- 30 Apr 2024
- 18 Minutes to read
- Print
- DarkLight
- PDF
Axonius 6.1 Ongoing Adapter and Enforcement Action Updates
- Updated on 30 Apr 2024
- 18 Minutes to read
- Print
- DarkLight
- PDF
The following includes new Adapters and Enforcement Actions and ongoing updates to Adapters and Enforcement Actions as they are added to Axonius 6.1
- View full information about new and updated features in Axonius 6.1
New Adapters
The following new adapters were added:
- 3Play Media
- 3Play Media offers video accessibility services through transcription, captioning, and audio description. (Fetches: Users) (6.1.1.0)
- Abnormal Security
- Abnormal Security is an email security provider that helps companies protect against targeted email attacks. (Fetches: Users) (6.1.8.0)
- A Cloud Guru
- A Cloud Guru is an online learning platform that specializes in teaching cloud computing and related technologies. (Fetches: Users) (6.1.0.0)
- Action1
- Action1 is a cloud-based platform that automates patch management and vulnerability remediation. (Fetches: Devices) (6.1.5.1)
- Amplitude
- Amplitude is a digital analytics platform that tracks and analyzes user behavior across various platforms. (Fetches: Users) (6.1.1.0)
- Anecdotes
- Anecdotes is a compliance management platform. (Fetches: Devices) (6.1.0.2)
- Apple App Store Connect
- Apple App Store Connect is a platform for developers to manage, release, and report on their iOS apps. (Fetches: Devices) (6.1.0.3)
- Atlassian Confluence
- Atlassian Confluence provides information on Confluence entities, like pages and blog posts, spaces, users, groups, and more. (Fetches: Users) (6.1.1.0)
- Cisco Common Service Platform Collector (CSPC)
- The Cisco Common Service Platform Collector (CSPC) is an SNMP-based tool that discovers and collects information from the Cisco devices installed on companies' networks. (Fetches: Devices) (6.1.6.0)
- Citrix Application Delivery Management (ADM)
- Citrix Application Delivery Management (ADM) is a platform enabling automation, orchestration, management, and analytics across hybrid multi-cloud environments. (Fetches: Devices) (6.1.7.0)
- Claroty Cloud
- Claroty Cloud is a cyber-physical security (CPS) platform for IoT security. (Fetches: Devices) (6.0.18.8)
- DeviceTotal
- DeviceTotal is an agentless attack surface management solution. (Fetches: Devices) (6.1.8.0)
- Docker Engine
- Docker Engine is an open-source containerization technology that helps development teams build and manage applications. (Fetches: Devices) (6.1.5.0)
- Efecte
- Efecte is an IT service management (ITSM) and collaboration platform with a focus on SaaS security and configuration management. (Fetches: Devices) (6.1.4.0)
- FireMon Asset Manager
- FireMon Asset Manager is a network visibility solution for cyber situational awareness and compliance monitoring. (Fetches: Devices) (6.1.6.0)
- FortiCloud
- FortiCloud is a cloud-based platform offering compliance, security and management services for Fortinet solutions. (Fetches: Devices) (6.1.8.0)
- IBM Turbonomic
- IBM Turbonomic is a performance and cost optimization platform for public, private, and hybrid cloud. (Fetches: Users) (6.1.11.0)
- JFrog Xray
- JFrog Xray is a software composition analysis (SCA) tool that scans software artifacts for security vulnerabilities, open source license compliance, and software quality. (Fetches: Devices) (6.1.10.0)
- LeanIX
- LeanIX is a cloud-based software platform that helps companies manage and optimize their IT infrastructure and applications. (Fetches: Devices) (6.1.6.4)
- Mimecast - V2
- Mimecast provides a mail management system designed to protect email, ensure access and simplify the tasks of managing email. (Fetches: Users) (6.1.1.0)
- Nautobot
- Nautobot is a network documentation and automation platform for managing network resources. (Fetches: Devices) (6.1.8.2)
- Netreo
- Netreo is an IT infrastructure monitoring platform. (Fetches: Devices) (6.1.5.1)
- Nexthink Query Language (NQL)
- Nexthink Query Language (NQL) is a programming language developed by Nexthink for querying data from its platform. (Fetches: Devices, Users) (6.1.3.2)
- Oracle Identity and Access Management (IAM)
- Oracle Identity and Access Management (IAM) is a software suite that enables enterprises to manage and automate user identities. (Fetches: Users) (6.1.10.0)
- PowerDNS
- PowerDNS is an open-source DNS server program, offering both authoritative and recursive DNS services. (Fetches: Devices) (6.1.1.3)
- Proxyclick
- Proxyclick App is a visitor management system that helps companies digitize the check-in process for employees, contractors, and visitors. (Fetches: Users) (6.1.0.3)
- Qualys VMDR OT
- Qualys VMDR OT is a cloud-based platform for asset inventory and vulnerability management of critical industrial infrastructure. (Fetches: Devices) (6.1.5.0)
- RemotePC
- RemotePC is a tool for remote access and control of computers and devices. (Fetches: Devices, Users) (6.1.5.2)
- SPEKTRA
- NTT SPEKTRA (Sentient Platform for Network Transformation) is a managed network services platform. (Fetches: Devices) (6.1.0.2)
- Tangoe Managed Mobility Services (MMS)
- Tangoe Managed Mobility Services (MMS) provides end-to-end mobile lifecycle management. (Fetches: Devices, Users) (6.1.6.0)
- Trace3 LAMP
- Trace3 Technology Lifecycle Management Platform (LAMP) is an IT Asset Management (ITAM) platform. (Fetches: Devices) (6.1.4.2)
- UnifiedFX PhoneView
- UnifiedFX PhoneView is a Cisco Preferred Solutions Partner which offers Cisco Phone Management Software. (Fetches: Devices) (6.0.18.8)
- Veritas NetBackup
- Veritas NetBackup is an enterprise backup solution offering data management, automation, artificial intelligence, and elastic architecture. (Fetches: Devices) (6.1.2.2)
- Windows Server Update Services (WSUS) SQL
- Windows Server Update Services (WSUS) - SQL, previously Software Update Services (SUS), enables administrators to manage the distribution of updates and hotfixes released for Microsoft products. (Devices) (6.1.1.0)
- Zscaler Client Connector
- Zscaler Client Connector enables secure access to business applications from any device. (Fetches: Devices) (6.0.18.8)
Updated Adapters
The following adapters were enhanced:
- Adobe Acrobat Sign
- Added the option to fetch full data per user. (6.1.5.0)
- Added the capability to enter a comma-separated list of users to filter with specified user statuses. (6.1.5.0)
- Airlock Digital - Added the option to fetch information about group policies. (6.1.3.0)
- Aruba ClearPass - Added the option to set endpoint devices as network infrastructure devices. (6.1.1.5)
- AssetPanda
- Added the option to parse the invoice number. (6.1.8.0)
- Added the option to parse the PO number. (6.1.8.0)
- Added the option to parse the employee status field. (6.1.8.0)
- AWS
- Added the option to fetch CloudFormation Stacks as assets. (6.1.4.0)
- Added the option to fetch AWS step functions as assets. (6.1.4.0)
- Added the option to fetch AWS Service Catalogs as assets. (6.1.4.0)
- Added the option to fetch CloudWatch Alarms as assets. (6.1.4.0)
- Added the option to fetch the Kinesis Data analytics as devices. (6.1.5.0)
- Added the option to fetch Direct Connect data assets associated with Network Services. (6.1.6.0)
- Axonius Users - Added the capability to enter a number of days to retreive all activity logs for that user in that time range. (6.0.0.1)
- Azure DevOps - Added the option to fetch the Git Repositories from the projects in Azure DevOps. (6.1.8.0)
- BambooHR
- Added the capability to enter the name of the LOA employee table to fetch from. (6.1.0.0)
- It is now possible to fetch data from more than one table. (6.1.10.0)
- BigFix Compliance Analytics (formerly SCA) - Added the capability to enter a comma-separated list of checklist IDs to fetch from. (6.1.8.0)
- BitSight Security Ratings - Added the option to fetch company assets. (6.1.8.0)
- BloodHound - Added support for SaaS instances of BloodHound. (6.1.5.0)
- Cisco DNA Center
- Added the option to fetch additional devices from the default “Client Detail” report. (6.1.4.0)
- Users can now configure the “Client Detail” report by name. (6.1.5.2)
- CloudFlare Zero Trust
- Added the option to add subdomain data for each device. (6.1.5.0)
- Added the option to add policy data for each user. (6.1.5.0)
- Code42 Incyder - Added the option to ignore devices fetched from Code42 with the values “Deactivated” or “Blocked” in the status field. (6.1.4.0)
- CrowdStrike Falcon - Added the option to enable the parsing of vulnerability descriptions (disabled by default). (6.0.19.3)
- CrowdStrike Falcon Discover
- Added the capability to only fetch applications used in the selected amount of days. (6.1.1.2)
- Added the option to configure a pattern to apply to an interface alias in order to identify a historical IP address and record it separately from current IP addresses. (6.1.2.0)
- Added the capability to filter devices by their discoverer count field. (6.1.6.0)
- CrowdStrike Falcon Identity Protection (Preempt)
- Added the option to rename risk factors. (6.1.9.0)
- Added the option to exclude devices with the risk factor type of 'UNMANAGED_HOST'. (6.1.11.0)
- CyberArk Alero
- Tenant ID and Service Account JSON were added to connection parameters. (6.1.4.0)
- API Key was removed from connection parameters. (6.1.4.0)
- CyberArk Privileged Account Security
- Added the option to fetch the activities for each account. (6.1.0.0)
- Added the option to fetch additional data about each account. (6.1.0.0)
- Added support for OAuth2 authentication. (6.1.4.0)
- Added the option to parse the domain value as an associated device. (6.1.10.0)
- Darktrace - Added the capability to select the types of devices to fetch. (6.1.5.0)
- Dell OpenManage Enterprise - Added the option to fetch warranties of each device. (6.1.11.0)
- Duo Beyond - Added the option to not fetch phones as devices. (6.1.10.0)
- Eagle Eye Networks - Added the option to enrich the device with extra device information. *(6.1.4.0)
- FireMon Security Manager - Added the option to try to parse SyslogMatch Names as IP addresses or serial numbers. (6.1.9.0)
- FortiClient EMS - Added support for cloud version of FortiClient EMS. (6.1.9.0)
- Fortinet FortiGate - Added the option to fetch VPN SSL sessions as Devices. (6.1.0.0)
- Freshservice - Added the option to fetch device relationships from Freshservice. (6.1.7.0)
- GoDaddy
- Added support for the GoDaddy v2 API. (6.1.2.0)
- Added support for certificates as assets. (6.1.10.0)
- Google Cloud Platform (GCP)
- Added the option to fetch all Google Cloud Compute Disk Images, Snapshots and Templates. (6.1.2.0)
- Added the option to fetch only compute devices that are turned on. (6.1.11.0)
- Google Workspace
- Added an advanced setting to populate the asset name with the value of the Annotation ID (when the value exists) instead of using the value in the Name field. (6.1.2.2)
- Added proxy values (Proxy address, Proxy port, Proxy username, and Proxy password) to the adapter connections. (6.1.6.4)
- Guardicore - Added the option to fetch full agent information for a device. (6.1.7.0)
- Have I Been Pwned - Added the capability to retrieve all breached accounts associated with a domain. (6.1.9.0)
- Infoblox DDI
- Added the option to fetch DNS CNAME records. (6.1.5.0)
- Added the option to fetch DHCP address ranges. (6.1.7.0)
- Added the option to fetch Infoblox networks as assets. (6.1.11.0)
- Kandji - Added the option to fetch devices not yet enrolled. (6.1.7.0)
- Lakeside SysTrack - Added the option to fetch the local member inventory for each system. (6.1.4.0)
- Linux SSH Scan now supports Solaris. (6.1.6.0)
- Lookout Mobile Endpoint Security - Added the option to use the version 2 of the API, which uses only the API key (without a username or password). (6.1.7.0)
- ManageEngine OpUtils
- Added the option to fetch assets asynchronously. (6.1.8.2)
- Added the option to ignore devices without IP to DNS values. (6.1.8.2)
- Mandiant
- Added the option to fetch entities last seen by the number of days specified. (6.1.5.0)
- Added the option to use
last_seen_after:configured_scan_count
query to fetch only active entities. (6.1.5.0) - Added the option to add more details to the information fetched per each entity. (6.1.5.0)
- MarkMonitor - Added the option to remove user fetch functionality. (6.1.8.0)
- McAfee ePolicy Orchestrator (ePO)
- Added the capability to enter values to the list of query IDs to enrich each device. (6.1.6.0)
- Added the option to fetch COAMS data. (6.1.7.0)
- Microsoft Active Directory (AD) - Added the option to fetch data from Active Directory Sites. (6.1.8.0)
- Microsoft Azure - Tenants added to list of Azure services to fetch as assets. (6.1.11.0)
- Microsoft Cloud App Security
- Added the option to ignore Microsoft Cloud App Security users that do not have a domain field. (6.1.4.0)
- Added the option to ignore external users. (6.1.10.0)
- Microsoft Defender for Endpoint (Microsoft Defender ATP) - Added the option to only fetch devices with hostname values. (6.1.5.0)
- Microsoft Endpoint Configuration Manager (MECM)
- Added the option to parse historical compliance status information to the Current Compliance Status field. (6.0.18.8)
- Added the option to parse the latest compliance status information to the Current Compliance field. (6.0.18.8)
- Added support for SSL. (6.1.8.0)
- Added the option to fetch software reported as uninstalled by SCCM. (6.1.9.1)
- Microsoft Entra ID (Azure AD) and Microsoft Intune
- The name of the 'Microsoft Azure AD and Microsoft Intune' adapter was changed to Microsoft Entra ID (Azure AD) and Microsoft Intune in line with changes by Microsoft. (6.1.1.0)
- Added the option to fetch autopilot device identities from Intune. (6.1.4.0)
- Added the option to disable fetch of groups and to list groups not to fetch. (6.1.7.0)
- Added the option to fetch administrative units as groups. (6.1.1.0)
- The option to fetch group app roles is now available to Cyber-Security Asset Management, not just SaaS Management. (6.1.11.0)
- Microsoft SCOM - Added support for SSL. (6.1.9.0)
- NetBrain - NetBrain Domain Name and NetBrain Tenant Name were added to the connection parameters. (6.1.4.0)
- Netskope - Added permissions for endpoints that are required in order to use API V2. (6.1.3.0)
- NTT Application Security - The name of the 'WhiteHat' adapter was changed to NTT Application Security.
- Okta -
- Added the option to fetch security logs based on security.request.blocked and security.threat.detected events. (6.1.7.0)
- Added the option to fetch user information to populate in the relevant device-specific fields. (6.1.7.0)
- Oracle Cloud - Added the capability to enter a comma-separated list of tag keys to be saved as fields. (6.1.8.0)
- Oracle Enterprise Manager - Added the capability to enter a comma-separated list of devices with specified type names to be fetched. (6.1.4.2)
- Orca Cloud Visibility Platform - Added the option to parse all Orca tags as fields. (6.1.6.0)
- OneLogin - Added the 'SSO Provider' option. (6.1.6.0)
- Palo Alto Networks Cortex Xpanse
- Added the option to categorize devices into different asset categories using their asset type. (6.1.11.0)
- Palo Alto Networks IoT Security (Zingbox)
- Added the option to fetch vulnerabilities. (6.1.10.0)
- Palo Alto Networks Panorama
- Added the option to connect NAT firewall rules (public to private IPs only) with Network assets. (6.1.6.0)
- Added the option to connect Access firewall rules (from untrust sources) with Network assets. (6.1.6.0)
- Palo Alto Networks Prisma Cloud
- Added the capability to select how many days of alerts to fetch into devices. (6.1.7.0)
- Added the option to add the
heuristicSearch: true
parameter to the request. (6.1.8.0)
- PaperCut - API Health Token added to connection parameters. (6.1.3.1)
- Proofpoint Endpoint DLP - Added the option to use the latest version of the API. (6.1.2.0)
- Qualys Cloud Platform
- Added the option to fetch Web Applications. (6.1.5.0)
- Added the capability to enter Qualys tags to skip device ingestion. (6.1.11.0)
- Rapid7 InsightCloudSec - Added the option to fetch Insight findings. (6.1.11.1)
- Rapid7 InsightIDR - Added the option to use the FQDN as a Host Name for devices. (6.1.1.2)
- Rapid7 Nexpose Warehouse
- Added the option to utilize complex queries to fetch data from the database. (6.1.6.0)
- Added the capability to fetch only devices and corresponding information if they were seen by Rapid7 Nexpose Warehouse in the number of days set. This allows the system to pull a recent history of the devices rather than the entire system history every fetch. (6.1.6.0)
- Red Hat Automation Controller (Ansible Tower) - Added the option to enable using the device name for the asset ID. (6.1.10.0)
- Red Hat Insights - Added the option to use API authentication for this adapter. (6.1.4.0)
- Salesforce - Added the option to fetch new audit logs: URI and Lightning URI events. (6.1.3.2)
- SAP Concur 4.x - Refresh Token is now used in the adapter connection instead of Company ID and Company Auth Token. (6.0.10.2)
- Secureworks Taegis XDR (Red Cloak TDR) - Added the capability to enter a list of tags to filter. (6.1.7.0)
- SentinelOne
- Added the option to remove old tags that are no longer being fetched from SentinelOne. (6.1.6.0)
- Added the option to fetch only the version with the most recent installed date for each software.(6.1.8.0)
- Added the option to fetch only the latest installed app. (6.1.9.0)
- ServiceNow
- Added the option to fetch active extensions. (6.1.3.2)
- Added the ability to fetch the Application Settings SaaS Data from Script Action, Email Filter, and Antivirus settings. (6.1.5.3)
- SharePoint
- Added the option to fetch sites as Application Resource assets instead of devices. (6.1.5.0)
- Added the option to fetch site permissions.(6.1.10.7)
- SolarWinds Network Performance Monitor - Added the option to select the IPAM devices to fetch according to their status. (6.1.3.2)
- Stairwell - Added the option to parse the hostname and serial number if there are spaces surrounding the hyphen in the asset name for macOS devices. (6.1.11.0)
- Tenable.asm - Added the capability to enter a list of tags to filter. (6.1.3.0)
- Tenable Identity Exposure (formerly Tenable.ad) - API Secret no longer required for configuration. (6.1.1.0)
- Tenable.io - Added the option to use the most recent CVSS version as the CVSS Score.
- Tenable.sc
- Added the option to fetch devices from mobile repositories. (6.0.19.4)
- Added the option to use CVE dates for the device last seen calculation. (6.1.9.0)
- VMware Workspace ONE (AirWatch) - Added the option to fetch Smart Groups. (6.1.2.3)
- Vulcan - Added the option to fetch vulnerabilities. (6.1.1.4)
- WhatsUp Gold
- Added the option to fetch additional device attributes from the endpoint WhatsUp Gold Device_FindAttributes API. (6.1.7.0)
- Added the option to fetch device credentials from the endpoint WhatsUp Gold Device_Credentials API. (6.1.7.0)
- Added the capability to enter a number of months to fetch data on the state of the device as well as the uptime of the device's power supply from the endpoint WhatsUp Gold DeviceReport_DeviceStateChangeReport API. (6.1.7.0)
- WhiteHat - Added the capability to set the number of assets to fetch in the API response from the WhiteHat API. (6.1.4.0)
- Wiz - Added the capability to filter vulnerabilities by detection method. (6.1.9.3)
- Workday
- Added the option to create users only from the custom report data. (6.1.1.0)
- Added the option to include custom organization data. (6.1.3.3)
- Added the option to fetch application settings. (6.1.3.3)
- Tenant Login URL, Read Only Admin Username/Password, and 2FA Secret Key added to connection parameters. (6.1.3.3)
- Added the option to fetch only application settings. (6.1.6.0)
- Zabbix - Added the option to set hostnames from the relevant item in the inventory section that has a hostname. (6.1.9.0)
- ZeroFox - Added the option to use API Key authentication for this adapter. (6.1.9.0)
- Zoom - Added the option to fetch application settings and licenses for accounts with Axonius SaaS Management. (6.1.11.0)
- Zscaler Client Connector - Added a default value for Host name or IP address. (6.1.1.5)
- Zscaler Web Security
- Added the option to include devices that have the Linux operating system on the device fetch. (6.1.3.2)
- Added the option to not fetch SaaS application users. (6.1.4.0)
- Added the capability to enter the maximum rate of requests per hour by Axonius to the Zscaler server. (6.1.11.0)
For more details:
- Explore the entire list of supported and integrated adapters.
New Enforcement Actions
The following Enforcement Actions were added:
- BMC Atrium - Create or Update Asset - Creates and/or updates assets in BMC Atrium. (6.0.18.8)
- Change Policy - VMware Carbon Black App Control(6.1.6.0) - Changes the VMware Carbon Black Cloud (Carbon Black CB Defense) policy assigned to each asset.
- Google Workspace - Activate User (6.1.9.0) - Activates the Google Workspace account for each asset that matches the parameters of the selected query or selected assets.
- Google Workspace - Suspend User (6.1.9.0) - Deactivates the Google Workspace account for each asset that matches the parameters of the selected query or selected assets.
Okta - Create User (6.1.5.0)
Okta - Create Group (6.1.5.0)
Okta - Update Group (6.1.5.0)
Okta - Delete Group (6.1.5.0)
Okta - Update User (6.1.5.0)
Okta - Create Role (6.1.5.0)
Okta - Update Role (6.1.5.0)
Okta - Delete Role (6.1.5.0)
TeamDynamix - Create or Update Asset - Creates and updates assets in TeamDynamix. (6.1.7.0)
Update Zendesk Tickets - Enables updating tickets, which have specific ticket IDs. (6.1.9.1)
Wiz - Add Tags to Assets - Correlates and adds tags to assets in Wiz. (6.1.5)
Zendesk - Create Custom Object per Asset - Creates a custom object per asset in Zendesk for each asset that matches the parameters of the selected query or assets selected in one of the asset tables. (6.1)
Updated Enforcement Actions
The following Enforcement Actions were updated:
Axonius - Deploy Files and Run Shell Command on Windows Assets - Added the field Replace command variables with Axonius fields that allows values from assets to be used in the Windows command. (6.1.2.0)
AWS - Send CSV to S3 - Updated the Export Method field. (6.1.3.2)
CSV - Send to SCP - Updated the Export Method field. (6.1.3.2)
CSV - Send to Share - Updated the Export Method field. (6.1.3.2)
CSV - Send to SFTP - Updated the Export Method field. (6.1.3.2)
Microsoft Azure AD - Enforcement Actions renamed to Entra ID to reflect the name change in Microsoft. (6.1.1.0)
Entra ID (Azure AD) - Forward Email Rule - Added the ability to remove an email address from the rule. (6.1.1.2)
- It is possible to use the Enforcement Action to create a single Google Workspace user from scratch, in addition to the already existing method of creating single/multiple assets from existing assets (Clone operation). (6.1.6.0)
- The Google Workspace Users have new fields - First Name, Last Name, Email, and Username. (6.1.6.0)
- There is a new option to auto-generate passwords, in addition to the already existing manually entered passwords. (6.1.6.0)
Google Workspace - Add Users to Group - Added ability to create a single Google Workspace user from scratch with new fields (First Name, Last Name, Email, and Username) and auto-generate passwords. (6.1.1.7)
Jira Service Management - Create Ticket and Jira Service Management - Create Ticket per Asset - Changed the name of these Enforcement actions from "Issue" to "Ticket". (6.1.3.0)
PagerDuty - Create Incident - Added 'Requester Email' field. (6.1.3.2)
GSuite Enforcement Actions Renamed to Google Workspace (6.1.1.3)
- The following Enforcement Actions were renamed from GSuite to Google Workspace:
- Google Workspace - Add Users
- Google Workspace - Add Users to Group
- Google Workspace - Change Users OU
- Google Workspace - Delete Extension
- Google Workspace - Remove Users
- Google Workspace - Remove Users From Group
- Google Workspace - Reset Users Logon Cookies
- Google Workspace - Role Assignments Actions
- Google Workspace - Send Message
- The following Enforcement Actions were renamed from GSuite to Google Workspace:
Zendesk - Create Ticket and Zendesk - Create Ticket Per Entity - Added the ability to add any field to the ticket with the Additional Fields field. (6.1.0.2)
SharePoint - Send CSV - Required Permissions, APIs, and Required Ports were added to the documenation.