patches, encryption weaknesses, application bugs, and more. (Fetches: Devices)

• Keyfactor

• Keyfactor provides PKI as-a-Service enabling protection of every device, workload, and digital transaction with a unique and trusted identity. (Fetches: Devices)

• ManageEngine Firewall Analyzer

  • ManageEngine Firewall Analyzer is an agentless log analytics and configuration management software that analyzes logs from firewalls and generates real-time alert notifications and security and bandwidth reports. (Fetches: Devices)

• Mandiant

  • Mandiant Advantage is a multi-vendor XDR platform that delivers Mandiant’s transformative expertise and frontline intelligence to security teams of all sizes. (Fetches: Devices)

• Micro Focus Universal CMDB

  • Micro Focus Universal Discovery and Universal CMDB discovers, maps, and manages IT configurations. (Fetches: Devices)

• Microsoft Dynamics 365

  • Microsoft Dynamics 365 Finance is a Microsoft enterprise resource planning system for medium to large organizations. (Fetches: Devices, Users)

• Mimecast

  • Mimecast provides email security, data management and compliance, and security awareness and user behavior solutions. (Fetches: Users)

• Mutiny

  • Mutiny is a network monitoring and alerting appliance. (Fetches: Devices)

• Namecheap

  • Namecheap offers free public DNS to help users get connected quickly and securely. (Fetches: Devices)

• Netwrix Auditor

  • Netwrix Auditor is IT auditing software for detecting security threats and validating compliance. (Fetches: Users)

• NodeZero

  • NodeZero by Horizon3 provides continuous autonomous penetration testing via SaaS. (Fetches: Devices)

• N-Sight RMM

  • N-Sight RMM provides remote monitoring and access, ticketing, and management for Windows, Linux, and Mac devices. (Fetches: Devices)

• Nutanix Prism Central

  • Nutanix delivers hybrid and multicloud management, unified storage, database services, and desktop services to support applications and workloads. (Fetches: Devices, Users)

• Onspring Compass

  • Onspring is cloud-based automated GRC software for business process management. (Fetches: Devices)

• Oracle Enterprise Manager

  • Oracle Enterprise Manager is an on-premises management platform that provides a single dashboard to manage all Oracle deployments. (Fetches: Devices)

• Oracle Ksplice

  • Oracle Ksplice provides fast secure kernel and userspace patching without the need for reboots. (Fetches: Devices)

• PagerDuty

  • PagerDuty is a digital operations platform for system administrators and support teams to manage incident response. (Fetches: Users)

• Palo Alto Networks Prisma Access

  • Prisma Access SASE from Palo Alto Networks converges network security, SD-WAN, and autonomous digital experience management in the cloud to provide a secure access service edge. (Fetches: Devices, Users)

• Paycor

  • Paycor is an automated human capital management (HCM) platform for managing HR and payroll needs in one place. (Fetches: Users)

• Paylocity

  • Paylocity is a cloud-based payroll and human capital management software. (Fetches: Users)

• Pingboard

  • Pingboard creates real-time organizational charts by automatically synchronizing organizational charts with HRMS software. (Fetches: Users)

• Polymer DLP

  • Polymer is a DLP solution that automates identification, monitoring, and remediation for sensitive data in cloud environments, and helps companies stay compliant with HIPAA, PCI. and GDPR.

• Proofpoint Security Awareness Training

  • Proofpoint Security Awareness Training provides interactive and customizable security awareness training. (Fetches: Users)

• Rapid7 Insight Account Platform

  • Rapid7 Insights API: This API provides API access for the entire Rapid7 Insights platform and suite of products. (Fetches: Users)

• RecordedFuture

  • RecordedFuture threat intelligence helps identify the vulnerabilities that pose an actual risk to an organization, adding context and data to CVE scoring. (Fetches: Devices)

• Robin

  • Robin (now Symworld Cloud) is a Kubernetes-based platform that automates the deployment, scaling, and lifecycle management of data- and network-intensive applications. (Fetches: Devices, Users)

• RUCKUS Cloud

  • CommScope RUCKUS Cloud is a network management-as-a-service platform that enables IT to provision, manage, optimize, and troubleshoot wired and wireless networks. (Fetches: Devices, Users)

• Rubrik Polaris

  • Rubrik provides data security and data protection on a single platform, including: Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery, and orchestrated application recovery. (Fetches: Users)

• Sassafras

  • Sassafras is IT asset management software that allows organizations to inventory and manage IT assets. (Fetches: Devices)

• Secure Code Warrior

  • Secure Code Warrior is a training platform that helps developers learn to write secure code. (Fetches: Users)

• Serraview

  • Serraview is workplace management and space optimization software. (Fetches: Users)

• Sensu

  • Sensu is a cloud monitoring solution that provides monitoring workflows automation and visibility into multi-cloud environments. (Fetches: Devices)

• Sentra

  • Sentra offers cloud data security posture management (DSPM), allowing customers to automatically discover, classify, monitor, and protect cloud data. (Fetches: Devices)

• SharePoint

  • SharePoint creates internal websites where organizations store, organize, share, and access information from any device. (Fetches: Devices)

• Shockwave Cloud

  • Shockwave Cloud helps identify and track cloud related issues and misconfigurations. (Fetches: Devices, Users)

• Snyk

  • Snyk is a developer security platform integrating directly into development tools, workflows, and automation pipelines. (Fetches: Devices)

• Spycloud

  • SpyCloud is an account takeover prevention and fraud investigation tool that alerts companies when their users' data has been compromised in a third-party breach. (Fetches: Users)

• Stairwell

  • Stairwell offers a threat hunting and detection and response platform called “Inception.” (Fetches: Devices)

• TeamCity

  • TeamCity is a build management and continuous integration server. (Fetches: Devices)

• TeamDynamix

  • TeamDynamix is an ITSM/ESM and project portfolio management solution with enterprise integration and automation. (Fetches: Devices, Users)

• Tenable.ot

  • Tenable.ot provides the ability to identify operational technology (OT) assets, communicate risk, and prioritize action. (Fetches: Devices)

• Trellix ePO

  • Trellix provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks. (Fetches: Devices)

• Trend Micro Vision One

  • Trend Micro Vision One is a threat defense platform that includes: Advanced extended detection and response (XDR) capabilities. (Fetches: Devices)

• TruPortal

  • TruPortal is a secure, web-based access credential system for physical access. (Fetches: Devices)

• Udemy

  • Udemy is an online learning and teaching marketplace. (Fetches: Devices)

• Unimus

  • Unimus is a network configuration and automation tool which provides information on devices, backups, and configurations. (Fetches: Devices)

• Unitrends

  • Unitrends (a Kaseya company) provides all-in-one enterprise backup continuity and disaster recovery solutions. (Fetches: Devices)

• Upkeep

  • UpKeep Asset Operations Management Platform is a mobile-first CMMS (computerized maintenance management system), EAM (enterprise asset management), and IIoT (industrial internet of things) suite of solutions. (Fetches: Devices)

• Uptrends

  • Uptrends is a cloud-based solution for monitoring websites, servers, APIs, and network performance. Integrate Uptrends with the Axonius Cybersecurity Asset Management Platform. (Fetches: Devices, Users)

• Uyuni

  • Uyuni is an open-source configuration and infrastructure management solution for software-defined infrastructure. (Fetches: Devices)

• Velociraptor

  • Velociraptor is an open-source endpoint monitoring, digital forensic and cyber response platform. (Fetches: Devices, Users)

• Veracode

  • Veracode provides static, dynamic, and software composition scanning to identify vulnerabilities in the software development lifecycle. (Fetches: Devices)

• Vicarius

  • Vicarius is a consolidated vulnerability discovery, prioritization, and remediation solution. (Fetches: Devices)

• Virtru Gmail Encryption

  • Virtru Gmail Encryption protects Gmail messages and attachments with end-to-end encryption while maintaining user ownership and control. (Fetches: Users)

• VMware NSX

  • VMware NSX provides an agile software-defined infrastructure to build cloud-native application environments. (Fetches: Devices)

• Zerto ZVM

  • Zerto ZVM is a data loss protection solution that provides disaster recovery, backup and workload mobility software for virtualized infrastructures and cloud environments. This adapter supports on-prem deployment. (Fetches: Devices)

• Zimperium zIPS

  • Zimperium zIPS is a mobile threat defense solution for enterprises, providing protection to both corporate owned and BYOD devices. (Fetches: Devices, Users)

Updated Adapters

The following adapters were enhanced:

• Active Directory - Added the option to enter an SSL cipher to use for the TLS object of the connection

• Adaptive Shield - This adapter now fetches devices.

• Amazon Web Services (AWS)

  • Added an option to fetch ECS clusters.
  • Added an option to fetch EKS clusters.

• Asana - Added the capability to fetch Workspace names or Workspace GIDs

• Automox - now fetches users as well as devices.

• BeyondTrust Remote Support - Verify SSL was added to this adapter's configuration

• BigID - added the option to authenticate using an API Token.

• Bionic - An API Token can now be configured.

• BlueCat Enterprise DNS - added the option to set statuses by which to filter devices when the expiry_time is null.

• Checkmarx SAST - added the option to only fetch active users.

• Check Point Infinity

  • Added an option to select later versions of the API.
  • Added the option to match host objects against the NAT rulebase to anticipate additional IP addresses for those objects.

• Cherwell IT Service Management - added the option to create a new device if there is a change in the Cherwell record hostname field.

• Cisco Application Policy Infrastructure Controller (APIC) - added the option to fetch data about sensors for each device.

• Cisco Identity Services Engine (ISE)

  • Added the option to not fetch devices that do not have an IP address.
  • Added the option to only fetch devices that have either an asset name or an IP address.
  • Added the option to only fetch devices that have both an asset name and an IP address.

• Cisco Intersight - Added the option to fetch physical devices as assets.

• Cisco Prime

  • Added the option to only fetch PRIME_WIFI_CLIENT devices.
  • Added the option to fetch ARP devices from the Cisco devices that are fetched.

• Cisco Umbrella - This adapter now fetches users.

• Cisco Unified Communications Manager (UCM) - Added an option to exclude devices with no IP address from the fetch.

• CloudFlare DNS - Added the option to fetch WAF rules and associate them to devices based on the Zone they belong to.

• CloudHealth - Added the option to fetch Azure Subscription and ID information.

• Crashplan - Authentication was changed from Client Secret to Password.

• CrowdStrike Falcon

  • The API v1 "legacy" endpoint is deprecated and will stop functioning on February 9, 2023. Update your adapter’s endpoint to use the Crowdstrike API v2 endpoint to ensure the adapter continues working as expected.
  • Added the capability to only fetch devices associated with a list of platforms.
  • Added the capability to fetch expired vulnerabilities.
  • Added the capability to fetch suppressed vulnerabilities.
  • Added the capability to enter the name of an Installed Patches report to fetch.
  • Added the capability to exclude dvices associated with group names entered.
  • Added the option to add a comma separated list of OS Versions where devices with these Operating Systems will not be fetched.
  • Added the option to to limit the fetch of open vulnerabilities to X days ago.
  • Added the option to get the encryption status of the device's drives.
  • Added the option to enter a comma separated list of OS Versions where devices without these Operating Systems will not be fetched.

• CrowdStrike Falcon Discover

  • Added an option to fetch applications (installed software) on each device.
  • Added an option to fetch devices whose type is "managed".

• CrowdStrike Falcon Identity Protection (formerly Preempt) - Added the option to ignore the owner listed as device owner if it is a service account.

• CSV - New support for wildcards in file names shows all matching file names preceded by their timestamps indicating file creation times.

• CyberArk Endpoint Privilege Manager

  • Added the capability to fetch event info, file info, source, pre-history and reputation information from CyberArk
  • Added support for ADFS authentication

• Datadog - this adapter now fetches users.

• Device42 - Added an option to fetch only the latest versions of each software on the installed software page.

• Dragos - Added the capability to fetch vulnerabilities.

• Dropbox - this adapter now fetches users.

• Dynatrace

  • Added the capability to fetch vulnerabilities.
  • Added the capability to fetch additional information about Dynatrace 'Security problems'
  • Added the capability to fetch Process Group instances

• ExtraHop Reveal(x) - Added an option to only use the field "Last Seen Time" to determine the last seen of the device.

• Fleet DM - added the capability to fetch vulnerabilities.

• Flexera IT Asset Management

  • Added the option to not fetch devices that contain a string or list of strings.
  • Added the ability to select the query from which to fetch devices, either Basic Query, or Additional Asset Information.

• ForeScout CounterAct - Added the capability to set the number of requests to allow before attempting to re-authenticate to get a new session token.

• ForgeRock - Added an option to set the number of assets to fetch at a time.

• FortiNac - Added an option to fetch the ports from the Fortinac system and add it to the information on the device,

• Genian - Added the option to ingest only devices with ACTIVE status.

• Github

  • Added the option to select whether to fetch data about public gists for users.
  • It is possible to fetch data without specifying the organization.

• Google Cloud Platform (GCP)

  • Added option to fetch Google Cloud routers.
  • Added the option to enter a comma-separated list of email domains to exclude from the fetch when the Email domain include list is empty.
  • Added the option to only fetch SCC assets that have findings.
  • Added the option in the HTTPS Proxy parameter for the GCP connection to have an HTTP proxy.

• Have I Been Pwned - Added a rate limit to handle rate limit issues.

• Hawk - Added the option to use the Asset Name as the Host Name when no value is brought into Axonius for the Host Name.

• HP Device Manager (HPDM) - Added the option to select either MSSQL or PostgreSQL as the database type.

• HP Network Node Manager i (NNMI) - Added the capability to enter a value to set the number of requests the adapter will send to the API per minute.

• HYPR Passwordless now fetches devices as well as users

• IGEL Universal Management Suite (UMS) - Added the option to only fetch thin clients and their monitors.

• Infinipoint - Added the option to fetch Software, Services and Vulnerabilities data

• Invicti - Added an option to fetch vulnerabilities with associated CVEs.

• Ivanti Unified Endpoint Manager (formerly Landesk) - Added the capability to provide a comma separated list of fields that will be queried from the Landesk instance and added as a list of values in the device

• Jira Service Management (Service Desk)

  • Added the capabiltiy to enter a comma separated list of statuses where devices with one of these statuses will not be ingested into the system.
  • Now uses the GET AQL Objects API

• Kenna Security Platform - Added the option to exclude fetching devices without a MAC address and without a hostname.

• Lacework

  • Added the capability to force the adapter to use a specific version of the Lacework API.
  • Added the capability to fetch data from a defined sub account.

• Linux SSH - Added to this adapter and Encforcement action the capability to fetch services and open ports.

• LogicMonitor

  • Added the capability to enter a list of LogicMonitor custom property keys to convert to fields in Axonius.
  • Added the option to fill the hostname field with the value of a field called system.hostname.

• ManageEngine Desktop Central and Patch Manager - Added the option to select whether to only fetch devices which have a last seen value.

• Microsoft Active Directory (AD)

  • Added the option to fetch information about the domains that are trusted by the user/device domain.
  • Added capability to add a semi-colon separated list to specify a list of hostnames that the AD adapter will resolve to a specific IP address once.
  • Added the capability to specify additional AD groups which consist of administrators. All the members of the specified groups will be marked as admin.

• Microsoft Azure

  • Added the capability to fetch firewall rules and web application firewall policies configured in the asset's subnets.
  • Configurations to fetch services as devices have been consolidated into one new setting, Azure services to fetch as devices which allows you to select which services will be fetched as devices.
    • SQL Managed Instances added to this list.
    • Sentinel Incidents added to this list.
  • Log Analytics MAC addresses is now available as an Azure service to fetch.
  • Added the option to switch between the asset name value and the hostname value if the hostname has 15 characters.

• Microsoft Azure Active Directory (Azure AD) and Microsoft Intune

  • Added the capability to select whether to fetch the assigned roles of a user.
  • Added capability to select levels of risky users' information to fetch.
  • Added capability to state of risky users' information to fetch.
  • Added the option to fetch the total size of the RAM of the device from the Intune BETA API.
  • The default value for the following settings was set to disabled:
    • Fetch software information from Intune”
    • “Fetch users Last Sign-In - How to fetch”
    • “Fetch users Last Sign-In - API to use”
  • Added the capability to fetch service principals.
  • Added the option to select to only fetch devices and not fetch users. This can be done using less permissions.
  • Added an option to fetch information about 'Windows 10 Endpoint Protection Configurations' configured for the Intune devices.

• Microsoft Cloud App Security - Added the option to to determine if the authentication process will be with a pre-generated token (as it used to be), or using OAuth2 authentication. When OAuth2 authentication is chosen appropriate options are displayed.

• Microsoft Defender for Endpoint

  • Added an option to fetch additional information about the Anti-Virus status for each device.
  • Added an option to enter a comma separated list of tags by which to fetch devices. Only devices with the tags in the list will be fetched.

• Microsoft System Center Configuration Manager (SCCM)

  • Added the option to fetch SCCM licenses.
  • Added the capability to enter a regex expression to search for and fetch files in the device’s software table that usually would not be retrieved because they are ‘independent’.
  • Added an option to fetch data from the 'vSMS_SUMDeploymentStatusPerAsset' table for each asset.

• Minerva Labs Endpoint Malware Vaccination - Added the option to append Hostname on asset ID to mitigate some cases of over correlation

• MobileIron EMM - Added the capbility to enter partition IDs to fetch as a comma separated list.

• N-able - Added the option to fetch asset information for each device.

• Netbox

  • Added the capability to fetch only active devices.
  • Added an option to fetch custom fields for devices.

• NetIQ Identity Manager

  • Port configuration was added to this adapter.
  • Support for OSP oAuth2 token was added to this adapter

• Netskope - Added the option to populate the Last Seen field with the date from the events endpoint of the Netskope API.

• New Relic - New Advanced setting allows entering a comma-separated list of values found in the “Field Segmentation” field on Relic to be included in the fetch.

• Nexthink

  • Added the option to ignore DWM/UMFD accounts
  • Added the option to fetch the field called ‘Highest Local Privilege Reached’. This information can help determine whether a user is an admin user.

• Nozomi Guardian and CMC - Added the option to fetch vulnerabilities.

• Okta

  • Added the option to only fetch users from a specific group.
  • Added the capability to enter a number of days back from which to fetch logs.

• Oomnitza Enterprise Technology Management- Added the option to display the Host Name value in the Asset Name field.

• OpsRamp - Added the option to fetch software installed on devices.

• PagerDuty - Added an option to add more details regarding the teams associated with the user.

• Palo Alto Networks Cortex XDR

  • Added an option to enrich devices with DNS query information
  • Added an option to fetch daemon information for each device.
  • Added an option to fetch vulnerability information for devices

• Proofpoint Endpoint DLP - Added the option to populate the Last Seen Updater field for devices of the type updater agent, and not populate the Last Seen field.

• Proofpoint's ObserveIT Insider Threat Management Platform - Added the option to use the value in the Alias field for the Serial Number field for OS X hosts.

• Puppet - Added the capability to enter a prefix used on your system for dynamic Puppet fields. Axonius will then fetch all Puppet fields with this prefix and add them to the devices.

• Pulse Connect Secure was rebranded to Ivanti Connect Secure.

• Qualys Cloud Platform

  • Added a new Fetch devices by setting which is used to fetch relevant devices with the recommended 'Last Seen Threshold'. Either select 'Last modified' or 'Last scanned for vulnerabilities'. From version 4.8.4 the default value the first time you connect this adapter is 'Last modified'. Consult Axonius support to find the best setting for your system.
  • Added an option to fetch Asset CVEs on host detection.

• Quest KACE Endpoint Systems Management Appliances

  • Added the capability to fetch device information from the machine custom inventory.
  • Added the option to fetch only standard software data (without additional fields).

• Qush Reveal was renamed NEXT DLP.

• Rapid7 InsightVM

  • Added the ability to select a date in which device vulnerabilities are compared to determine if they were subsequently remediated.
  • Under API Version added indication that Version 4 API is recommended. In addition, if Experimental API is selected, and it is offline, the adapter falls back to using the V4 API.
  • Added an option to only fetch devices that have a MAC address, a hostname and an IP address.

• Rapid7 Nexpose and InsightVM

  • This adapter now fetches users. This is an option that must be enabled.
  • Added the option to fetch asset group data from Rapid7 for device enrichment.
  • Added the option to fetch assets excluded from scans.
  • Added a capablity to fetch vulnerabilities in the background and various configurations for this setting

• RSA Secure ID - Port Configuration field added.

• SailPoint IdentityIQ

  • Added the capability to enter a comma separated list of fields to exclude from the fetch.
  • Added the capability to enter a comma-separated list of extra fields to fetch.

• Saviynt - Added a capability to select fields not to fetch.

• SecureW2 JoinNow - API Key changed to API Secret

• Secureworks Taegis XDR (formerly Red Cloak TDR) - added the capability to add a calculated agent health for the selected module to each device.

• ServiceNow

  • Added the capability to enter textual values in addition to numerical values for the following configurations:
    • Install status exclude list
    • Install status include list
    • Operational status exclude list
    • Operational status include list
  • Added the option to fetch running processes information.
  • Added the option to populate the Axonius owner aggregated field based on the Service Now "assigned to" field instead of the "opened by" field.
  • Added the capablity to configure fields that generally appear in 'Advanced' view to appear in 'Basic' view.

• Shadowserver- Added an option to fetch all reports.

• Slack

  • Added an option to not fetch users that were deleted.
  • Added the option to fetch user conversations.

• Snow Software Asset Management - added the option to set pagination assets per page.

• Snowflake Data Warehouse - this adapter now fetches users.

• Splunk - Added parsing of installed security patches to this adapter.

• SQL Server - Added the possiblity to use the SQL server to fetch Software Vulnerabilities data from an SQL server table.

• Suma Logic - Added the capability to fetch both user and device data at the same time.

• Symantec Endpoint Management Suite (formerly Altiris)

  • Added the option to fetch data from Views.
  • Added the option to fetch from Altiris tables without locking them.

• Tanium System Status was renamed Tanium Client Status.

• Tenable.sc

  • Axonius now distinguishes between a vulnerability fetched from the Mitigated table and a vulnerability is fetched from the cumulative table. When a vulnerability is fetched from the Mitigated table it is marked 'Mitigated - Not Vulnerable'. When a vulnerability is fetched from the cumulative table and was vulnerable before, it is marked 'Previously Mitigated (Currently Vulnerable)'
  • Added the capability to exclude devices whose hostnames start with a defined string.
  • Added the capability to select installed software plugins about which to fetch information.
  • Added the capability to enter names of one or more comma separated repositories from which to fetch data. If you use this field, data will only be fetched from these repositories.
  • Added the option to use Plugin-19506 to fetch the first discovery date and the last observed data for devices.
  • Added the option to fetch the Plugin ID 85736 and parse the results as a list of strings containing the Windows Store Applications installed on the device.

• Tenable.io

  • Added the capability to select installed software plugins about which to fetch information.
  • Added the capability to fetch data from the Windows services plugin 44401 for each device.
  • Added the option to fetch information about the network to which the device is connected.
  • Added the option to not fetch any vulnerabilities.
  • Added an option to fetch vulnerabilities with the state 'fixed'.
  • Added an option to not fetch users that are disabled within Tenable.io.
  • Added the capabiity to enter a comma separated list of Tenable “scan names”. If devices are in these scan names, they will not be fetched.

• Tenable.OT adapter name was changed to Tenable.OT (Indegy)

• TeQube Teqtivity - added the capability to select one or more asset types to exclude from the device fetch.

• Twistlock - Added the option to fetch full details of descriptions and vulnerabilites.

Note:

• Universal SSH Key Manager (UKM) - Added a capability to use a field name instead of the host name.

• Veeam

  • Added the capability to fetch information about physical infrastructure servers.
  • Added support of Veeam Backup & Replication 11.

• VMware ESXi and vSphere

  • Added the option to fetch snapshots from virtual machines.
  • This adapter now supports users (from vCenter 6.7 and higher).
  • Added option so that the Preferred Serial Number (and the Device Manufacturer Serial) for the ESX device will have a value with the format
    VMware-xx xx xx xx xx xx xx xx-xx xx xx xx xx xx xx xx
    where the x’s are the characters of the UUID.

• VMware vCloud Director - Added support for two API versions - v31.0 (previous connection parameters) and v36.0 (new API Key parameter).

• VMware vRealize Operations (vROps) - Added support for cloud hosted. An appropriate authentication method is available when choosing cloud hosted.

• VMWare Workspace ONE

  • Added the capability to query the compliance API.
  • Added support for OAuth authentication.
  • Added the option to fetch device sensor information.

• Wazuh

  • Added the option to fetch extra information about the asset such as system inventory items, or the scan database.
  • Added the capability to configure the API rate per minute.
  • Added the option to fetch policy checks related to the SCA database items.

• WhatsUp Gold - added the option to select a Group ID.

• Windows DHCP Server - Added the option to fetch statistical information about the DHCP service.

• Wiz

  • Permissions required for Report Connection were updated.
  • Added the option to enter a project UUID to fetch resources only from the project listed.
  • Added the option to attach cloud storage volumes to their associated VMs. When you select this option, volumes are not created as separate devices.
  • Added the possiblity to specify a comma-separated list of tag keys to be parsed as device fields.
  • Added an option to fetch Wix Users.
  • Added an option to fetch cloud users.

• Workday

  • Private Key File, Public Certificate file and certificate passphrase were removed from the configuration of this adapter.
  • Added the option to enter a SOAP URL for a Workday Custom Report endpoint.
  • Added the option to disable the Management Chain Enrichment process and thus not enrich the management workers list with additional information about each manager.

• Zabbix - added the capability to fetch items.

• Zoom

  • Permissions required for this adapter were updated.
  • Added the option to not fetch information about rooms on the Zoom calendar.
  • Added the option to also fetch users with a status of 'inactive'.
  • Added the option to not fetch devices whose account type is a service account.

• ZScaler Web Security

  • Permissions required for this adapter were updated.
  • Added the to option to enrich device information with Service Status data.

For more details:

• Explore the entire list of supported and integrated adapters.

  
  

New Enforcement Actions

The following Enforcement Actions were added:

• Absolute - Unenroll Asset - unenrolls Absolute Assets for assets that match the results of the selected saved query or assets selected on the relevant asset page.

• BigFix - Create Fixlet Action creates and executes a BigFix Fixlet action on assets that match the results of the selected saved query or assets selected on the relevant asset page.

• BigFix Remove Asset - This action removes assets from aAssets that match the results of the selected saved query or assets selected on the relevant asset page.

• Cherwell - Remove Assets - Removes assets from Cherwell.

• CrowdStrike Falcon - Delete Hosts - Deletes CrowdStrike hosts.

• CrowdStrike Falcon - Run Script - Runs a script on CrowdStrike assets.

• Equinix - Create Users - creates Users in Equinix for assets that match the results of the selected saved query or assets selected on the relevant asset page.

• Equinix - Disable Users - disables Users in Equinix for assets that match the results of the selected saved query or assets selected on the relevant asset page.

• Equinix - Remove Users - removes Users in Equinix for assets that match the results of the selected saved query or assets selected on the relevant asset page.

• Freshservice - Update Assets - 'Additional Fields added to this action.

• GCP - Add or Remove Tags to/from Assets - This action adds or removes tags from Google Cloud Provider assets.
  Jamf Pro - Add or Remove Assets to/from Group -

• Jira Service Management - Create Issue creates one incident in Jira Service Management for all of the assets retrieved from the saved query supplied as a trigger (or from the entities selected in the asset table).

• ManageEngine ServiceDesk Plus - Create Request - creates a ManageEngine ServiceDesk Plus request for assets that match the results of the selected saved query or assets selected on the relevant asset page.

• ManageEngine ServiceDesk Plus - Create and Update Assets - creates a ManageEngine ServiceDesk Plus Asset, or updates ManageEngine ServiceDesk Plus Assets for assets that match the results of the selected saved query or assets selected on the relevant asset page.

• ManageEngine Endpoint (Desktop) Central and Patch Manager Plus - Create Patch Action - creates an install or uninstall patch action.

• Microsoft Active Directory (AD) - Change Assets OU moves the assets (users or devices) retrieved from the saved query supplied as a trigger (or assets that were selected in the asset table) from one Organizational Unit (OU) to another in Microsoft Active Directory (AD).

• Okta - Add or Remove Users to/from Group adds or removes each user retrieved from the saved query supplied as a trigger (or users selected in the asset table) to an Okta group.

• phpIPAM - Create or Update Assets - Creates and/or updates assets in phpIPAM.

• SentinelOne - Remove Asset - This action removes existing assets from SentinelOne.

• SentinelOne - Execute Remote Script - Executes a remote script on SentinelOne assets.

• SentinelOne - EC Isolate/Unisolate Assets - Isolates or unisolates assets in the SentinelOne.

• Slack - Send Message to Channel - Posts a message to a Slack channel for assets that match the results of the selected saved query or assets selected on the relevant asset page.

• SNIPE-IT - Create Asset - Creates an asset in SNIPE-IT.

• SolarWinds - Create Asset - Creates a SolarWinds asset.

• Sophos Central - Remove Assets - Removes assets from Sophos Central for assets that match the results of the selected saved query or assets selected on the relevant asset page.

• Splunk - Create and Update Assets - Creates or updates assets in Splunk.

• Tanium - Add or Remove Tag to/from Assets - Adds or removes tags to/from assets that match the results of the selected saved query or assets selected on the relevant asset page.

• Tanium - Create Software Deployment - Installs, updates or removes Tanium Software for assets that match the results of the selected saved query or assets selected on the relevant asset page.

• Tenable.io - Delete Account - This action deletes an account from Tenable.io.

• Zoho Desk - Create Ticket - This action creates a Zoho Desk ticket.

Updated Enforcement Actions

The following Enforcement Actions were updated:

• Axonius - Send Email to Assets - added option to option to send an email to users that are owners in the projects where the devices exist.

• Cherwell IT Service Management - Create Incident - Added an option that allows attaching a CSV file to created incidents.

• Cherwell - Update Assets - Added the option to select which adapter connections should be ignored.

• Freshservice - Create Assets - Added the option to make sure that all dates are based on the ISO-8601 format.

• Freshservice - Create Ticket per Asset, and Freshservice - Create Ticket - Description, subject, and priority are no longer required fields.

• Freshservice - Create Ticket**

  • Group Name renamed Group Name or ID
  • Ticket Category field added.

• Freshservice Create Ticket per Asset

  • Added support of Create incident V2 API.
  • Added Group ID as well as Group name. When you choose group name, Axonius will search all groups for the group ID.

• Have I Been Pwned - The capability was added to configure additional email fields.

• HTTP Server - Send to Webhook - This Action was renamed from Web Server Information - Send to Webhook.

• Jamf Pro - Add Assets to Computer Group was renamed Jamf Pro - Add or Remove Assets to/from Group, and now also removes assets.

• Jira Service Management - Create Insight Asset per Asset

  • Added option to configure not to return failed if assets are not created because of unique attributes.
  • Added capability to use this action to also update Insight Assets if they already exist.
  • Added the Create Reference Object If Not Exist options to create objects if they don't already exist in Jira.

• Jira Service Management - Update Insight Asset - Added the Create Reference Object If Not Exist options to create objects if they don't already exist in Jira.

• Jira Service Management - Create Issue per Asset

  • A number of fields were added to this Action in order to provide more details. In addition, fields were renamed to make them clearer and explanations were expanded.
  • It is now possible to include a CSV file with the query results in the issue created.

• Jira Service Management - Create Insight Asset per Asset - Updated the name of the Map Axonius fields to Jira Insight fields ID field to reflect that the mapping is for the field ID.

• Manage Custom Enrichment - Enrich Assets with CSV File - Added the capability to remove custom enrichments from assets.

• Microsoft Azure DevOps - Create Task - Added options to create work items as required, and add new work item types if needed. Added the option to select the adapter connection to use when Use stored credentials... is enabled.

• Microsoft Azure (Azure AD) Add Assets to Group name was changed to Microsoft Azure (Azure AD) - Add or Remove Assets in Group. This action now also supports removing assets from a group.

• Microsoft Active Directory (AD) - Enable Assets - The possbility was added to use an existing adapter connection, and to select the MS AD connection to use.

• Microsoft Active Directory (AD) - Disable Assets - The possbility was added to use an existing adapter connection, and to select the MS AD connection to use.

• Microsoft Active Directory (AD) - Add or Update LDAP Attributes of Assets - Added the ability to select the source of LDAP attributes.

• Microsoft Azure - Send CSV to Azure Storage -

  • Added the option to select blob type Azure storage.
  • Added option to append the date and time to the CSV file name.

• Microsoft Teams - Send Message - Added the Send the query summary in the message body field.

• Okta - Enable Users - added the option to choose whether the action will Unsuspend or Reactivate users.

• Okta - Disable Users - added the option to choose whether the action will Suspend, Deactivate or Delete users.

• Rapid7 - Add or Remove Tag to/from Assets - added the option create tags if they don't exist.

• SentinelOne - Add or Remove Tag to/from Assets - SentinelOne connection configuration fields were added to this action. And added a note to clarify useage of the Override tag field.

• ServiceNow - Update Assets - Added the option to select which adapter connections should be ignored.

• ServiceNow - Create Assets - Added the Assure uniqueness of created software assets option to ensure software assets are not duplicated.

• SQL - Send Assets to Table

  • The capability was added to use the Field Mapping Wizard to map Axonius fields to SQL Server table columns.
  • MySQL was added as a table type.

• TOPdesk Enterprise Service Management - Create Ticket - Added an option that adds the Actions results to the Details field of the ticket.