Axonius 5.0 Ongoing Adapter and Enforcement Action Updates

The following includes new Adapters and Enforcement Actions and ongoing updates to Adapters and Enforcement Actions as they are added to Axonius 5.0

• View full information about new and updated features in Axonius 5.0

New Adapters

The following new adapters were added:

• 7SIGNAL Mobile Eye

  • 7SIGNAL Mobile Eye is a Wi-Fi performance management and monitoring SaaS application that helps enterprises optimize wireless device connectivity. (Fetches: Devices)

• AKIPS

  • AKIPS is a secure on-prem, multi-vendor network-monitoring system for the enterprise market. (Fetches: Devices)

• Akamai EAA

  • Akamai Enterprise Application Access (EAA) (IAM) is part of the edge platform that helps companies secure applications that run behind a firewall or in a public cloud. (Fetches: Devices, Users)

• Avigilon Alta (formerly Openpath)

  • Avigilon Alta (formerly Openpath) is a cloud-based physical access control solution for unified video and access control. (Fetches: Users)

• Backstage

  • Backstage is an open platform for building developer portals. (Fetches: Devices)

• Backup Radar

  • Backup Radar is a backup monitoring, reporting, and compliance solution. (Fetches: Devices)

• Bishop Fox

  • Bishop Fox performs offensive security, penetration testing, red teaming, and attack surface management. (Fetches: Devices)

• Certero

  • Certero is an IT hardware, software, SaaS, and cloud asset management solution. (Fetches: Devices)

• Cisco DCNM

  • Cisco Data Center Network Manager (DCNM) is a network management solution for next generation data centers. (Fetches: Devices)

• Cisco Secure Workload (formerly Tetration)

  • Cisco Secure Workload (formerly Tetration) (IAM) is a micro-segmentation platform that offers zero trust-based workload protection for multi cloud data centers. (Fetches: Devices)

• Cisco UCS Central

  • Cisco Unified Computing System (UCS) is a data center server computer product line that brings together compute, networking, and storage, all in a single system to power applications. (Fetches: Devices)

• Crestron XiO Cloud

  • Crestron XiO Cloud is a technology operations management platform that allows users to configure and manage all Crestron device from one central location. (Fetches: Devices)

• CTL Cider

  • CTL Cider is a DevOps focused application that provides information regarding node health, resources, and availability. (Fetches: Devices)

• Deep Instinct

  • Deep Instinct is an anti-ransomware and anti-malware solution that leverages deep learning to help prevent malware from executing inside organizations' environments. (Fetches: Devices)

• Dell ECS

  • Dell ECS (Elastic Cloud Storage) is a software-defined object storage platform that provides organizations with an on-premise alternative to public cloud solutions. (Fetches: Devices, Users)

• Dell PowerProtect DD Management Center

  • Dell PowerProtect Data Domain Management Center is a centralized storage management solution that provides aggregate capacity, replication and performance management, and reporting. (Fetches: Devices)

• Dell PowerScale OneFS

  • Dell PowerScale OneFS is a scale-out network attached storage (NAS) platform that addresses unstructured data needs at the edge, the core, or the cloud. (Fetches: Devices)

• Dell PowerStore

  • Dell PowerStore is a flexible, scalable data storage appliance designed for data-centric infrastructures. (Fetches: Devices, Users)

• Dell Unisphere For Unity

  • Dell Unisphere enables Dell EMC Unity customers to manage storage systems. (Fetches: Devices)

• Dell VPLEX

  • Dell VPLEX delivers continuous data availability, transparent data mobility, and nondisruptive data migration for mission-critical applications. (Fetches: Devices)

• DigitalOcean

  • DigitalOcean is a cloud hosting provider that offers cloud computing services and Infrastructure-as-a-Service (IaaS). (Fetches: Devices)

• Flexera Software Vulnerability Research

  • Flexera Software Vulnerability Research provides access to verified intelligence from Secunia Research. (Fetches: Devices)

• ForcePoint ONE

  • Forcepoint ONE provides data protection that monitors real-time traffic and prevents data loss. (Fetches: Devices)

• Google Chronicle Security

  • Google Chronicle Security is designed for enterprises to privately retain, analyze, and search security and network telemetry. (Fetches: Devices)

• Google Sheets

  • Google Sheets is a spreadsheet application included as part of the free, web-based Google Docs Editors suite offered by Google. It is used to upload files from Google Sheets.

• GoSecure Titan

  • GoSecure Titan integrates endpoint, network, and email threat detection into a single endpoint detection and response service.

• Halcyon

  • The Halcyon Anti-Ransomware and Cyber Resilience Platform offers layered ransomware protection. (Fetches: Devices)

• Huawei eSight

  • Huawei eSight is an enterprise operation and maintenance (O&M) platform that provides cross-vendor and cross-product converged management, visualized monitoring, and intelligent analysis for enterprise ICT devices. (Fetches: Devices)

• Infinibox

  • Infinidat InfiniBox provides enterprise storage for mixed application workloads. (Fetches: Devices)

• Kemp Central

  • Kemp 360 Central is an (Infra Monitoring) application delivery and management platform for infrastructure monitoring of all data centers, private clouds, IaaS, PaaS, and public cloud. (Fetches: Devices)

• Linode

  • Linode, acquired by Akamai, is a cloud hosting provider that provides Linux-based virtual machines, cloud infrastructure, and managed services. (Fetches: Devices, Users)

• Milestone XProtect

  • Milestone XProtect is a video management software (VMS) for video surveillance. (Fetches: Devices, Users)

• MSP Manager

  • N-able MSP Manager is cloud-based help desk and billing software for IT service. (Fetches: Devices)

• Mulesoft Runtime Fabric

  • Mulesoft Runtime Fabric is a container service that automates the deployment and orchestration of Mule applications and gateways. (Fetches: Devices)

• NetApp Active IQ Unified Manager

  • Active IQ Unified Manager provides performance monitoring capabilities and event root-cause analysis for systems running NetApp ONTAP software. (Fetches: Devices)

• Notion

  • Notion offers a workplace productivity suite that includes solutions for collaboration and communication, task management, project tracking, and more. (Fetches: Users)

• Parsec

  • Parsec App is a remote desktop (Remote Conferencing, Collaboration) application primarily used for playing games through video streaming. (Fetches: Devices)

• PingFederate

  • PingFederate from Ping Identity is an enterprise authentication federation server (IAM) that enables user authentication and single sign-on. (Fetches: Users, SaaS Data)

• Portnox CORE

  • Portnox CORE is a software-based solution that runs on Windows Servers (physical and virtual) to continually communicate with all existing networking infrastructure, gaining complete visibility into all assets currently connected to the network. (Fetches: Devices)

• Rapid7 Threat Command

  • Rapid7 Threat Command is an external threat intelligence tool that helps users find and mitigate threats targeting organizations. (Fetches: Users)

• Red Hat Customer Portal

  • The Red Hat Customer Portal provides access to product evaluations, purchasing capabilities, and knowledge management content. (Fetches: Devices)

• Red Hat Insights

  • Red Hat Insights is a managed service for the automated discovery and remediation of issues in Red Hat products. (Fetches: Devices)

• RHSM Management Portal

  • Red Hat Subscription Management (RHSM) provides tools that help administrators track information about support contracts and software subscriptions. (Fetches: Devices)

• Riverbed NetIM

  • Riverbed NetIM is a solution for discovering, modeling, monitoring, and troubleshooting your infrastructure. (Fetches: Devices)

• Rudder

  • Rudder is an open source audit and configuration management utility to help automate system configuration. (Fetches: Devices)

• SafeBreach

  • SafeBreach offers a breach and attack simulation platform that helps organizations locate and remediate security issues. (Fetches: Devices, Users)

• ScienceLogic

  • ScienceLogic is an IT operations management (ITOM) and AIOps platform for monitoring and managing hybrid cloud infrastructure. (Fetches: Devices)

• Sepio Prime

  • Sepio Prime is an asset risk management platform that provides visibility into organizations' hardware assets and their related security posture. (Fetches: Devices, Users)

• Snowflake Data Warehouse

  • Snowflake is a data warehouse built on top of the Amazon Web Services or Microsoft Azure cloud infrastructure, and allows storage and compute to scale independently. (Fetches: Devices, Users, SaaS Data)

• Sunflower

  • Sunflower Lab is a mobile app, web app, and custom software development company. (Fetches: Devices)

• Symantec Cloud Secure Web Gateway (WSS Agent)

  • Symantec WSS is a cloud-delivered secure web gateway that protects against malware and enforces policies to access the web. (Fetches: Devices)

• Tanium Comply

  • Tanium Comply conducts vulnerability and compliance assessments against operating systems, applications, security configurations, and policies. (Fetches: Devices)

• ThousandEyes

  • ThousandEyes is a network infrastructure monitoring and troubleshooting platform. (Fetches: Devices)

• **Vultr **

  • Vultr is a global cloud hosting company offering high-performance cloud servers, cloud GPUs, bare metal, and cloud storage. (Fetches: Devices, Users)

• Wordpress

  • WordPress is a web content management system.(Fetches: Users)

• WP Engine

  • WP Engine is a website hosting provider aimed at providing managed hosting solutions for websites and applications. (Fetches: Users)

• Zero Networks

  • Zero Networks automates the development and enforcement secure remote connectivity and software-defined segmentation. (Fetches: Devices, Users)

Updated Adapters

The following adapters were enhanced:

• A10 - Added the option to to fetch the members from the server groups and add to the Virtual Servers all the backend IPs that are connected to its ports.

• Absolute - Added the option to fetch groups.

• Aruba AirWave - Added the option to use asynchronous requests while fetching to reduce fetch time.

• AssetPanda - Added the advanced option to select the type of asset to fetch.

• AWS

  • When appropriate permissions are added (route53domains:ListDomains, route53domains:GetDomainDetail) domain detals information for route53 is also fetched.
  • Added the option to fetch AWS Backup plans and vaults.
  • Added the option to enrich “S3 bucket” devices with their bucket size.
  • Added the option to use the Cloud ID as the manufacturer serial number.
  • Added the option to fetch Global Accelerators as devices.
  • Added the option to fetch Glue data as devices.

• Axonius Network Discovery - Add the capability to add a comma separated list of DNS resolvers. The system will then use them to get the DNS name of the device from the IP address.

• BambooHR - Added the capability to enter a comma separated list of custom fields to ingest.

• BigFix - Added the capability to enter a number of days to filter the devices that are fetched based on the device’s last report time.

• BigID- Added the option to fill in the Catalog Data field.

• Brivo - Added the option to fetch additional data for users.
  Enabling this may have a slight negative impact on performance for large datasets.

• Cherwell IT Service Management - Added the option to map Cherwell's Last Modified field as the device's Last Seen field.

• Cherwell IT Service Management (SQL) - Added the option to parse the vendor model into the “device model family” field instead of the device model.

• Cisco Umbrella

  • Added the capability to enter the API Key and secret for the Umbrella Management API version being used, either API v1 or API v2.
  • Added settings to select the resources to fetch

• Code42 Incyder - Added an option to filter by Org IDs.

• CrowdStrike Falcon

  • Added the option to fetch FileVantage data.
  • Added the option to fetch devices in hidden status.
  • Added the option to set that the AWS de-duplication logic uses the device's External IP as a key to detect duplications, allowing devices with different Local IPs (for example, due to DHCP configuration) to be detected as duplicates.

• CrowdStrike Falcon Discover

  • Added the option to only ingest devices if the Product Type field exists on the device.
  • Added option to filter installed software, and set how to populate it.
  • Added the option to fetch the IoT devices from the discover/queries/iot-hosts/v1 endpoint.

• CSV

  • Added support to upload CSV files from Microsoft OneDrive.
  • Added the capability to add a timestamp to CSV file names.
  • Supports upload of Excel Spreadsheets.

• Device24 - Added the option to parse the hostname from the Hostname custom field instead of the name field.

• DigiCert CertCentral - Account ID field was removed from the adapter's configuration

• Eclypsium - Added the option to fetch extra data for each device from the endpoint "api/v1/fullhosts/{device_id}"

• Elasticsearch

  • Added an option to parse all the fields fetched from the API as dynamic fields.
  • Added the capability to enter a page size to control the number of items to return per request to the Search API.

• F5 BIG-IP iControl - Added the option to fetch the NAT rules from F5 iControl REST and associate them with the Virtual Servers.

• F5 BIG-IQ Centralized Management - Added the option tofetch all the all the BIG IPs devices currently connected to BIG IQ Virtual Servers, enriching the BIG IQ Device itself.

• Fortinet Fortigate - Added an option to fetch all the firewall rules, as well as their policies and addresses.

• Freshservice

  • Added the option to fetch Freshservice product fields.
  • Added the option to fetch EC Action ticket updates.
  • Added the option to only use 90% of the API total rate limit bandwidth.

• Illumino Adaptive Security Platform (ASP) - Added an option to stop fetching devices of the type “Workload”

• Infoblox DDI - Added the option to Fetch using Infoblox database download for the DHCP Lease and DNS Host Record asset types

• IP Fabric - Added the option to not fetch devices if they do not have a hostname.

• Ivanti Unified Endpoint Manager (formerly Landesk)

  • Added the option to select additional endpoints to fetch.
  • Added a fields with list of fields that are fetched by default. Users can remove fields to make fetch faster.

• Jira Service Management - Added the option to fetch EC Action ticket updates.

• ManageEngine Desktop Central and Patch Manager was rebranded as ManageEngine Endpoint (Desktop) Central and Patch Manager Plus

• ManageEngine Endpoint (Desktop) Central and Patch Manager Plus - Added the capability to enter a comma separated list of configured device_type values. Devices will only be fetched if they have the device_type values listed.

• The adapter named ManageEngine Service Desk Plus (SDP) was deprecated and replaced by ManageEngine Service Desk Plus which includes all of its functionality and more.

• Men&Mice DNS Management - Added the option to fetch IPAM Records as devices.

• Microsoft Active Directory (AD)

  • Added the option to parse the user mail as a specific field, and not an aggregated field. Use this field only after direction from Axonius support.
  • ms-Msc-AdmPwd is no longer fetched by default. In order to fetch it, clear the new setting Exclude ms-Msc-AdmPwd field.
  • Added support for SASL Authentication.

• Microsoft Azure

  • Added the option to enrich Virtual Machines devices with their backup config information, if it exists.
  • Recovery Service Vaults can now be selected as an "Azure services to fetch as device". This fetches Recovery Services Vaults from Azure with their respective backup items information.
  • Added the following to 'Azure services to fetch as devices': Event Hubs, Kubernetes Agent Pools, Load Balancing Rules, Network Security Rules, Application Gateway and Application Gateway HTTP Listener, API Management, Container App, Container Group, Container Registry, Data Factory, Database for PostgreSQL - Flexible Server, Database for PostgreSQL - Single Server, Private Endpoints, Network Interfaces, System Topics, Machine Learning Service Registries, Machine Learning Service Workspaces, Machine Learning Web Services.

• Microsoft Azure Active Directory (Azure AD) and Microsoft Intune

  • Added an option to fetch managed app registrations from MAM.
  • Added the capability to enter a filter expression to exclude Azure Active Directory users from the fetch.
  • Added the option if the hostname value is not defined, the hostname for each device will take the asset name as its value.

• Microsoft Defender for Endpoint - Added the capability to filter the last logged users by domain.

• Miro

  • Added new SaaS Management fields (Username, Password, MFA).
  • Added the organizations:teams:read scope for accounts with SM capabilities.
  • Added support for token non expiration flow.

• Microsoft System Center Configuration Manager (SCCM) - Changed the name of SQL pagination to SQL page size and added separate configuration for the device batch size that is processed.

• Mimecast

  • Added the capability to enter a comma-separated list of usernames to exclude from the fetch. Any user that contains a string from the exclude list, will be excluded from the fetch.
  • Added the capability to enter a comma-separated list of users' emails to exclude from the fetch. Any user that contains a string from the exclude list, will be excluded from the fetch.
  • Added the option to not fetch a user if it is an alias.

• N-Able N-Sight RMM - Added capability to fetch the Asset Status

• Nucleus Security - Added the capability to select the severity of issues to fetch.

• Okta -

  • Added the option to enrich data in a synchronous manner.
  • Added an advanced configuration to set the limit of results per page when fetching devices with detailed user information.

• OneLogin - Added the capability to enter a case-sensitive comma-separated string of custom attribute fields to display in Axonius.

• OpsRamp - Added capability to fetch devices for more than one tenant with the same credentials.

• Oracle Cloud - Added the capability to select the Oracle Cloud services to fetch as devices.

• Outpost24 - Added the option to specify a value in days from the current day to fetch netsec vulnerabilities according to the last seen date.

• PagerDuty - Added the option to add escalation policies related to the users to the user fields, based on the "target" of the escalation policy.

• Palo Alto Networks Cortex XDR - Added an option to fetch a list of users per device.

• Palo Alto Networks Cortex Xpanse - Added support for API Version 2

• Prisma Cloud Workload Protection (CWPP) - Added the option to create devices from images.

• Qualys Cloud Platform

  • The following advanced settings were removed: Request timeout, Chunk size, Devices per page, Intervals between retries (seconds), Number of retries
  • Added the option to fetch additional host information for each device.
  • Added the option to fetch the Qualys Quality Detection Score.
  • Added the option to ignore Vulnerabilities where the Status field is set to "Fixed".
  • Added the option to not fetch devices without a Host Name.

• Rapid7 Nexpose and Insight VM - Added an option to filter the devices that are fetched using InsightVM assets search filter syntax.

• RunZero - Added the option to not save the raw data, by default this is set to false and raw data is saved.

• SentinelOne

  • Added the option to fetch threats of a devices when the infected value on the SentinelOne server is set to true.
  • Added the option to fetch Sentinel One applications.

• ServiceNow

  • Added the option to take the hostname value from the asset_tag servicenow field value.
  • Added the option to fetch and parse the latest transaction (from syslog_transaction table) for each ServiceNow user, to the field “Last Transaction”.
  • Added the option to fetch EC Action ticket updates.
  • Added the option to remove the domain suffix from the ServiceNow Hostname field.

• Shadowserver - Added the option to fetch all of the report types that are available.

• SQL Server - Added the option to not only fetch the SQL Server Table Name provided in the configuration but also query the system's Service Principle table for extra user assets.

• SysAid - This adapter now fetches users.

• Tanium Discover - Added a setting to verify that only devices selected in the basic configuration will be ingested in Axonius.

• Tenable.sc

  • Added option to fetch asset groups from devices without UUID.

• Tenable.io

  • Added an option to parse SSL certificate information from plugin ID number 10863.
  • Added an option to ignore devices from unauthenticated fetches, that is, devices without agents.
  • Added an option to cancel old exports jobs before starting a new one
  • Added an option to fetch compliance data in the background.
  • Added an option to fetch web applications as assets.
  • Added an option to fetch cloud resources as assets.
  • Added capability to add a list of tags to parse as fields
  • Added an option to fetch deleted devices
  • Added an option to customize the number of days to bring vulnerabilities seen.
  • Added an option to combine a key-value pair as the key of the tag.

• Tenable Nessus - Added the option to fetch plugin output.

• Trend Micro Deep Security - Added a 'Fetch Users' option which is selected by default. This can be cleared to not fetch users.

• Truefort - Added the option to fetch asset profiles for each application.

• Velociraptor - Added the option to ignore devices that do not have data which can help to correlate them.

• Veracode - Added the option to enable fetching Findings for devices, which includes scans and vulnerability information from Veracode.

• VMware SD-WAN

  • The Enterprise Logical ID must now be added when configuring this adapter.
  • Added the option to fetch devices of the type "Client device" in addition to the other devices fetched by the adapter

• VMWare Workspace ONE (AirWatch) - Added the option to clear not fetch users.

• Web Server Information - Added the capability for import of domains in bulk.

• Wiz - Added the option to fetch cloud account tags to enrich associated assets.

• Zabbix - Added the option to set hostnames from the relevant item in the item section that has a hostname.

• Zscaler Web Security - Added the option to add the last used users information for duplicated devices.

• Zscaler ZDX - Added the option to fetch locations.

For more details:

• Explore the entire list of supported and integrated adapters.

New Enforcement Actions

The following Enforcement Actions were added:

• Axonius - Calculate Risk Score - Calculates the risk score per device, per vulnerability, or per-vulnerability-per-device, and writes the calculated value into the relevant Axonius risk score field.
• BOSSDesk - Create Ticket - creates a ticket in BOSSDesk.
• Device42 - Create or Update Assets - Creates and/or updates assets in Device42.
• GSuite - Delete Extension - Deletes Google Extensions.
• GCP - Add or Remove Labels to/from Assets - Adds or removes labels from Google Cloud Provider assets.
• Lenovo - Enrich Asset Data - Enriches Lenovo devices with warranty information.
• Netbox - Connect Contacts to Device - Connects Netbox contacts to their associated discovered devices.
• Netbox - Create or Update Assets - Creates a Netbox Asset, or updates Netbox Assets.
• Netbox - Remove Assets - Removes Netbox Assets, or updates Netbox Assets.
• Salesforce - Suspend User - Added the abilty to suspend users.
• SAP Concur - Create User - Creates a user in SAP Concur.
• SAP Concur - Delete User - Deletes a user from SAP Concur.
• SAP Concur - Modify User - Updates a user in SAP Concur.
• Send Assets Data - Kovrr - Sends asset data to Kovrr.
• SysAid - Create Incident - Creates incidents in Sysaid.
• Tenable.io - Update Account Status - Enables or disables Tenable.io accounts.
• Trend Micro Apex One (OfficeScan) - Isolate, Restore, Relocate Security Agent - Isolates, restores, relocates, or uninstalls the security agent in Trend Micro Apex One.

Updated Enforcement Actions

The following Enforcement Actions were updated:

• Amazon Web Services (AWS) - Send JSON to S3 - Added the ability to always represent aggregated fields as arrays in the JSON file that is created.

• Freshservice - Create Ticket - Added the option to create a change request.

• Freshservice - Create Ticket per Asset - Add default ticket description configuration option was removed from the configuration of this action.

• ServiceNow - Create Assets - Added the ability to select the operator when using additional fields.

• ServiceNow - Update Assets - Added the possiblity to that when the Enforcement Set runs on a device with two ServiceNow records, the user can enter a comma separated list of ServiceNow tables. Only records from the tables listed in this fields are updated. You can enter a wildcard (*) in this field, in which caes all records are updated.

• Shodan - Enrich Asset Data - Added the option to enrich using the hostname instead of the IP address.