Axonius-4.8 Ongoing Adapter and Enforcement Actions Updates

The following includes new Adapters and Enforcement Actions and ongoing updates to Adapters and Enforcement Actions as they are added to Axonius 4.8

• View full information about new and updated features in Axonius 4.8

New Adapters

The following new adapters were added:

• Adobe Acrobat Sign

  • Adobe Acrobat Sign allows users to create, edit, collaborate, e-sign, and share PDFs, on any device. (Fetches: Users)

• AssetSonar

  • AssetSonar maintains, tracks, and manages a single source of truth for the IT asset landscape. (Fetches: Devices)

• Bricata

  • Bricata is a network detection and response platform. (Fetches: Devices)

• Brivo

  • Brivo is a cloud-based access control solution that helps protect building, employees, visitors, customers, residents and data. (Fetches: Devices)

• CheckPoint Harmony Mobile

  • CheckPoint Harmony Mobile uses file protection capabilities to block the download of malicious files to mobile devices and prevent file-based cyberattacks on organizations. (Fetches: Devices)

• CloudCheckr

  • CloudCheckr is multi-cloud optimization and resource management software that includes cost management, security and compliance management, and resource utilization. (Fetches: Devices)

• CrowdStrike Falcon Discover

  • CrowdStrike Falcon Discover is a network security monitoring tool that provides real-time visibility into devices, users, and applications. (Fetches: Devices)

• Databricks

  • Databricks combines data warehouses & data lakes into a lakehouse architecture that handles data, analytics, and AI use cases. (Fetches: Devices)

• DOJ CSAM

  • DOJ’s proprietary Cyber Security Assessment and Management (CSAM) automates assessments and authorizations to provide a comprehensive assessment and continuous monitoring service. (Fetches: Devices)

• Easyvista Service Manager

  • EasyVista is an ITSM (IT Service Management) solution including change, release, incident, problem, and knowledge management. (Fetches: Devices)

• FortifyData

  • FortifyData is a threat exposure management platform for identifying, monitoring, and managing cyber risk. (Fetches: Devices)

• GlobalSign Atlas

  • GlobalSign Atlas offers cloud certificate management and automation. (Fetches: Devices)

• GluWare

  • GluWare provides a Multi-vendor, multi-platform, and multi-domain network automation tool. (Fetches: Devices)

• HAProxy

  • HAProxy is free and open source software that provides a high availability load balancer and reverse proxy for TCP and HTTP-based applications. (Fetches: Devices and Users)

• Hitachi Operations Center

  • Hitachi Ops Center provides data infrastructure management including automation, analytics, and protection. (Fetches: Devices)

• HPE (SAN)

  • HPE storage area networking (SAN) provides storage solutions for performance, scalability, and manageability. (Fetches: Devices)

• Huntress

  • Huntress is a managed endpoint detection and response (EDR) solution. (Fetches: Devices)

• IFS Assys

  • IFS Assys is IT service management (ITSM) software that helps automate business processes. (Fetches: Devices)

• Imperva WAF

  • Imperva Web Application Firewall (WAF) allows customers to monitor, filter, and block incoming and outgoing data packets from a web application or website. (Fetches: Devices)

• Imperva WAF Cloud

  • Imperva Web Application Firewall (WAF) allows customers to monitor, filter, and block incoming and outgoing data packets from a web application or website. (Fetches: Devices)

• Keyfactor

• Keyfactor provides PKI as-a-Service enabling protection of every device, workload, and digital transaction with a unique and trusted identity. (Fetches: Devices)

• ManageEngine Firewall Analyzer

  • ManageEngine Firewall Analyzer is an agentless log analytics and configuration management software that analyzes logs from firewalls and generates real-time alert notifications and security and bandwidth reports. (Fetches: Devices)

• Mimecast

  • Mimecast provides email security, data management and compliance, and security awareness and user behavior solutions. (Fetches: Users)

• Mutiny

  • Mutiny is a network monitoring and alerting appliance. (Fetches: Devices)

• Namecheap

  • Namecheap offers free public DNS to help users get connected quickly and securely. (Fetches: Devices)

• Netwrix Auditor

  • Netwrix Auditor is IT auditing software for detecting security threats and validating compliance. (Fetches: Users)

• N-Sight RMM

  • N-Sight RMM provides remote monitoring and access, ticketing, and management for Windows, Linux, and Mac devices. (Fetches: Devices)

• Nutanix Prism Central

  • Nutanix delivers hybrid and multicloud management, unified storage, database services, and desktop services to support applications and workloads. (Fetches: Devices, Users)

• Onspring Compass

  • Onspring is cloud-based automated GRC software for business process management. (Fetches: Devices)

• Oracle Enterprise Manager

  • Oracle Enterprise Manager is an on-premises management platform that provides a single dashboard to manage all Oracle deployments. (Fetches: Devices)

• Oracle Ksplice

  • Oracle Ksplice provides fast secure kernel and userspace patching without the need for reboots. (Fetches: Devices)

• PagerDuty

  • PagerDuty is a digital operations platform for system administrators and support teams to manage incident response. (Fetches: Users)

• Palo Alto Networks Prisma Access

  • Prisma Access SASE from Palo Alto Networks converges network security, SD-WAN, and autonomous digital experience management in the cloud to provide a secure access service edge. (Fetches: Devices, Users)

• Paycor

  • Paycor is an automated human capital management (HCM) platform for managing HR and payroll needs in one place. (Fetches: Users)

• Paylocity

  • Paylocity is a cloud-based payroll and human capital management software. (Fetches: Users)

• Pingboard

  • Pingboard creates real-time organizational charts by automatically synchronizing organizational charts with HRMS software. (Fetches: Users)

• Rapid7 Insight Account Platform

  • Rapid7 Insights API: This API provides API access for the entire Rapid7 Insights platform and suite of products. (Fetches: Users)

• RecordedFuture

  • RecordedFuture threat intelligence helps identify the vulnerabilities that pose an actual risk to an organization, adding context and data to CVE scoring. (Fetches: Devices)

• Robin

  • Robin (now Symworld Cloud) is a Kubernetes-based platform that automates the deployment, scaling, and lifecycle management of data- and network-intensive applications. (Fetches: Devices, Users)

• RUCKUS Cloud

  • CommScope RUCKUS Cloud is a network management-as-a-service platform that enables IT to provision, manage, optimize, and troubleshoot wired and wireless networks. (Fetches: Devices, Users)

• Sassafras

  • Sassafras is IT asset management software that allows organizations to inventory and manage IT assets. (Fetches: Devices)

• Serraview

  • Serraview is workplace management and space optimization software. (Fetches: Users)

• Sensu

  • Sensu is a cloud monitoring solution that provides monitoring workflows automation and visibility into multi-cloud environments. (Fetches: Devices)

• Sentra

  • Sentra offers cloud data security posture management (DSPM), allowing customers to automatically discover, classify, monitor, and protect cloud data. (Fetches: Devices)

• SharePoint

  • SharePoint creates internal websites where organizations store, organize, share, and access information from any device. (Fetches: Devices)

• Snyk

  • Snyk is a developer security platform integrating directly into development tools, workflows, and automation pipelines. (Fetches: Devices)

• Stairwell

  • Stairwell offers a threat hunting and detection and response platform called “Inception.” (Fetches: Devices)

• TeamDynamix

  • TeamDynamix is an ITSM/ESM and project portfolio management solution with enterprise integration and automation. (Fetches: Devices, Users)

• Trellix ePO

  • Trellix provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks. (Fetches: Devices)

• Trend Micro Vision One

  • Trend Micro Vision One is a threat defense platform that includes: Advanced extended detection and response (XDR) capabilities. (Fetches: Devices)

• TruPortal

  • TruPortal is a secure, web-based access credential system for physical access. (Fetches: Devices)

• Udemy

  • Udemy is an online learning and teaching marketplace. (Fetches: Devices)

• Unimus

  • Unimus is a network configuration and automation tool which provides information on devices, backups, and configurations. (Fetches: Devices)

• Unitrends

  • Unitrends (a Kaseya company) provides all-in-one enterprise backup continuity and disaster recovery solutions. (Fetches: Devices)

• Upkeep

  • UpKeep Asset Operations Management Platform is a mobile-first CMMS (computerized maintenance management system), EAM (enterprise asset management), and IIoT (industrial internet of things) suite of solutions. (Fetches: Devices)

• Uptrends

  • Uptrends is a cloud-based solution for monitoring websites, servers, APIs, and network performance. Integrate Uptrends with the Axonius Cybersecurity Asset Management Platform. (Fetches: Devices, Users)

• Uyuni

  • Uyuni is an open-source configuration and infrastructure management solution for software-defined infrastructure. (Fetches: Devices)

• Velociraptor

  • Velociraptor is an open-source endpoint monitoring, digital forensic and cyber response platform. (Fetches: Devices, Users)

• Veracode

  • Veracode provides static, dynamic, and software composition scanning to identify vulnerabilities in the software development lifecycle. (Fetches: Devices)

• Vicarius

  • Vicarius is a consolidated vulnerability discovery, prioritization, and remediation solution. (Fetches: Devices)

• Virtru Gmail Encryption

  • Virtru Gmail Encryption protects Gmail messages and attachments with end-to-end encryption while maintaining user ownership and control. (Fetches: Users)

• Zerto ZVM

  • Zerto ZVM is a data loss protection solution that provides disaster recovery, backup and workload mobility software for virtualized infrastructures and cloud environments. This adapter supports on-prem deployment. (Fetches: Devices)

• Zimperium zIPS

  • Zimperium zIPS is a mobile threat defense solution for enterprises, providing protection to both corporate owned and BYOD devices. (Fetches: Devices, Users)

Updated Adapters

The following adapters were enhanced:

• Active Directory - Added the option to enter an SSL cipher to use for the TLS object of the connection

• Amazon Web Services (AWS)

  • Added an option to fetch ECS clusters.
  • Added an option to fetch EKS clusters.

• Asana - Added the capability to fetch Workspace names or Workspace GIDs

• Automox - now fetches users as well as devices.

• BeyondTrust Remote Support - Verify SSL was added to this adapter's configuration

• BigID - added the option to authenticate using an API Token.

• BlueCat Enterprise DNS - added the option to set statuses by which to filter devices when the expiry_time is null.

• Cherwell IT Service Management - added the option to create a new device if there is a change in the Cherwell record hostname field.

• Cisco Application Policy Infrastructure Controller (APIC) - added the option to fetch data about sensors for each device.

• Cisco Identity Services Engine (ISE) - added the option to not fetch devices that do not have an IP address.

• Cisco Prime - added the option to only fetch PRIME_WIFI_CLIENT devices.

• Cisco Umbrella - This adapter now fetches users.

• Cisco Unified Communications Manager (UCM) - Added an option to exclude devices with no IP address from the fetch.

• CloudFlare DNS - Added the option to fetch WAF rules and associate them to devices based on the Zone they belong to.

• Crashplan - Authentication was changed from Client Secret to Password.

• CrowdStrike Falcon

  • The API v1 "legacy" endpoint is deprecated and will stop functioning on February 9, 2023. Update your adapter’s endpoint to use the Crowdstrike API v2 endpoint to ensure the adapter continues working as expected.
  • Added the capability to only fetch devices associated with a list of platforms.
  • Added the capability to fetch expired vulnerabilities.
  • Added the capability to fetch suppressed vulnerabilities.
  • Added the capability to enter the name of an Installed Patches report to fetch.
  • Added the capability to exclude dvices associated with group names entered.
  • Added the option to add a comma separated list of OS Versions where devices with these Operating Systems will not be fetched.

• CrowdStrike Falcon Discover - Added an option to fetch applications (installed software) on each Device.

• CrowdStrike Falcon Identity Protection (formerly Preempt) - Added the option to ignore the owner listed as device owner if it is a service account.

• CyberArk Endpoint Privilege Manager - Added the capability to fetch event info, file info, source, pre-history and reputation information from CyberArk

• Device42 - Added an option to fetch only the latest versions of each software on the installed software page.

• Dragos - Added the capability to fetch vulnerabilities.

• Dropbox - this adapter now fetches users.

• Dynatrace

  • Added the capability to fetch vulnerabilities.
  • Added the capability to fetch additional information about Dynatrace 'Security problems'
  • Added the capability to fetch Process Group instances

• Fleet DM - added the capability to fetch vulnerabilities.

• Flexera IT Asset Management - Added the option to not fetch devices that contain a string or list of strings.

• ForeScout CounterAct - Added the capability to set the number of requests to allow before attempting to re-authenticate to get a new session token.

• ForgeRock - Added an option to set the number of assets to fetch at a time.

• FortiNac - Added an option to fetch the ports from the Fortinac system and add it to the information on the device,

• Genian - Added the option to ingest only devices with ACTIVE status.

• Github

  • Added the option to select whether to fetch data about public gists for users.
  • It is possible to fetch data without specifying the organization.

• Google Cloud Platform (GCP)

  • Added option to fetch Google Cloud routers.
  • Added the option to enter a comma-separated list of email domains to exclude from the fetch when the Email domain include list is empty.
  • Added the option to only fetch SCC assets that have findings.
  • Added the option in the HTTPS Proxy parameter for the GCP connection to have an HTTP proxy.

• Have I Been Pwned - Added a rate limit to handle rate limit issues.

• Hawk - Added the option to use the Asset Name as the Host Name when no value is brought into Axonius for the Host Name.

• HP Device Manager (HPDM) - Added the option to select either MSSQL or PostgreSQL as the database type.

• HYPR Passwordless now fetches devices as well as users

• IGEL Universal Management Suite (UMS) - Added the option to only fetch thin clients and their monitors.

• Infinipoint - Added the option to fetch Software and Services data

• Jira Service Management (Service Desk)

  • Added the capabiltiy to enter a comma separated list of statuses where devices with one of these statuses will not be ingested into the system.
  • Now uses the GET AQL Objects API

• Kenna Security Platform - Added the option to exclude fetching devices without a MAC address and without a hostname.

• Lacework - Added the capability to force the adapter to use a specific version of the Lacework API.

• Microsoft Active Directory (AD)

  • Added the option to fetch information about the domains that are trusted by the user/device domain.
  • Added capability to add a semi-colon separated list to specify a list of hostnames that the AD adapter will resolve to a specific IP address once.
  • Added the capability to specify additional AD groups which consist of administrators. All the members of the specified groups will be marked as admin.

• Microsoft Azure

  • Added the capability to fetch firewall rules and web application firewall policies configured in the asset's subnets.
  • Configurations to fetch services as devices have been consolidated into one new setting, Azure services to fetch as devices which allows you to select which services will be fetched as devices.
  • Log Analytics MAC addresses is now available as an Azure service to fetch.

• Microsoft Azure Active Directory (Azure AD) and Microsoft Intune

  • Added the capability to select whether to fetch the assigned roles of a user.
  • Added capability to select levels of risky users' information to fetch.
  • Added capability to state of risky users' information to fetch.
  • Added the option to fetch the total size of the RAM of the device from the Intune BETA API.
  • The default value for the following settings was set to disabled:
    • Fetch software information from Intune”
    • “Fetch users Last Sign-In - How to fetch”
    • “Fetch users Last Sign-In - API to use”
  • Added the capability to fetch service principals.
  • Added the option to select to only fetch devices and not fetch users. This can be done using less permissions.
  • Added an option to fetch information about 'Windows 10 Endpoint Protection Configurations' configured for the Intune devices.

• Microsoft Cloud App Security - Added the option to to determine if the authentication process will be with a pre-generated token (as it used to be), or using OAuth2 authentication. When OAuth2 authentication is chosen appropriate options are displayed.

• Microsoft System Center Configuration Manager (SCCM)

  • Added the option to fetch SCCM licenses.
  • Added the capability to enter a regex expression to search for and fetch files in the device’s software table that usually would not be retrieved because they are ‘independent’.
  • Added an option to fetch data from the 'vSMS_SUMDeploymentStatusPerAsset' table for each asset.

• MobileIron EMM - Added the capbility to enter partition IDs to fetch as a comma separated list.

• Netbox

  • Added the capability to fetch only active devices.
  • Added an option to fetch custom fields for devices.

• NetIQ Identity Manager

  • Port configuration was added to this adapter.
  • Support for OSP oAuth2 token was added to this adapter

• New Relic - New Advanced setting allows entering a comma-separated list of values found in the “Field Segmentation” field on Relic to be included in the fetch.

• Oomnitza Enterprise Technology Management- Added the option to display the Host Name value in the Asset Name field.

• OpsRamp - added the option to fetch software installed on devices.

• PagerDuty - added an option to add more details regarding the teams associated with the user.

• Proofpoint's ObserveIT Insider Threat Management Platform - Added the option to use the value in the Alias field for the Serial Number field for OS X hosts.

• Qualys Cloud Platform - Added a new Fetch devices by setting which is used to fetch relevant devices with the recommended 'Last Seen Threshold'. Either select 'Last modified' or 'Last scanned for vulnerabilities'. From version 4.8.4 the default value the first time you connect this adapter is 'Last modified'. Consult Axonius support to find the best setting for your system.

• Quest KACE Endpoint Systems Management Appliances

  • Added the capability to fetch device information from the machine custom inventory.
  • Added the option to fetch only standard software data (without additional fields).

• Rapid7 InsightVM

  • Added the ability to select a date in which device vulnerabilities are compared to determine if they were subsequently remediated.
  • Under API Version added indication that Version 4 API is recommended. In addition, if Experimental API is selected, and it is offline, the adapter falls back to using the V4 API.
  • Added an option to only fetch devices that have a MAC address, a hostname and an IP address.

• Rapid7 Nexpose and InsightVM

  • This adapter now fetches users. This is an option that must be enabled.
  • Added the option to fetch asset group data from Rapid7 for device enrichment.
  • Added the option to fetch assets excluded from scans.

• SailPoint IdentityIQ

  • Added the capability to enter a comma separated list of fields to exclude from the fetch.
  • Added the capability to enter a comma-separated list of extra fields to fetch.

• ServiceNow

  • Added the capability to enter textual values in addition to numerical values for the following configurations:
    • Install status exclude list
    • Install status include list
    • Operational status exclude list
    • Operational status include list
  • Added the option to fetch running processes information.
  • Added the option to populate the Axonius owner aggregated field based on the Service Now "assigned to" field instead of the "opened by" field.

• Slack

  • Added an option to not fetch users that were deleted

• Splunk - Added parsing of installed security patches to this adapter.

• Suma Logic - Added the capability to fetch both user and device data at the same time.

• Tenable.sc

  • Axonius now distinguishes between a vulnerability fetched from the Mitigated table and a vulnerability is fetched from the cumulative table. When a vulnerability is fetched from the Mitigated table it is marked 'Mitigated - Not Vulnerable'. When a vulnerability is fetched from the cumulative table and was vulnerable before, it is marked 'Previously Mitigated (Currently Vulnerable)'
  • Added the capability to exclude devices whose hostnames start with a defined string.
  • Added the capability to select installed software plugins about which to fetch information.

• Tenable.io

  • Added the capability to select installed software plugins about which to fetch information.
  • Added the capability to fetch data from the Windows services plugin 44401 for each device.
  • Added the option to fetch information about the network to which the device is connected.
  • Added the option to not fetch any vulnerabilities.
  • Added an option to fetch vulnerabilities with the state 'fixed'.
  • Added an option to not fetch users that are disabled within Tenable.io

• TeQube Teqtivity - added the capability to select one or more asset types to exclude from the device fetch.

• Universal SSH Key Manager (UKM) - Added a capability to use a field name instead of the host name.

• Veeam

  • Added the capability to fetch information about physical infrastructure servers.
  • Added support of Veeam Backup & Replication 11.

• VMware ESXi and vSphere

  • Added the option to fetch snapshots from virtual machines.
  • This adapter now supports users (from vCenter 6.7 and higher).
  • Added option so that the Preferred Serial Number (and the Device Manufacturer Serial) for the ESX device will have a value with the format
    VMware-xx xx xx xx xx xx xx xx-xx xx xx xx xx xx xx xx
    where the x’s are the characters of the UUID.

• VMware vRealize Operations (vROps) - Added support for cloud hosted. An appropriate authentication method is available when choosing cloud hosted.

• VMWare Workspace ONE

  • Added the capability to query the compliance API.
  • Added support for OAuth authentication.

• Wazuh

  • Added the option to fetch extra information about the asset such as system inventory items, or the scan database.
  • Added the capability to configure the API rate per minute.

• Windows DHCP Server - Added the option to fetch statistical information about the DHCP service.

• Wiz

  • Permissions required for Report Connection were updated.
  • Added the option to enter a project UUID to fetch resources only from the project listed.
  • Added the option to attach cloud storage volumes to their associated VMs. When you select this option, volumes are not created as separate devices.
  • Added the possiblity to specify a comma-separated list of tag keys to be parsed as device fields.
  • Added an option to fetch Wix Users.

• Workday

  • Private Key File, Public Certificate file and certificate passphrase were removed from the configuration of this adapter.
  • Added the option to enter a SOAP URL for a Workday Custom Report endpoint.

• Zabbix - added the capability to fetch items.

• Zoom

  • Permissions required for this adapter were updated.
  • Added the option to not fetch information about rooms on the Zoom calendar.
  • Added the option to also fetch users with a status of 'inactive'.
  • Added the option to not fetch devices whose account type is a service account.

• ZScaler Web Security - Permissions required for this adapter were updated.

For more details:

• Explore the entire list of supported and integrated adapters.

  
  

New Enforcement Actions

The following Enforcement Actions were added:

• GCP - Add or Remove Tags to/from Assets - This action adds or removes tags from Google Cloud Provider assets.
• Jira Service Management - Create Issue creates one incident in Jira Service Management for all of the assets retrieved from the saved query supplied as a trigger (or from the entities selected in the asset table).
• Jira Service Management - Create Issue per Asset
  • A number of fields were added to this Action in order to provide more details. In addition, fields were renamed to make them clearer and explanations were expanded.
  • It is now possible to include a CSV file with the query results in the issue created.
• SentinelOne - Remove Asset - This action removes existing assets from SentinelOne.
• Microsoft Active Directory (AD) - Change Assets OU moves the assets (users or devices) retrieved from the saved query supplied as a trigger (or assets that were selected in the asset table) from one Organizational Unit (OU) to another in Microsoft Active Directory (AD).
• Okta - Add or Remove Users to/from Group adds or removes each user retrieved from the saved query supplied as a trigger (or users selected in the asset table) to an Okta group.
• Zoho Desk - Create Ticket - This action creates a Zoho Desk ticket.

Updated Enforcement Actions

The following Enforcement Actions were updated:

• Cherwell - Update Assets - Added the option to select which adapter connections should be ignored.

• Freshservice - Create ticket per Asset, and Freshservice - Create Ticket - Description, subject, and priority are no longer required fields.

• Freshservice Create Ticket per Asset - added support of Create incident V2 API

• Have I Been Pwned - The capability was added to configure additional email fields.

• HTTP Server - Send to Webhook - This Action was renamed from Web Server Information - Send to Webhook.

• Jira Service Management - Create Insight Asset per Asset

  • Added option to configure not to return failed if assets are not created because of unique attributes.
  • Added capability to use this action to also update Insight Assets if they already exist.

• Microsoft Azure DevOps - Create Task - Added options to create work items as required, and add new work item types if needed.

• Microsoft Azure (Azure AD) Add Assets to Group name was changed to Microsoft Azure (Azure AD) - Add or Remove Assets in Group. This action now also supports removing assets from a group.

• Microsoft Active Directory (AD) - Add or Update LDAP Attributes of Assets - Added the ability to select the source of LDAP attributes.

• Microsoft Azure - Send CSV to Azure Storage - added the option to select blob type Azure storage.

• Microsoft Teams - Send Message - Added the Send the query summary in the message body field.

• Okta - Enable Users - added the option to choose whether the action will Unsuspend or Reactivate users.

• Okta - Disable Users - added the option to choose whether the action will Suspend, Deactivate or Delete users.

• ServiceNow - Update Assets - Added the option to select which adapter connections should be ignored.

• SQL - Send Assets to Table - The capability was added to use the Field Mapping Wizard to map Axonius fields to SQL Server table columns.