What's New in Axonius 4.6

Release Date: June-26-2022

Axonius version 4.6 includes major enhancements and additional features. Read the release notes to learn what's new.

Axonius Version 4.6 from Axonius on Vimeo.

Release Highlights

• Dashboard Enhancements
• Vulnerability Management Module
• Advanced Asset Investigation Capabilities
• Query Management
• Cloud Compliance Dashboard

Ongoing Updates

Check out ongoing updates to Version 4.6
What's New in Axonius 4.6.8
What's New in Axonius 4.6.12
What's New in Axonius 4.6.13
What's New in Axonius 4.6.14
What's New in Axonius 4.6.15
What's New in Axonius 4.6.16
What's New in Axonius 4.6.17
What's New in Axonius 4.6.18

Dashboard New Features and Enhancement

The following new features and enhancements were added to the Dashboards:

Dashboard Enhancements

Resize Dashboard Chart

It is now possible to resize all the dashboard charts by selecting a size for the charts. This enables the following:

• In pie charts the legend is displayed
• Values are easier to see for charts with many values
• When charts are resized more data points can be displayed
• Resized charts are displayed in reports at their new size.

Multiple Private Dashboards

• It is now possible to create more than one private dashboard.
• Default space access is now private.

Field Summary Chart Timeline Format

A timeline format was added to the Field Summary chart. This enables tracking of a specific calculated value of a field over time, and can assist in identifying anomalies.

Timeline for Top Field Segmentation Results

• Timeline presentation was added to Field Segmentation Results and shows either the existing total count across time or the top 20 results (based on the sort) across time.
• This enables users to view a specific segment over time, for example, adoption of OS versions or implementation of a new security system.
• In addition, it enables users to see a trend on one side and actual values as a bar chart for the defined time.
• Existing Segmentation charts with timelines will be split into two separate charts where the new segmentation timeline chart will be named "Titles - {Original chart name} - Timeline".

Field Segmentation Enhancement

It is now possible to perform field segmentation on the Adapter Connection Label field.

Matrix Table Supports Preferred Fields

The Matrix Table now supports preferred fields.

Chart Description Field

A description field was added to charts.

Limitations

Vulnerability Management Module

A new Vulnerability Management Module was added.

Added Vulnerabilities as a new asset type. A new Vulnerabilities page correlates all data related to vulnerabilities and affected devices, with an option to query on device data. The Vulnerabilities page delivers increased visibility into cybersecurity vulnerabilities. It helps security, IT, and risk teams identify vulnerabilities across fleets of devices, enabling them to prioritize vulnerabilities based on asset criticality, potential impact, and recognized threats. This enables users to have a view of everything happening about vulnerabilities.
Vulnerabilities introduces a unique Query Wizard that allows users to create a query on Vulnerabilities, where they can find the vulnerabilities that are contained only on the devices that match the set of devices in the Device Query. The queries on the Vulnerabilities page have 2 levels; first a query on the Vulnerabilities and then a Device query.

Limitations

New Asset Investigation Capabilities

The following new Asset Investigation capabilities were added.

Asset Investigation

An Asset Investigation tab was added to the Device Profile page and the User Profile page. This adds advanced asset investigation capabilities which allow users to see how field values change over time.

Comparison Report

Added the capability to export a Comparison Report run on Assets showing the difference showing in field values between two dates for the selected assets.

Query Management New Features and Enhancements

The following new features and enhancements were added to the Queries:

New Queries Page

The Saved Queries page was renamed Queries. The Queries page has an entirely new look and feel, with a wide range of new features. Queries page is accessed using a new Queries icon in the side menu or from the Saved Queries link on any of the relevant pages.

• The Queries page is now unified for all queries across the system. You can see all of the saved queries from all the Devices, Users, Vulnerabilities, Activity Logs, and Adapter Fetch History on one consolidated page.
• Added the capability to see the structure of the query expression from the Query drawer in the Query History page without having to run the query.

New Query Folders

Queries can now be saved to folders so that queries can be managed and located more easily.

• View all the folders and their structure on the Queries page.
• Users can create folders as required up to a nested level of 5 folders.
• The system comes with a set of predefined queries in the Predefined Queries folder. When users create a query anywhere in the system, they must define in which folder to save the query.

Bulk Change of Column View for Saved Queries

Users can use the Actions menu on the Queries page to change the columns displayed for one or more queries in the same module.
The Query drawer displays the columns that are displayed as part of the saved query.

Support Queries in Adapter Fetch History and Activity Logs

You can create saved queries on Activity Logs and Adapters Fetch History using filters and the search.

Once the filters and searches are saved as a query they can be searched for, duplicated and run from the Queries page. This new feature also involved changes in the layout of the Activity Logs page, including move of the position of the Search field.
These Queries based on filters can now be used as queries in the following basic enforcement set actions: Send Email, Send to Syslog Server, Send to HTTPS Log Server, Send Slack Message and Push System notification.

Limitations

Devices and Users Page New Features and Updates

The following new features and enhancements were added to the Devices and Users pages.

Support Dates with Custom Data

The Add Custom Data action now supports date type fields.

Refine Data Display

Column Filter was renamed Refine Data Display adding more filtering tools for the data, including the ability to filter on an entire row. It is now possible to show only specific device/user asset entities that match defined criteria in the devices/users table results based on an expression, or on a specific adapter/connection.

Support for Additional Operators in Refine Data Display

The following operators were added to Refine Data Display (formerly column filters) to provide advanced capabilities in Refine Data Display.

• In
• “<” (Less than)
• “>” (Greater than)
• Regex (Regular expressions)
• Starts.

Show Adapter Connection Source for Basic Info in the Asset Profile

Added a tooltip on the Basic Info tab in the Asset Profile page to show from which adapter source information in the aggregated data fields was fetched.

Link to Device Profile Aggregated Tab from Field Popover

Complex fields in the device table, show all parameters with a link to open them directly in the Device Profile Aggregated tab. All the results for that complex field are displayed in a table format.

Adapter Interface Updates

The following updates were made to the common functionality across all adapters:

Different Advanced Settings with Different Scheduling for an Adapter

• Added the ability to configure different advanced settings with different scheduling for an adapter. This allows users to configure a number of fetch cycles for the same asset pool, for instance to configure a “heavy” infrequent (for instance once a week) fetch cycle and a light frequent (for instance daily) one.
• The advanced settings for all adapters with additional settings specific for that adapter is now named Advanced Configuration.
• It is now possible to set different advanced settings for each adapter connection.

Configure a Number of Identical Adapter Connections

It is now possible to create several identical connections to the same adapter source, allowing users to create connections identical in all parameters save for fetch parameters. Each adapter connection will receive a unique connection ID.

Number of Connection Attempts before Fetch Failure

You can now configure the number of times a fetch reattempts to connect before failing to retrieve data.

Adapter Ingestion Rules

It is now possible to use Ingestion Rules to decide which entities to ingest from the data fetched from adapters. Set Ingestion Rules from a new tab under Adapter Advanced Settings.

Instance Page Updates

Added the capability to set a banner to help distinguish between Axonius Instances. This is relevant when there are a number of instances, for instance a test environment and a production environment.

Administrator Settings New Features and Enhancements

The following updates were made to various Administrator settings:

Discovery Settings on Lifecycle Settings

The capability to add more than one scheduled discovery time per day was added when the users chooses Every x days or Days of week to run at set hours on the days chosen.

Login Settings

In the GUI Settings page, under Login Settings you can set a custom message to be displayed when an unauthorized person tries to login.

Multiple Enterprise Password Manager Vaults Supported

Added the capability to support more than one Enterprise Password Manager Vault at the same time. This is useful if your company is using different vaults for different adapters. When you configure more than one password manager, Axonius lets you choose which password manager to use in the password field.

Timeout Settings

Added capability to configure receiving an in-browser notification that their session is about to expire, even when the Axonius tab is not active.

Correlation Settings

Added capability to correlate AWS Cloudfront resources together with their associated resources.

MAC Address Metadata Enrichment

Added capability on the Global Settings tab, under Data Enrichment to enrich each MAC address with data from the DeepMac database. This adds the Production Date, Manufacturing Country and Device Type.

Time Zone Indication in CSV Reports

Added capability in Global Settings to add a time zone label to date field columns appearing in CSV reports.

New Permissions

New Manage Notes permission added. This permission enables the user with the permission to add and edit notes, separately from the Edit Device and Edit User permission.

Enforcement Center New Features and Enhancements

The following new features and enhancements were added to the Enforcement Center:

New Enforcement Center Page Design

The Enforcement Center Page has been redesigned. Some of the changes include:

• Ability to filter Enforcement Sets by query, asset type, scheduling type, category or free text.
• Expand Enforcement Sets to see each Action configured as part of the set
• Updated table columns provide more information about the status of the Enforcement Set and the latest run.
• and more.

Show Task Scheduling Explicitly in Table

The Enforcement Center now shows more explicit details about the Trigger Schedule. When you choose to trigger an enforcement on a specific day or month, the Enforcement Center displays the actual day of the week or date in the month chosen. The user can now see exactly when a scheduled task is supposed to run and easily view scheduling for all enforcement sets in one place.

Support Dates with Custom Data

The Add Custom Data action supports dates.
You can either choose Now (Execution time) or set a Specific date.

• Now (Execution time) adds the date and time that the Enforcement action is run. This means that you can add dates to an asset or a group of assets and easily identify the first non-compliant date of an asset.
• A Specific date can be either in the past or the future. When you choose Specific date, you can select a date and time. The times displayed are in UTC.
  These dates can later be used themselves in queries.

Limitations

Configure non-adapter Related Enforcement Actions to run on Specific Nodes

It is now possible to configure enforcement actions, which are not a result of an adapter to run on specific nodes on Create Jira Issue, Create Jira Issuer per Entity and Send to Webhook enforcement actions.

Limitations

Cloud Asset Compliance New Features

The following updates were made to Axonius Cloud Asset Compliance:

Cloud Compliance Dashboard

The Cloud Compliance Dashboard is a new predefined dashboard that displays information about AWS, Azure, Google and Oracle Cloud, depending on the cloud adapters that you have connected.

The following charts are displayed for each cloud provider you have deployed:

• CIS benchmark compliance score, per cloud service provider
• CIS benchmark compliance score of each cloud provider over a time period
• Top 10 failed controls by affected users
• Top 10 failed controls by affected devices

General Updates

Color Updates

The color scheme was updated across the platform to present one unified consistent set of colors for the whole Axonius user interface.

New Adapters

The following new adapters were added to this release:

• Admin by Request

  • Admin By Request provides centralized and auditable management of local admin rights. (Fetches: Devices, Users)

• Airlock Digital

  • Airlock Digital is an application whitelisting software provider. (Fetches: Devices)

• Alert Logic MDR

  • Alert Logic delivers managed detection and response (MDR) with comprehensive coverage for public clouds, SaaS, on-premises, and hybrid environments. (Fetches: Devices)

• Asana

  • Asana is a web and mobile work management platform designed to help teams organize, track, and manage their work. (Fetches: Users)

• AssetPanda

  • AssetPanda is a cloud-based asset tracking and management platform. (Fetches: Devices)

• Attivo BOTSink

  • Attivo BOTSink offers network-based threat deception for post-compromise threat detection. (Fetches: Devices)

• Azure Defender for IOT

  • Azure Defender for IoT is a solution for asset discovery, vulnerability management, and threat detection for Internet of Things (IoT) and operational technology (OT) devices. (Fetches: Devices)

• Azure DevOps

  • Azure DevOps is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. (Fetches: Users)

• BMC TrueSight Presentation Server

  • BMC TrueSight Presentation Server consumes data from various BMC TrueSight products to provide a consolidated set of views for monitoring the infrastructure, real and synthetic applications, and capacity planning. (Fetches: Devices)

• Cato Networks

  • Cato SASE is a cloud-native secure access service edge built on a full mesh topology, with over 65 global PoPs, and replaces the need for enterprises to route using MPLS. (Fetches: Devices, Users)

• Ceridian Dayforce

  • Ceridian Dayforce is an HR cloud platform that delivers payroll, benefits, workforce, and talent management. (Fetches: Users)

• Check Point CloudGuard

  • Check Point CloudGuard automates governance across multi-cloud assets and services including security posture assessment, misconfiguration detection, and enforcement of security best practices and compliance frameworks. (Fetches: Devices, Users)

• Citrix ADC

  • Citrix ADC is an application delivery and load balancing solution for monolithic and microservices-based applications. (Fetches: Devices)

• Citrix Director

  • Citrix Director is a web-based monitoring console for Citrix XenApp and XenDesktop virtualization platforms that allows administrators to control and monitor virtual applications and desktops. (Fetches: Devices, Users)

• Citrix ShareFile

  • ShareFile is a secure content collaboration, file sharing, and sync software. (Fetches: Users)

• CFEngine

  • CFEngine is a software development automated workflow solution. (Fetches: Devices)

• Cohesity

  • Cohesity is a cloud data platform that provides a comprehensive range of data management services. (Fetches: Devices)

• ConnectWise Automate

  • ConnectWise Automate monitors, manages, and supports client networks. using out-of-the-box scripts, continuous monitoring, and automation capabilities. (Fetches: Devices)

• Cymulate

  • Cymulate is a breach and attack simulation (BAS) platform that helps companies optimize security posture by testing internal and external defenses. (Fetches: Devices)

• Dell iDRAC

  • The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. (Fetches: Devices)

• Dell WYSE Management

  • Dell Wyse Management Suite is a cloud solution that enables an IT admin to securely manage Dell client devices. (Fetches: Devices)

• DocuSign

  • DocuSign helps organizations connect and automate how they prepare, sign, act on and manage agreements. (Fetches: Users)

• Domotz

  • Domotz is network monitoring software. (Fetches: Devices)

• Ermetic

  • Ermetic is a cloud infrastructure security platform, focusing on identity protection. (Fetches: Devices)

• Exabeam

  • Exabeam is a cloud-based platform combining SIEM, threat detection, investigation, and response (TDIR) and XDR capabilities. (Fetches: Devices)

• EZOfficeInventory

  • EZOfficeinventory is a cloud-based asset tracking platform used for tracking physical and digital assets. (Fetches: Devices, Users)

• F-Secure Policy Manager

  • F-Secure Policy Manager provides a centralized management console for the security of the managed hosts in the network. (Fetches: Devices)

• FlexNet Manager Suite Cloud

  • FlexNet Manager Suite Cloud from Flexera is a SaaS offering for software license compliance and license optimization. (Fetches: Devices)

• FortiPortal

  • FortiPortal is a cloud-based security policy, wireless management, and analytics for MSSPs, enterprises, education and government customers. (Fetches: Devices)

• Forward Networks

  • Forward Networks provides a vendor-neutral abstraction that models the organization's network across all devices, both on-prem and in the cloud. (Fetches: Devices)

• GreyNoise

  • GreyNoise collects, analyzes, and filters internet scan activity. (Fetches: Devices)

• HP NNMi XML File

  • HP NNMi XML File is a network health and performance monitoring platform. (Fetches: Users)

• HubSpot

  • HubSpot provides software products for inbound marketing, sales, and customer service. (Fetches: Users)

• IBM Hardware Management Console (HMC)

  • The Hardware Management Console (HMC) is a hardware appliance that you can use to configure and control one or more managed systems. You can use the HMC to create and manage logical partitions and activate Capacity Upgrade on Demand. Using service applications, the HMC communicates with managed systems to detect, consolidate, and send information to service and support for analysis. (Fetches: Devices)

• IGEL Universal Management Suite (UMS)

  • IGEL Universal Management Suite (UMS) is a single management solution for decentralized endpoints. (Fetches: Devices)

• Intel DCMC

  • Intel® Data Center Manager is a software solution that collects and analyzes the real-time health, power, and thermals of a variety of devices in data centers. (Fetches: Devices)

• Intezer Protect

  • Intezer Protect offers runtime cloud workload protection. (Fetches: Devices)

• Kandji

  • Kandji is an Apple device management (MDM) solution for macOS, iOS, iPadOS, and tvOS. (Fetches: Devices)

• Kolide K2

  • Kolide K2 is a paid cloud-hosted SaaS platform for gathering detailed device information and securing endpoints. (Fetches: Devices)

• Landscape

  • Landscape by Canonical is a management tool used to deploy, monitor and manage Ubuntu servers. (Fetches: Devices)

• LaunchDarkly

  • LaunchDarkly is a continuous delivery platform and feature management platform that provides feature flags as a service. (Fetches: Users)

• Lucidchart

  • Lucidchart allows users to collaborate on drawing, revising and sharing charts and diagrams. (Fetches: Users)

• Microsoft Cloud App Security

  • Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. (Fetches: Users)

• Microsoft SCOM (System Center Operations Manager)

  • Microsoft SCOM (System Center Operations Manager) is a cross-platform data center monitoring system for operating systems and hypervisors, reporting state, health and performance information of computer systems. (Fetches: Devices)

• Microsoft System Center Virtual Machine Manager

  • Virtual Machine Manager (VMM) is a unified management application for on-premises, service provider, and Azure cloud virtual machines. (Fetches: Devices)

• Nagios Core

  • Nagios Core provides monitoring of all mission-critical infrastructure components including applications, services, operating systems, network protocols, systems metrics, and network infrastructure. (Fetches: Devices)m

• Netdisco

  • Netdisco is a web-based network management tool designed for network administrators. (Fetches: Devices)

• NetIQ Identity Manager

  • NetIQ Identity Manager by MicroFocus uses integrated identity information to create and manage identities and control access to enterprise resources. (Fetch: Users)

• Nucleus Security

  • Nucleus Security provides unified vulnerability management via integrations with third-party tools including threat intelligence, penetration testing, appsec, network scanners, and more. (Fetches: Devices)

• Obsidian Security

  • Obsidian delivers a security solution for SaaS applications built around unified visibility, continuous monitoring, and security analytics. (Fetches: Devices, Users)

• Oomnitza Enterprise Technology Management

  • Oomnitza Enterprise Technology Management helps IT teams manage technology assets with an agentless solution for endpoints (laptops, mobile devices, monitors, peripherals, and accessories), software (desktop, cloud, virtual machines), and users. (Fetches: Devices, Users)

• OpenLDAP

  • OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. (Fetches: Devices, Users)

• Opsgenie

  • Opsgenie is an alerting and incident response tool. (Fetches: Users)

• Opsview

  • Opsview is a monitoring platform for operating systems, networks, cloud, VMs, containers, databases, applications, and more. (Fetches: Devices)

• Proofpoint TAP

  • Proofpoint Targeted Attack Protection (TAP) is an email-based security solution for ransomware prevention and other email-based threats. (Fetches: Users)

• PRTG Network Monitor

  • PRTG is a network monitoring application for Windows and Linux systems and servers, as well as miscellaneous hosts such as switches, routers, and other devices. (Fetches: Devices)

• Pulumi Cloud Engineering Platform

  • Pulumi provides an Infrastructure as Code solution for Developers and Infrastructure Teams, enabling them to build, deploy, and manage cloud applications and infrastructure using various languages, tools, and engineering practices. (Fetches: Users)

• Pulseway

  • Pulseway is a remote monitoring and management (RMM) system solution enabling an admin to monitor, manage and troubleshoot workstations, servers and network devices across an environment remotely. (Fetches: Devices)

• Rubrik

  • Rubrik provides data security and data protection on a single platform, including: Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery, and orchestrated application recovery. (Fetches: Devices)

• SafeConsole

  • SafeConsole by DataLocker allows administrators to provision, secure, manage, and audit encrypted USB drives, USB ports, and virtual folders. (Fetches: Users)

• Samsung Knox

  • Samsung Knox is a built-in solution used to secure, deploy, and manage Samsung and Galaxy devices. (Fetches: Devices)

• Sectigo

  • Sectigo provides digital certificate lifecycle and PKI management. (Fetches: Devices)

• SecurityScorecard

  • SecurityScorecard rates cybersecurity postures of corporate entities through completing scored analysis of cyber threat intelligence signals for the purposes of third party management and IT risk management. (Fetches: Devices)

• SOTI MobiControl

  • SOTI MobiControl is a software system for managing mobile devices in the enterprise.
    (Fetches: Devices)

• Sunbird

  • Sunbird dcTrack is a data center infrastructure monitoring product that provides dashboards and KPIs for remote data center management. (Fetches: Devices)

• Sweepatic

  • Sweepatic automates continuous mapping, monitoring, and managing of all internet-connected assets and risks to deliver an attack surface management platform. (Fetches: Devices)

• Thinkst Canary

  • Thinkst Canary is deception technology deployed as tokens to catch malicious activity. (Fetches: Devices)

• Topdesk Enterprise Service Management

  • TOPdesk Enterprise Service Management (ESM) lets service teams process requests from a single platform. (Fetches: Devices)

• UKG Pro (Ultimate Software UltiPro)

  • UKG Pro (formerly Ultimate Software UltiPro) is cloud-based human capital management (HCM) software. (Fetches: Users)

• Veeam

  • Veeam provides backup, disaster recovery and modern data protection software for virtual, physical and multi-cloud infrastructures. (Fetches: Devices)

• VMware Carbon Black Cloud Workload

  • VMware Carbon Black Cloud Workload is a security solution for workloads, aiming to reduce the attack surface and to protect critical assets. (Fetches: Devices)

• XMC Extreme Management Center

  • XMC Extreme Management Center is a wired and wireless network management and automation software. (Fetches: Devices)

• ZeroFox

  • ZeroFox is an intelligence-based analysis and remediation engine used to detect digital risks such as phishing, malware, impersonation, and piracy targeted at digital assets. (Fetches: Users)

For more details:

• Explore the entire list of supported and integrated adapters.
• View Axonius 4.6 Adapter and Enforcement Actions Enhancements in this release.

New Enforcement Actions

The following Enforcement Actions were added:

• Install Software Using AWS SSM - Added a new enforcement action under the Manage AWS Services category.
  • This new action installs software on Amazon Web Services (AWS) instances that are the result of the saved query supplied as a trigger (or devices selected in the asset table).
• Patch Software Using AWS SSM - Added a new enforcement action under the Manage AWS Services category.
  • This new action installs software patches on Amazon Web Services (AWS) instances that are the result of the saved query supplied as a trigger (or devices that have been selected in the asset table).
• Create Jira Service Desk Incident per Entity - Added a new Enforcement Action under the Create Incident category.
  • This new action creates a Jira Service Desk Incident for each entity retrieved from the saved query supplied as a trigger (or from the entities selected in the asset table).
• Enable Users In Okta - Added a new Enforcement Action under the Manage Users and User Groups category.
  • This new action enables each Okta user that is the result of the saved query supplied as a trigger (or users selected in the asset table).
• Disable Users In Okta - Added a new Enforcement Action under the Manage Users and User Groups category.
  • This new action disables each Okta user that is the result of the saved query supplied as a trigger (or users selected in the asset table).
• Create Jira Insight Asset per Entity - Added a new Enforcement Action under the Manage CMDB Assets category.
  • This new action creates a Jira Insight asset for each entity retrieved from the saved query supplied as a trigger (or from the entities selected in the asset table).
• Add Kenna Tags - Added a new Enforcement Action under the Update VA Coverage category.
  • This new action adds Kenna tags for each of the entities that are the result of the saved query supplied as a trigger (or devices selected in the asset table).
• Remove Kenna Tags - Added a new Enforcement Action under the Update VA Coverage category.
  • This new action removes Kenna tags for each of the entities that are the result of the saved query supplied as a trigger (or devices selected in the asset table).
• Replace Kenna Tag - Added a new Enforcement Action under the Update VA Coverage category.
  • This new action replaces Kenna tags for each of the entities that are the result of the saved query supplied as a trigger (or devices selected in the asset table).
• Create TOPdesk Enterprise Service Management Ticket - Added a new Enforcement Action under the Create Incident category.
  • This new action creates a ticket in TOPdesk and attaches a .csv file of the assets retrieved from the saved query supplied as a trigger (or devices selected in the asset table).
• Create ChangeGear Incident - Added a new Enforcement Action under the Create Incident category.
  • This new action creates a single incident in ChangeGear listing all the affected assets retrieved from the saved query supplied as a trigger (or from the entities selected in the asset table).
• Add/Remove Host from CrowdStrike Falcon Host Group - Added a new Enforcement Action under the Execute Endpoint Security Agent Action category.
  • This new action adds or removes each of the devices from a Crowdstrike Host Group that are the result of the saved query supplied as a trigger (or devices selected in the asset table).
• Create Demisto Incident per Entity - Added a new Enforcement Action under the Create Incident category.
  • This new action creates an incident in Demisto for each entity retrieved from the saved query supplied as a trigger (or devices selected in the asset table).
• Run Absolute Reach Scripts - Added a new Enforcement Action under the Deploy Files and Run Commands category.
  • This new action runs an Absolute Reach script on each entity retrieved from the saved query supplied as a trigger (or devices selected in the asset table).
• Run Burp Suite Site Scan - Added a new Enforcement Action under the Enrich Device or User Data category.
  • This new action runs a Burp Suite site scan on each entity retrieved from the saved query supplied as a trigger (or devices selected in the asset table).
    Create Freshservice Asset - Added a new Enforcement Action under the Manage CMDB Assets category.
• This new action creates a Freshservice asset for each entity retrieved from the saved query supplied as a trigger (or from the entities selected in the asset table).
• Update Freshservice Asset - Added a new Enforcement Action under the Manage CMDB Assets category.
  • This new action updates a Freshservice asset for each entity retrieved from the saved query supplied as a trigger (or from the entities selected in the asset table).

For more details:

• See the complete Enforcement Action Library.
• View Axonius 4.6 Adapter and Enforcement Actions Enhancements in this release.

Axonius-hosted (SaaS) Deployments Updates

Tunnel Name Column

A Tunnel Name column was added to the Adapters Connection table. This is displayed only in the Axonius-hosted (SaaS) environment.

Deployment

Deploying Tunnel Dockerfile in ECS
You can now generate a Dockerfile of the Axonius tunnel (instead of a bash installer) and deploy it in ECS/EKS-like services.

Known Limitations

Vulnerability Management Module Limitations

• Vulnerability queries are not supported in reports or dashboards
• Data Refinement is not supported in Vulnerability queries

Adapter Fetch History and Activity Logs - Filter Based Query Module Limitations

Querying Capability

• Query search is currently not supported for these filters. Use ‘saved queries’ to open the queries page filtered by the relevant module.
• Currently all queries created are shared (not private)
• Queries based on filters do not include visualization of the query expressions based on the configured filter in the query drawer.
• Dashboard and reports are not currently supported for the new modules.
• Query History is not supported for activity logs and for adapters fetch queries.

Enforcement Actions

For enforcement tasks based on queries from Adapters Fetch and Activity Logs modules, if users want to review the task summary it is not possible to click and review/drill down to the actual results.

Non Adapter actions work with collector nodes Limitations

• Supported for all Jira and Webhook actions only

  Enforcement Tasks Table Limitations

• To maintain performance levels, only the last 2000 enforcement tasks are saved.

Dashboards Limitations

• Private dashboards cannot be set to public and public/roles cannot be set to private.
• System dashboard access cannot be set to private.