Login
    Contents x
    Axonius 6.0 Ongoing Adapter and Enforcement Action Updates
    • 16 Apr 2024
    • 45 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Axonius 6.0 Ongoing Adapter and Enforcement Action Updates

    • Updated on 16 Apr 2024
    • 45 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    The following includes new Adapters and Enforcement Actions and ongoing updates to Adapters and Enforcement Actions as they are added to Axonius 6.0

    New Adapters

    The following new adapters were added:

    • 1Password
      • 1Password is a password manager providing a place for users to store various passwords, software licenses, and other sensitive information in a virtual vault. (Fetches: Users)
    • Aircall
      • Aircall is a cloud-based phone system. (Fetches: Users)
    • AKAssets
      • Akamai AKAssets provides data on users, components and applications. (Fetches: Users)
    • Akeyless
      • Akeyless is a SaaS-based solution that provides secrets management and zero-trust access. (Fetches: Devices, Users)
    • Alloy
      • Alloy Software provides IT Service Management, IT Asset Management, and Network Inventory software. (Fetches: Devices)
    • Anomali ThreatStream
      • Anomali ThreatStream is a threat intelligence management platform. (Fetches: Devices)
    • Asimily Insight
      • Asimily provides a vulnerability management platform that scans for devices, vulnerabilities and attack paths, and helps organizations prioritize and manage risk for IoMT, IoT, and laboratory devices. (Fetches: Devices)
    • AttackIQ
      • AttackIQ is a breach and attack simulation that allows for remote testing and continuous security validation. (Fetches: Devices)
    • Autodesk Cloud Platform
      • Autodesk Cloud Platform is comprised of the Forma, Fusion and, Flow industry clouds. (Fetches: Devices, Users)
    • Backblaze
      • Backblaze provides cloud backup and storage services. (Fetches: Devices and Users)
    • BGProtect DNS Guard
      • BGProtect DNS Guard provides DNS monitoring to help detect changes to DNS records. (Fetches: Devices)
    • BGProtect Route Guard
      • BGProtect Route Guard provides BGP analysis, route geographical analysis, network ownership, and reachability to detect IP hijacks. (Fetches: Devices)
    • BILL
      • BILL is a leading provider of cloud-based software that digitizes and automates back-office financial processes. (Fetches: Users, SaaS data)
    • Bitwarden
      • Bitwarden is an open-source password manager. (Fetches: Users)
    • BloxOne Threat Defense
      • BloxOne Threat Defense uses the cloud to detect threats while tightly integrating with companies' on-premises ecosystem. (Fetches: Devices)
    • Breachsense
      • Breachsense monitors the dark web, private hacker forums, and criminal marketplaces to detect data leaks. (Fetches: Devices, Users)
    • CDW
      • CDW is a multi-brand technology solutions provider. (Fetches: SaaS data)
    • CHG Meridian
      • CHG-Meridian develops, finances, and manages technology usage.
    • CipherTrust Manager(Fetches: Devices)
      • Thales CipherTrust Manager is a key management solution for the CipherTrust Data Security Platform. (Fetches: Devices)
    • Cisco AppDynamics
      • Cisco AppDynamics is an application performance monitoring tool. (Fetches: Devices, Users)
    • Cisco CX Cloud
      • CX Cloud combines Cisco technology with AI/ML-driven insights, use cases, and contextual learning. (Fetches: Devices)
    • Claroty Cloud
      • Claroty Cloud is a cyber-physical security (CPS) platform for IoT security. (Fetches: Devices)
    • Com Laude
      • Com Laude is a domain name registrar, providing domain name management services. (Fetches: Devices, Users)
    • Cradlepoint
      • Cradlepoint develops cloud-managed wireless edge networking equipment. (Fetches: Devices)
    • Cribl
      • Cribl is a vendor-agnostic observability pipeline used to collect, reduce, enrich, normalize, and route data. (Fetches: Devices, Users)
    • CrowdStrike Falcon Spotlight
      • CrowdStrike Falcon Spotlight is a real-time, scanless vulnerability management solution. (Fetches: Devices)
    • CSI Leasing
      • The CSI Adapter tracks hardware contract expiration details. (Fetches: Devices)
    • CyberArk Alero
      • CyberArk Alero secures remote access to critical systems for employees and third-party vendors. (Fetches: Devices, Users)
    • Dell Boomi
      • Dell Boomi’s iPaaS platform enables businesses to discover, manage, and orchestrate data while connecting applications, processes, and people. (Fetches: Devices)
    • Dell PowerMax
      • Dell PowerMax is an NVMe-based (Non-Volatile Memory Express), mission-critical data storage offering. (Fetches: Devices)
    • Dell RecoverPoint
      • Dell RecoverPoint is a data protection and disaster recovery solution. (Fetches: Devices)
    • Docker
      • Docker is a platform designed to help developers build, share, and run container applications. (Fetches: Devices)
    • Dope Security Flightdeck
      • Dope Security is an endpoint-based secure web gateway solution. (Fetches: Devices)
    • Eagle Eye Networks
      • Eagle Eye Networks provides cloud-based video surveillance products for physical security and business operations applications. (Fetches: Devices)
    • Ekran
      • Ekran System is a cybersecurity software vendor delivering a full-cycle insider risk management platform. (Fetches: Users)
    • Elastic Defend
      • Elastic Defend (formerly Endgame) is a tool for malware prevention, detection, and response. (Fetches: Devices)
    • Entrust
      • Entrust provides identity, payment, and data security solutions. (Fetches: Devices)
    • ESET PROTECT
      • ESET is an Endpoint Protection Platform (EPP) for Windows, Mac, Linux, Android, and iOS operating systems. (Fetches: Devices)
    • ExtremeCloud IQ Site Engine
      • ExtremeCloud IQ Site Engine is an IT operations tool for web-based reporting, network analysis, troubleshooting, and helpdesk. (Fetches: Devices)
    • Eyeinspect
      • ForeScout eyeInspect is a compliance and threat analysis tool for ICS and OT environments. (Fetches: Devices)
    • Feedly
      • Feedly is a news aggregator application for various web browsers and mobile devices. (Fetches: Devices)
    • FireEye Endpoint Security Logon Tracker
      • FireEye Endpoint Security Logon Tracker enables the investigation of lateral movement within Windows enterprise environments. (Fetches: Devices)
    • Flexera SVM
      • Flexera Security Vulnerability Manager (SVM) is a vulnerability assessment, patch management, and vulnerability intelligence platform. (Fetches: Devices)
    • Forcepoint Insider Threat
      • Forcepoint Insider Threat is a security analytics tool for searching, detecting and mitigating malicious actors or insider threats. (Fetches: Users)
    • Forescout Switch Plugin
      • Forescout Switch Plugin is a component of the ForeScout CounterACT Network Module and provides switch to endpoint information as well as VLAN and ACL management capabilities. (Fetches: Devices)
    • Google BigQuery
      • BigQuery is a serverless, highly-scalable, and cost-effective cloud data warehouse with an in-memory BI Engine and machine learning built in. (Fetches: Devices)
    • Greenhouse
      • Greenhouse is a talent acquisition software company that offers its suite of tools and services to help businesses with the hiring process. (Fetches: Users, SaaS data)
    • HashiCorp Nomad
      • HashiCorp Nomad deploys new and legacy applications across multiple datacenters, regions, and clouds. (Fetches: Devices)
    • HP Anyware
      • HP Anyware supports hybrid work environments allowing users to access their digital workspaces without a VPN. (Fetches: Devices)
    • HPE Switches
      • HPE Switches provide switch inventory and ARP table information.
        (Fetches: Devices, ARP table)
    • Huawei eSight 21.x
      • Huawei eSight is an enterprise operation and maintenance (O&M) platform that provides cross-vendor and cross-product converged management, visualized monitoring, and intelligent analysis for enterprise ICT devices. (Fetches: Devices)
    • Huawei OceanStor Dorado V3
      • Huawei OceanStor Dorado V3 is an all-flash storage solution. (Fetches: Devices)
    • HYCU
      • HYCU is a SaaS-based data management product including data protection, migration and disaster recovery. (Fetches: Devices)
    • IBM License Metric Tool
      • IBM License Metric Tool (ILMT) helps manage license allocation services on supported systems. (Fetches: Devices)
    • Intel EMA
      • Intel® Endpoint Management Assistant (Intel® EMA) software provides the ability to remotely and securely manage Intel® Active Management Technology (Intel® AMT) devices beyond the firewall, via the cloud, on known Wi-Fi networks. (Fetches: Devices)
    • Ivanti for Patch Management
      • Ivanti Neurons for Patch Management continuously senses, discovers, and remediates security threats. (Fetches: Devices)
    • Ivanti Neurons
      • Ivanti Neurons is a unified endpoint management tool that discovers and remediates security threats. (Fetches: Devices)
    • Jamf Trust
      • Jamf Trust provides enterprise-level security and remote access for mobile devices. (Fetches: Devices)
    • Jenkins
      • Jenkins is an open-source automation server for continuous integration and delivery, facilitating software building, testing, and deployment. (Fetches: Users)
    • Keeper
      • Keeper is a password and secrets management solution that helps protect and monitor passwords, secrets, and remote connections. (Fetches: Users)
    • Lenel OnGuard
      • Lenel OnGuard is an integrated access control and alarm monitoring system. (Fetches: Users)
    • ManageEngine Network Configuration Manager
      • ManageEngine Network Configuration Manager is multi-vendor network change & configuration management software for switches, routers, and firewalls. (Fetches: Devices, Users)
    • ManageEngine PasswordManagerPro
      • ManageEngine PasswordManagerPro is a complete solution to control, manage, monitor, and audit the entire life cycle of privileged access. (Fetches: Devices)
    • Microsoft Defender External Attack Surface Management (Defender EASM)
      • Microsoft Defender External Attack Surface Management discovers and maps the digital attack surface and provides an external view of a company’s online infrastructure. (Fetches: Devices)
    • Microsoft Defender for Endpoint for GCC
      • Microsoft Defender for Endpoint for GCC helps enterprise government networks prevent, detect, investigate, and respond to advanced threats. (Fetches: Devices, Users)
    • Moogsoft
      • Moogsoft is an AI-driven observability platform for monitoring solutions. (Fetches: Devices, Users)
    • MuleSoft Anypoint Platform
      • The MuleSoft Anypoint Platform is a single solution for developing, deploying, securing, and managing APIs and integrations. (Fetches: Users)
    • NAVEX
      • NAVEX is a governance, risk, and compliance management platform for employee, third-party, and business processes management. (Fetches: Devices)
    • NetWitness NDR
      • NetWitness provides real-time network forensics with automated threat detection, response, and analysis solutions. (Fetches: Devices)
    • Nexthink Infinity
      • Nexthink Infinity provides digital workplace experience management software that provides real-time visibility and insights into application performance. (Fetches: Devices)
    • Nutanix Cloud Manager (NCM) Cost Governance
      • Nutanix Cloud Manager (NCM) Cost Governance (formerly Beam) provides visibility into cloud spend across multiple cloud environments. (Fetches: Users)
    • Opal
      • Opal is an access management platform that helps enterprise companies scale least privilege. (Fetches: Users)
    • OpenText ZENworks
      • OpenText ZENworks is a unified endpoint management and protection solution. (Fetches: Devices)
    • Oracle Netsuite
      • Oracle Netsuite is a cloud-based ERP solution that provides global business management solutions.
    • Ordr
      • Ordr provides visibility and security of all connected devices, including unmanaged IoT, OT, and IoMT. (Fetches: Devices)
    • Ostendio
      • Ostendio is a security, compliance, and risk management platform. (Fetches: Devices)
    • Pentera
      • Pentera recons and maps web-facing attack surface assets. This includes domains, web interfaces, IPs, networks, and gateways. (Fetches: Devices)
    • PeopleSoft
      • Oracle PeopleSoft is a suite of applications that provides solutions for human resources, finance, business operations, and more. (Fetches: Users)
    • Perimeter 81
      • Perimeter 81 is a cloud-based secure access service edge (SASE) platform. (Fetches: Devices, Users)
    • Pritunl
      • Pritunl is an enterprise distributed OpenVPN, IPsec and WireGuard server. (Fetches: Devices, Users)
    • Prey
      • Prey is a cross-platform, open source tool that allows you to track and recover your devices. (Fetches: Devices, Users)
    • Proofpoint PoD
      • Proofpoint on Demand (PoD) Email Security classifies types of email, while detecting and blocking threats. (Fetches: Devices)
    • Quadrant
      • Quadrant is a Managed Detection and Response solution operating at the intersection of People and Product. (Fetches: Devices)
    • Qualys Container Security
      • Qualys Container Security provides the ability to discover, track, and secure containers. (Fetches: Devices)
    • Qualys PCI Compliance
      • Qualys PCI Compliance evaluates compliance with the Payment Card Industry Data Security Standard (PCI DSS). (Fetches: Devices)
    • Rackspace Cloud
      • Rackspace Cloud is a set of cloud computing products and services for building, hosting, and managing cloud-based infrastructures. (Fetches: Devices)
    • Radiant Logic Virtual Directory Server (VDS)
      • Radiant Logic Virtual Directory Server (VDS) is a software layer that consolidates disparate identity sources into a central virtual namespace. (Fetches: Users)
    • RingCentral
      • RingCentral provides cloud-based communication and collaboration products and services including phone, messaging, video meetings, and contact center. (Fetches: Devices, Users)
    • RiskRecon
      • RiskRecon is a cloud-based third-party risk management solution. (Fetches: Users)
    • Rundeck
      • Rundeck is an open-source tool that helps to define build, deploy and manage automation. (Fetches: Devices, Users)
    • SAP Concur 4.x
      • SAP Concur provides travel, expense and invoice management. (Fetches: Users)
    • SAP S/4HANA Cloud
      • SAP S/4HANA Cloud is a modular enterprise resource planning (ERP) software that streamlines various business functions. (Fetches: Users)
    • SAP SuccessFactors
      • SAP SuccessFactors manages various aspects of HR operations, including recruitment, employee performance, HR analytics, payroll, and learning. (Fetches: Users)
    • SecPod SanerNow
      • SecPod SanerNow is an integrated platform that helps businesses secure system devices and monitor potential threats across digital assets. (Fetches: Devices)
    • SmartSimple
      • SmartSimple is a grant management and business process solution. (Fetches: Users)
    • SnapComms
      • SnapComms is an internal communications software solution. (Fetches: Users)
    • Splashtop
      • Splashtop is a remote access and remote support tool. (Fetches: Devices, Users)
    • StackRox
      • StackRox is a container security platform that protects cloud-based applications, detects threats, and manages vulnerabilities, compliance requirements, and configurations. (Fetches: Devices)
    • Statseeker
      • Statseeker is a network performance monitoring solution. (Fetches: Devices)
    • SureMDM
      • 42Gears SureMDM is a Unified Endpoint Management (UEM) solution for company-owned and BYOD devices. (Fetches: Devices)
    • SUSE Manager
      • SUSE Manager is an open-source infrastructure management tool for Linux systems. (Fetches: Devices)
    • SymphonyAI Summit
      • SymphonyAI Summit is an ITSM solution that provides automation libraries for automating repetitive and manual tasks. (Fetches: Devices)
    • Sysdig
      • Sysdig is a monitoring, troubleshooting, cost-optimization, and alerting suite for containers, cloud, and Kubernetes environments. (Fetches: Devices, Users)
    • Tenable.asm
      • Tenable Attack Surface Management (formerly Tenable.asm) continuously maps the internet and discovers connections to internet-facing assets. (Fetches: Devices)
    • Tenable.io Scan Export CSV
      • Tenable Vulnerability Management CSV File (Formerly Tenable.io) provides the ability to import a Tenable Vulnerability Management (Formerly Tenable.io) scan CSV.
    • Tenable Identity Exposure (formerly Tenable.ad)
      • Tenable Identity Exposure (formerly Tenable.ad) provides real-time security monitoring for Microsoft Active Directory (AD) infrastructures. (Fetches: Users)
    • Teramind
      • Teramind is an employee monitoring, user behavior analytics, and insider threat detection solution. (Fetches: Devices, Users)
    • Tesma
      • Tesma provides a central database for business information and makes it available in real-time. (Fetches: Devices)
    • Tines
      • Tines is a no-code Security Orchestration Automation & Response (SOAR) solution. (Fetches: Users)
    • ThreatLocker
      • ThreatLocker is a zero-trust endpoint protection platform. (Fetches: Devices)
    • TruffleHog
      • TruffleHog is a security tool that scans code repositories for vulnerabilities related to secret keys, such as private encryption keys and passwords. (Fetches: Devices)
    • Trustwave
      • Trustwave is a managed security services provider focused on managed detection and response. (Fetches: Users)
    • United Security Providers
      • United Security Providers is a Managed Security Services provider. (Fetches: Devices)
    • VMware Tanzu
      • The VMware Tanzu for Kubernetes Operations bundle allows platform operators to build, manage, and monitor Kubernetes environments across multiple platforms. (Fetches: Devices)
    • Wasabi
      • Wasabi is a cloud data storage company focused on high-performance object storage services. (Fetches: Devices, Users)
    • watchTowr
      • The watchTowr platform provides Continuous Automated Red Teaming (CART) and Attack Surface Management (ASM) to help businesses discover high-impact vulnerabilities. (Fetches: Devices)
    • Wiz Reports
      • Wiz Reports provides additional data for Wiz assets. (Fetches: Devices, Users)
    • Workspace One - Intelligence Report API
      • Workspace ONE Intelligence reporting uses a cloud-based report storage system to gather data and create the reports. (Fetches: Devices)
    • xAssets
      • xAssets provides IT asset management software. (Fetches: Devices)
    • Zscaler Client Connector
      • Zscaler Client Connector enables secure access to business applications from any device. (Fetches: Devices)

    Updated Adapters

    The following adapters were enhanced:

    • 1Password - Supports Two-factor authentication.

    • Adobe - Added support for OAuth Server-to-Server authentication and marked JWT parameters as 'optional'

    • Adobe Workfront - Added an option to fetch updates on tickets created by Axonius users.

    • Alert Logic MDR - Added the capability to use Access Key & Secret Key authentication

    • AlgoSec Firewall Analyzer - By default this adapter fetches users. Added the option to not fetch users.

    • Apple Business Manager - Added the option to fetch profiles.

    • Aqua Security - Added Users to the types of assets this adapter fetches.

    • Aruba - Added the option to fetch data from Aruba EdgeConnect appliances.

    • Aruba ClearPass - Added the option to add the fingerprint information to devices.

    • AssetPanda

      • Added the option to parse the invoice number.
      • Added the option to parse the PO number.

    • Automox - It is now possible to add Organization IDs from which to fetch data in the Connection Configuration.

    • AWS

      • Show verbose notifications about connection failures setting was removed.
      • Added option to fetch information about Redshift Clusters.
      • Added option to fetch Auto Scaling Groups and Policies.
      • Added an option to fetch information about Elastic Cache Replication Groups as an asset.
      • The List of Tags to parse as fields setting now supports Tags with case-sensitive values.
      • List of tags to parse as fields is now relevant for users.
      • Added an option to fetch the Kinesis Data Stream.
      • Disk volume disk volume used by Aurora DB from RDS can now be fetched.
      • Added an optional capability that can be used to fetch only accounts that are hierarchically under the specific OU.

    • Axonius Network Discovery

      • Added capability to enter a comma separated list of hosts to exclude from the scan.
      • Added capability to enter a comma separated list of ports to exclude from the scan.
      • Supports IPv6
      • Added possibilty to scan all ports.

    • Azure DevOps

      • Added the option to specify the Domain or IP, Port, or API Version in the connection parameters.
      • Added support for connectivity to the on-premise version of Azure DevOps.

    • BeyondTrust Cloud Privilege Manager was renamed to BeyondTrust Privilege Management Cloud.

    • BeyondTrust Insight SQL was renamed to *BeyondTrust BeyondInsight.

    • BeyondTrust Password Safe

      • Added the option to fetch the field 'Auto Managed'.
      • Added the option to not fetch Managed Devices with an empty Asset ID.
      • Added the option to fetch device platforms.

    • BeyondTrust Privilege Management Cloud - Added the option to choose the record with the latest "Last Seen" value if the device has the same hostname and the same domain.

    • BeyondTrust Privilege Management for Windows was renamed to BeyondTrust Privilege Management OnPrem.

    • BigFix

      • Added the capability to add an optional list of comma-separated field names to additionally parse as adapter tags.
      • Added the option to enrich devices with data for installed applications.
      • Changed name of setting from only fetch devices that have reported in the last X days to Only fetch devices that have been changed in the last X days.
      • Added the option to fetch BigFix analyses results, and the capability to filter them.
      • Added the option to enrich devices with installed and missing patches information.
      • Added support for BigFix SOAP API.

    • BigFix Inventory

      • Added the capability to fetch CVE details in addition to the basic software data.
      • Added the option to fetch only devices seen within the last X days.

    • BigID

      • Added the option to fetch the attributes list of a data catalog item.
      • Added the option to fetch the tags list of a data catalog item.

    • Bitbucket - From Axonius version 6.0 this adapter supports Bitbucket Cloud in addition to the Bitbucket server.

    • Bitdefender GravityZone Business Security - Added the option to fetch only managed devices.

    • BlackBerry Unified Endpoint Management (UEM) - Supports OAuth Authentication.

    • BloxOne was renamed to BloxOne DDI.

    • BloxOne DDI was renamed to Infoblox BloxOne.

    • BloxOne Threat Defense

      • Added the option to fetch only devices with the value of ‘ACTIVE’ in the 'calculated_status' field.
      • Added the option to fetch users.

    • BlueCat Enterprise DNS

      • Added the capability to enter statuses that the adapter will not fetch.
      • Added the option to use the Address Name as the HostName for DNS records.
      • Added the option to use address IP to enforce asset name uniqueness.
      • Added the option to fetch IPv6 entities, either networks or addresses.

    • BMC Atrium ADDM

      • Added the capabiity to modify the query by adding additional SHOW directives to the SEARCH Host query.

    • BMC Atrium CMDB - Added the option to fetch devices from outside of the standard BMC_ComputerSystem class.

    • Check Point CloudGuard

      • Added a list of asset types that can be fetched.
      • Added the option to filter assets based on billable property.
      • Added the capability to fetch asset types as separate assets instead of as devices.

    • Check Point Infinity

      • Added the option to add IP addresses from the NAT policy as devices interfaces.
      • Added possibility to enter policy packages to use for extended NAT handling.
      • Added the capability to select how to match the NAT rules on original columns.
      • Added the option to match the NAT rule method.

    • Cisco Application Policy Infrastructure Controller (APIC) - Authentication Domain added to connection parameters.

    • Cisco DNA Center - Added the capability to enter the Report ID for Cisco AI Endpoint Analytics.

    • Cisco SD-WAN - Added a client configuration option to enter an API rate limit

    • Cisco WebEx - Added support for WebEx Cloud.

    • Claroty

      • Added an option to select whether to fetch devices without an IP address.
      • Added a drop-down to select how to fetch ghost devices.

    • ConnectSecure - Added an option to fetch vulnerabilities.

    • Cribl - Added the option to use Client ID and Client Secret for authentication.

    • Crowdstrike Falcon

      • Added an option to enrich each device with the USB control policy to which the device belongs.
      • Added an option to fetch CrowdStrike incidents.
      • Added the option to use the hostname as the device manufacturer serial number for mobile devices.
      • Added the option to use the Connection IP address as the local IP address if no local IP address exists.
      • Added a range of filters for vulnerabilites fetch and timestamps.
      • Settings names changed as follows:
        • Avoid AWS duplication” → “Avoid device duplication”
        • Filter AWS duplications based on hostname” → “Filter device duplications based on hostname”
        • Filter AWS duplications based on external IP” → “Filter device duplications based on external IP” -

    • CrowdStrike Falcon Discover

      • Added the option to fetch only the device with the latest last-seen timestamp.
      • Added the option to filter devices and configure relevant settings.
      • Added the option to filter by data providers.

    • CrowdStrike Falcon Identity Protection (formerly Preempt) - Added option to filter by a comma separated list of domains.

    • CSCDomainManager - Added the option to fetch the domain information.

    • CSV

      • Added the option to set that all entities (devices and users) fetched by this adapter have their Last Seen set to the time the entity was fetched (fetch_time).
      • Added the capability to fetch files from Box Platform.
      • Added the capability to fetch files from Google sheets.
      • Added capability to enter additional primary keys to use when correlating installed software CSV files.
      • Added option to not add the filename to the entity ID in CSV and JSON adapters.
      • The configuration of this adapter was redesigned. The new adapter design is only used in the CSV adapter and the JSON adapter. All other CSV based adapters use the legacy CSV configuration which can be found in CSV Legacy Remote File Configuration.

    • Cybereason Deep Detect & Respond - Added an option to use the CSV API to fetch devices. This option should only be used with guidance from Axonius Support.

    • CyCognito Platform

      • Added option to select the API Version, either V0 or V1.
      • User Realm is now an optional field, except when using API V0.

    • CyberArk Endpoint Privilege Manager- Added capability to customize rate limits by setting the number of requests per seconds and the number of seconds during which to send requests.

    • CylancePROTECT- Added the option to fetch users.

    • Dell PowerScale OneFS

      • Added capability to fetch additional device types.
      • Added the option to authenticate the session when the user sends a request through a session cookie.

    • Dell TechDirect - Added the capability to upload a file with service tags which can be used in the file.

    • Dell VPLEX

      • Added the following advanced settings
        • Option to fetch AMP devices.
        • Option to fetch cluster witness devices.
        • Option to fetch storage array devices.
        • Option to fetch version devices.

    • DivvyCloud was renamed to Rapid7 InsightCloudSec.

    • Dragos Platform - Authentication now by API ID and API Secret.

    • eMass - Added the option to add a passphrase for the private key file.

    • Dynatrace - Added the capability to configure an account UUID in order to fetch the users from a different API endpoint that includes more data and user groups.

    • EfficientIP SOLIDserver DDI

      • Added the option to fetch DNS servers and their Zones as devices.
      • Added the option to fetch DNS Resource Records as devices.

    • Elasticsearch - Added the option to set that all devices fetched by this adapter have their Last Seen set to the time the device was fetched (fetch_time).

    • Exabeam - Added Access Token authentication

    • ExtraHop Reveal(x) - Added the option to not fetch devices without an IPV4 IP address

    • F5 BIG-IP iControl

      • Added the option to enrich policies with ASM context elements.
      • Added the capability to enter the F5 API version to use.

    • FlexNet Manager Suite Cloud

      • Added support for SaaS Management
      • Added capability to fetch licenses

    • Forcepoint Insider Threat - Adapter connection configuration is now using User Name and Password instead of Client ID and Client Secret.

    • FortiNAC Do not fetch devices without a MAC Address and Do not fetch devices without a Hostname are now two separate settings.

    • Fortinet Fortigate - Added capability to set the maximum number of parallel chunks to fetch information from the ADOMs. This can be a value between 50 and 100.

    • Github - Added setting to enable for each user to show all the repositories in the organization for which they have access.

    • GoDaddy - Added option to fetch DNS records for each domain as devices.

    • Google Cloud Platform (GCP) -

      • 'List of tags to parse as fields' is now relevant for users.
      • Added option to enrich VM instances with organizational tags or project tags associated with them.
      • Added connection parameters for 'Projects Include Filter (FCP Format)' and 'Exclude App Scripts Projects'. (6.0.3.0)

    • Guardicore - Added the option to fetch agent status flags.

    • HP Network Node Manager i (NNMi)

      • Added the option to enrich devices with IP Addresses.
      • Added the option to enrich devices with interfaces.
      • Added the option to enrich devices with node groups.
      • Added the option to enrich devices with security groups.

    • HubSpot - Added an option to enrich users with login activity data.

    • icinga - Added x.509 authentication.

    • IFS Assyst - Added the capability to enter a field name from Assyst to map to the Axonius IP address / MAC address / OS field.

    • IGEL Universal Management Suite (UMS) - Added the option to fetch firmware information and parse it as OS.

    • Imperva Data Activity Monitoring (DAM) - Added option to fetch DB connections as assets.

    • Infoblox DDI

      • Added option to fetch IPAM statistics.
      • Added option to ignore all devices without last seen value.

    • Intel EMA - Added the option to use Client ID and Client Secret for authentication.

    • Ivanti Neurons - Client ID, Client Secret, and Tenant ID are all required instead of optional for configuration.

    • Ivanti Service Manager

      • Added option to fetch software information.
      • Added capability to select Additional CI types to fetch.

    • Ivanti Unified Endpoint Manager (Landesk) - Added possiblity to enter the number of worker threads to perform the query.

    • JamfPro

      • Added a 'Fetch Users' option which is selected by default. This can be cleared to not fetch users.
      • Added the option to not fetch devices.
      • Added option to fetch enrollment devices.
      • Added option to enrich software with the following fields: 'Current version release date', 'Next version release date', 'Newer version count'.
      • Added option to authenticate using client credentials.

    • Jira Service Management - Added possibility to use a Custom Schemea entry in JSON format to fetch information from one object to another.

    • JSON - Added the option to set that all entities (devices and users) fetched by this adapter have their Last Seen set to the time the entity was fetched (fetch_time).

    • JumpCloud - Added the option to fetch devices from the api/v2/applemdms/{apple_mdm_id}/devices endpoint.

    • Lacework

      • This adapter now fetches users.
      • Added an option to fetch devices from the Inventory endpoint (api/v2/Inventory/search).
      • Added the option to enable fetching of additional entities.

    • ManageEngine ServiceDesk Plus

      • Added the possibility to configure fields that generally appear in "Advanced' view in 'Basic' view.
      • Added the capability to enter specific device product type values to exclude.

    • ManageEngine Desktop Central and Patch Manager Plus

      • Added the option to fetch all Desktop Central fields that are considered custom fields. Relevant to on-prem customer only.

    • Mandiant

      • Added the option to enrich the devices with ‘technologies’ data associated with the device.
      • Added the option to enrich the devices with ‘issues’ data associated with the device.

    • McAfee MVision was renamed to Trellix MVision, from version 6.0.10. This also replaces Trellix ePO.

    • MarkMonitor - Added the option to fetch users.

    • McAfee ePolicy Orchestrator (ePO) - Added the connection configuration option to fetch assigned Policy information, such as applied firewall rules.

    • Men&Mice DNS Management

      • Added the option to fetch DHCP servers as assets
      • Added the option to fetch DNS servers as assets
      • Added the option to fetch DNS records as assets

    • Micro Focus Universal CMDB - Added the capability to enter a list of query names to be fetched.

    • Microsoft Active Directory (AD)

      • Show verbose notifications about connection failures setting was removed.
      • Added the possiblity to enter a secondary DC address and port as a secondary server to be connected if the first one fails.
      • Added option to not fetch users that are inactive (as defined by AD UserAccountControl), and have not been seen for the last x days. If the last seen date is unknown, the users are not ignored.
      • Added option to not fetch deleted devices.
      • Added option to not fetch deleted users.
      • Added the option to enrich group members with their SID.
      • The 'Fetch all directory roles' and the 'Fetch all role definitions' advanced settings are now available for all customers, not just those with SaaS Management capability. 6.0.6.4)

    • Microsoft Azure

      • Subscription added to list of Azure services to fetch as assets.
      • Keys from Key Vaults added to list of Azure services to fetch as assets.
      • Virtual Machine Scale Sets added to list of Azure services to fetch as assets.
      • Storage Accounts - Access Keys / Kerberos Keys added to list of Azure services to fetch as assets.
      • SQL Databases Inaccessible By Server added to list of Azure services to fetch as assets.
      • Added an option to select the Azure entity types for which the Subscription Tags won't be included in the Adapter Tags values.

    • Microsoft Azure Active Directory (Azure AD)

      • Added an option to fetch extra custom user flow attributes to be added dynamically to the User’s assets data.
      • Added an option to fetch group app. roles.
      • Added an option to fetch group app. role details.
      • Added an option to enter map custom AD fields to Axonius fields based on the field prefixes.

    • Microsoft Azure Active Directory (Azure AD) and Microsoft Intune

      • Added option to fetch deleted users.
      • Added option to skip devices fetch and only fetch users.
      • Added option to Fetch extension attributes for device owner.
      • Removed option to fetch the device's total memory from Intune.
      • Added option to enrich Intune devices with their hardware information.
      • Added option to fetch the user's image.
        • Added an option that if the hostname value is not defined, the hostname for each device will take the asset name as its value.

    • Microsoft Cloud App Security

      • The Application ID field is no longer required in order to configure this adapter.
      • Added 'Username', 'Password', and '2FA Key' for collecting SaaS data. (6.0.6.2)

    • Microsoft Defender for Endpoint (Microsoft Defender ATP)

      • Added the option to fetch information on devices discovered by installed agents.
      • Added the option to fetch the fields related to vulnerability exploitation from Defender for Endpoints Plan 1 & 2.

    • Microsoft Endpoint Configuration Manager (MECM) (formerly SCCM) - Added option to set the connection to be read only.

    • Microsoft System Center Configuration Manager (SCCM) renamed to Microsoft Endpoint Configuration Manager (MECM)

    • Mimecast

      • Added ability to select the relevant Base URL in the 'Host Name or IP Address' field.
      • It is now possible to enter more than one internal domain separated by commas (without any spaces).

    • Miro

      • Added process for adding redirect URI for OAuth2.0

    • Monday

      • Added an option to fetch boards.
      • Added an option to select the version of the Monday API you're using.

    • N-able - Added capability to choose the data categories to fetch for each device.

    • NetIQ Identity Manager

      • Added the option to fetch groups
      • Added the option to fetch Roles and Permissions

    • Netskope

      • Added an option that the adapter will ignore assets with the same NS Device UID if any were ingested previously during the same fetch.
      • Added the option to fetch data using the API V2.
      • Added an advanced setting to 'Ignore SaaS Applications Repository and parse all applications' found by the adapter. (6.0.18.3)

    • New Relic - Added an option to enrich the device with applications data.

    • Ninja One (RMM) - Added a 'Fetch Users' option which is selected by default. This can be cleared to not fetch users.

    • Okta

      • Added the option to select the type of group to fetch from Okta.
      • Added the option to fetch apps with no users.
      • Added the option to fetch bookmark apps.
      • Added the capability to enter Orca types to fetch data as the specified asset type, instead of as devices.

    • Nozomi Guardian and CMC

      • Added the option to select which field to use as the aggregated “Last Seen“ field.
      • Added the option to skip fetching vulnerabilities that have a likelihood value below the set value.

    • Okta - Added the option to select an authentication method and added connection parameters for OAuth2 authentication.

    • OpenStack - Added the option to fetch Hypervisor entities as Assets.

    • OpsRamp - Added the capability to enter a comma separated list of account numbers from which data will be fetched.

    • Oracle Cloud

      • Added Auto Scaling Groups as a service to fetch as a device.
      • Added proxy settings input fields in the connection parameters.

    • Orca Cloud Visibiity Platform

      • Added capability to select one or more sub-categories to fetch.
      • Added capability to enter a space-separated list of the asset tags to fetch.
      • Added the option so that the source for the vulnerability risk level will be from CVSS Max Score
      • Added a wide range of configurations to filter the fetch of Orca alerts.
      • Added capability to enter a comma-separated list of Orca tag keys to parse as fields.

    • Palo Alto Networks Panorama

      • Added the option to fetch firewalls security and NAT policies
      • Added the option to force logout of the account used to query the Palo alto Panorama data.
      • Added an option to fetch Addresses as an asset and to fetch Ethernet interfaces as a new device type.
      • Added the capability to enter the amount of days necessary in order to set the firewall last seen to the “connected-at” date.

    • Palo Alto Networks Prisma Cloud - Added the capability to enter a list of resource types to be fetched.

    • Ping Federate - Added an option to select the authentication method for the adapter.

    • Proofpoint Security Awareness Training - Added advanced settings for configurable endpoints.

    • PRTG Network Monitor - Added the option to fetch sysinfo for each device.

    • Pure Storage Pure1

      • Added the option to enrich each device with its volumes and volume snapshots.
      • Added the option to fetch tags (arrays)
      • Added the option to fetch targets

    • Qualys Cloud Platform

      • Added possibility to add a concurrency limit (the maximum number of requests to send in one go) to access the Qualys API.
      • Added the capability to enter a number of days to only fetch vulnerabilities from that number of days back.
      • Added the option to set the Device Manufacturer Serial source to be from Qualys detections.
      • Added the option to drop all installed software information from found devices.
      • Added the option to fetch Qualys Vulnerabilities that only have a QID and do not have a CVE.
      • Added the option to parse the domain from the hostname when there is no precise domain value brought by the API.

    • Qualys Container Security - Add the capability to enter the amount of container vulnerabilities in async chunks to be fetched at one time.

    • Quest KACE Endpoint Systems Management Appliances - Updated the API link.

    • Rapid7 Nexpose and Insight VM -added the option to not fetch vulnerabilities with the status of ‘invulnerable’.

    • Rapid7 Nexpose Warehouse

      • Added the option to this option to exclude devices with no MAC address, no hostname and no IP address from the fetch.
      • Added the option to exclude devices in which Last Seen and hostname information is unavailable.
      • Added the option to exclude asset types from the fetch.
      • Added the option to fetch the Remediation Date information for each vulnerability belonging to an asset when the date is available.
      • Added the option to set the number of days in the past to check for remediated dates on vulnerabilities.

    • Rancher - Added the capability to connect using an API Key.

    • RecordedFuture - Added capability to specify a comma-separated list of CIDR blocks to connect to.

    • Red Hat Automation Controller (Ansible Tower)

      • Added the option to use the value of another field as the hostname value.
      • Added the option to use the value of the Description field in the Host Name field if the description field exists.

    • RiskSense - Added the option to fetch vulnerabilities from hosts.

    • Rubrik Polaris

      • Updated the authentication method for this adapter.
      • Added the option to not fetch users.

    • SailPoint IdentityIQ

      • Added the capability to enter a number of users to receive in each request from the server, in order to reduce strain on the server.
      • Added the option to not fetch users whose “active“ status is false or non-existent.
      • Connection configuration OAuth2 authorization added.

    • Sal - Added the option that each device will also fetch its applications.

    • Salesforce

      • Added an option to fetch tabs.
      • Added an option get the admin role from the profile name.
      • Added the capability to fetch Audit event, set the number of days back from which to fetch them and define the type of audit events to fetch.

    • The name of the adapter called SAP Concur was changed to SAP Concur 3.x.

    • SAP SuccessFactors - Added support for OAuth2 authentication.

    • Sectigo - Added the option to fetch Administrator users in addition to regular users.

    • SecureW2 JoinNow - Added capabiilty to set a value for the chunk size of the async requests.

    • Secureworks Taegis XDR - Added the option to add the DataSource data to each asset

    • SentinelOne

      • Added capability to select tasks from the drop-down that will be fetched in the background.
      • Added capability to set the interval in hours for background fetch.
      • Added capabiity to enter a SentinelOne Deep Visibility query name to fetch the query events and parse them inside the devices as “Deep Visibility Events

    • SentinelOne Ranger

      • Added the capabiity to enter a comma-separated list of account IDs. Only devices from these accounts will be retrieved.
      • Added the capabiity to enter a comma-separated list of site IDs. Only devices in these sites will be retrieved.

    • ServiceNow

      • Added an option to use the VM Object ID to identify AWS Cloud IDs.
      • Added an option to populate the fields “upstream“ and “downstream“ for devices.
      • Default value for “Entries fetched per page“ is now 500.
      • Added the option to fetch the table cmdb_key_value and enrich each device that has matching key-value records in the cmdb_key_value table.
      • Added an option to configure that the device name and hostname field will be identical to the referenced ci name from the cmdb_i field value.
      • Added an option to fetch records from the u_configuration_item_exception table and enrich the device with related exception information.
      • Added the option to not fetch ALM information.
      • Added the option so that the Username field in Axonius will display the value of the name field in the ServiceNow record.
      • Added the option to fetch information from u_applications table and enrich devices with it.
      • Added option to fetch databases as assets.
      • Added the option to fetch activities from a defined number of days ago.

    • Sharepoint - This adapter now fetches users.

    • Slack - Async chunks in parallel was removed.

    • SolarWinds Network Performance Monitor - Added possibliity to configure the port. Note that from SolarWinds Release 2023.1 SWIS REST Endpoint on port 17778 is deprecated and will be replaced with port 17774 in a future release. SolarWinds recommends you migrate SWIS REST Endpoint to port 17774.

    • Splashtop - Added the option to add an API Key instead of authenticating using ID and secret.

    • Splunk

      • Added the option to add a Splunk SaaS Application Search Macros List in the connection parameters.
      • Added the option to add a Splunk Firewall Search Macros List in the connection parameters.

    • SpyCloud - From version 6.0.18 this adapter fetches devices and no longer fetches users.

    • SQL Server - Added the option to specify a delimiter in the imported SQL table.

    • Tailscale - Added the option to fetch users.

    • Talon - Tenant ID no longer required for configuration.

    • Tanium Comply - Added the option to fetch compliance findings.

    • Tanium Interact - Added the option to fetch the most recent results for all endpoints, including the most recent results for offline endpoints.

    • Tenable.io

      • Added the option to fetch cloud resources from the Tenable.cs module.
      • Added the option to use the API v2 instead of API v3 to fetch web application vulnerabilities.
      • Added the option to first fetch all assets and store locally and then parse the data.
      • Added the option to not fetch users that are disabled within Tenable.io.
      • Added the option to correlate Tenable.io Assets and Agents and display all the data from them in one tab in the adapter (instead of displaying the default view of each in a separate tab).
      • Added the option to fetch only tenable.io licensed assets.
      • Added the capability to enter plugin IDs for the adapter to fetch at the info level.
      • Added the option to create a list of key-value tags to filter assets to fetch.

    • Tenable Nessus - Added an option to only fetch scans with the status ‘enabled’.

    • Tenable Nessus CSV File - Added an option to fetch the plugin output field.

    • Tenable.sc

      • Added option to only parse the OS Identification field from the output of the Plugin-11936
      • Added an option to fetch Tenable.sc alerts as a new asset in the Alerts/Incidents category.
      • Added an option to fetch OS Serial information from plugins 131568, 35351, 24270.
      • Added possibility to enter one or more plugins, for the adapter to not fetch devices that only have plugins with these IDs.
      • Added an option that the source for the hostname will be the DNS.
      • Added a Plugin Parser toggle setting.
      • Added the option to parse the hostname from plugin 55472.
      • Added the option to parse CPEs from plugin 45590.
      • Added the option to enable fetching of all installed software from Tenable.sc.
      • Added the capability to select the minimum level of severity to fetch vulnerabilities.

    • Thycotic Secret Server and Thycotic Privilege Manager rebranded to Delinea. Now named Delinea Secret Server and Delinea Privilege Manager.

      • Delinea Secret Server
      • Added option to fetch Vaults
      • Added option to fetch Rules
      • Added option to fetch Permissions

    • Trend Micro Deep Security - Added the option to fetch policy details.

    • Tripwire Enterprise - Added the capability to enter a comma separated string of element names. For each element name the adapter fetch the devices apps using the endpoint

    • Twistlock

      • Added option to configure a Tenant Project Name from which to fetch.
      • Added option to authenticate using Prisma Cloud.

    • UKG Pro - Added the option to use the value of the “employeenumber” as Employee ID.

    • UpGuard CyberRisk - Added the option to enrich the devices with risks data

    • Uptycs - Added possibility to enter a value for page size for API pagination.

    • Veeam

      • Added the option to fetch information about Virtual Machines.
      • Added the option to fetch Backup Objects as devices.
      • Added the capability to enter the backup server prefix to remove from the hostname.

    • VMware ESXi and vSphere - Added capability to enter a comma-separated list of tag keys to be parsed as device or user fields.

    • VMware vCloud Director - The Username and Password feels appear on the adapter connection form also when API v36.0 is also selected.

    • Web Server Information

      • Added possiblity to specify the ports to connect to in order to fetch the web server information.
      • Added option to save raw data.

    • Whitehat

      • Added the capability to select asset BLA information to fetch from a list.
      • Added the following options:
        • fetch findings for each asset.
        • fetch site credentials.
        • fetch links found from the most recent scan.

    • Windows Management Instrumentation (WMI)

      • For both the adapter and the Enforcement action added:
        • Option to fetch information from the Remote Desktop Client Access Licensing Server.
        • Option to fetch software licensing product information from each host.
        • Option to fetch data from the Win32_Product class.

    • Windows Server Update Services (WSUS)

      • Added support for Kerberos authentication.
      • Added capability to select the versions of the SMB dialects that you want to be disabled during the negotiation of the SMB connection.

    • Wiz

      • Added the option to fetch subscription tags. This replaces the Apply cloud account tags to fetched assets setting.
      • Added the option to enrich assets with cloud configuration findings.
      • Added the ability to select severity levels to filter cloud configuration findings.
      • Added the ability to select status values to filter cloud configuration finding.
      • Added the option to fetch cloud user assets discovered by Wiz.
      • Added the ability to select user types of assets to fetch.
      • Added the option to fetch issue source rules data.

    • Workday

      • Added the option to fetch only the most recent records for each worker.
      • This adapter now supports X.509 authentication

    • Windows Management Instrumentation (WMI) - Added the option to search for Microsoft SQL Server license information on the machine’s registries and fetch it

    • ZenDesk
      * Added the option to fetch EC Action ticket updates.
      * Added the capability to select Zendesk roles to fetch.

    • Zoom - Added the option to fetch operation logs from Zoom and parse as Activities assets in Axonius for SaaS Management.

    • Zscaler Web Security - Added the option to extract the device manufacturer serial number from the UDID and add it to the device.

    • Zscaler ZDX - Added an option to fetch installed software.



    For more details:

    New Enforcement Actions

    The following Enforcement Actions were added:

    Updated Enforcement Actions

    The following Enforcement Actions were updated:


    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout