.png?sv=2019-07-07&sig=%2Bm4boEyu91Bhf%2FLrTLDKg3jaTsE%2FlXs5xJ16mmIa3m4%3D&spr=https%2Chttp&st=2023-03-28T05%3A49%3A08Z&se=2023-03-28T05%3A59%3A08Z&srt=o&ss=b&sp=r){kind=logo}
Use Cases
- 24 Mar 2022
- 2 Minutes to read
-
Print
-
DarkLight
-
PDF
Use Cases
- Updated on 24 Mar 2022
- 2 Minutes to read
-
Print
-
DarkLight
-
PDF
Axonius strengthens asset management by supporting a wide range of use cases.
The table below describes some of the main use cases and examples for predefined Saved Queries that supports those use cases. To run a specific predefined Saved Query, search for the desired Saved Query and run it. For more details, see Saved Queries.
NOTE
A predefined Saved Query will be displayed in the Saved Queries page only if all the adapters comprising it are configured on your Axonius environment.
| UC# | Entity Type | Use Case Name | Example Predefined Saved Queries | Comments |
|---|---|---|---|---|
| 1 | Devices | Finding Endpoints Missing Agents | 1. AD devices missing agents 2. Windows Server 2016 devices managed by AD with missing agents 3. Windows devices missing CrowdStrike agent |
Similar Saved Queries exist for other agents. For example: - VMware Carbon Black App Control (Carbon Black CB Protection) - VMware Carbon Black EDR (Carbon Black CB Response) - CrowdStrike - CylancePROTECT - McAfee ePolicy Orchestrator (ePO) - Tanium - Symantec Endpoint Protection |
| 2 | Devices | Finding Endpoint Agents Not Functioning Correctly | 1. Windows devices with an inactive CrowdStrike agent 2. Windows devices with CrowdStrike agent version not updated 3. Windows devices with a malfunctioning CrowdStrike agent |
Similar Saved Queries exist for other agents. For example: - VMware Carbon Black App Control (Carbon Black CB Protection) - VMware Carbon Black EDR (Carbon Black CB Response) - CrowdStrike - CylancePROTECT - McAfee ePolicy Orchestrator (ePO) - Tanium - Symantec Endpoint Protection |
| 3 | Devices | Finding Devices Not Being Scanned For Vulnerabilities | AWS instances not scanned by a VA tool | |
| 4 | Devices | Discovering Cloud Instances Not Being Scanned For Vulnerabilities | 1. AWS instances not scanned by a VA tool 2. AWS instances that have not been recently scanned by Rapid7 Nexpose 3. AWS instances that have not been recently scanned by Qualys |
|
| 5 | Devices | Finding Assets Not Recently Scanned For Vulnerabilities | 1. IPv4 public subnets 2. Linux devices not scanned by a VA tool |
|
| 6 | Devices | Finding Unmanaged Devices | 1. Unmanaged Devices 2. Unmanaged devices not scanned by a VA tool 3. Unmanaged VMware machines |
|
| 7 | Devices | Finding Rogue Devices On Privileged Networks | 1. Rogue devices on privileged networks 2. Rogue devices on Fortinet not managed by AD |
|
| 8 | Devices and Users | Accelerate Incident Response Investigations | Search Axonius asset data to gain context into devices and users associated with security alerts | |
| 9 | Devices and Users | CMDB Reconciliation and Maintenance | Find discrepancies present in CMDB platforms and automatically maintain CMDBs using the Axonius correlated asset data. | |
| 10 | Devices | Find Ephemeral Devices | Find ephemeral devices, such as containers and virtual machines using the Axonius Cybersecurity Asset Management platform. | |
| 11 | Devices | Finding Assets With Improper Configuration Options | Devices with firewall rules allowing access from public IPs | |
| 12 | Devices | Finding Devices With Vulnerable Software | 1. Devices with critical vulnerabilities 2. Devices with vulnerable software 3. Devices with public IPs that are vulnerable to a specific CVE ID 4. Devices with open ports that are vulnerable to a specific CVE ID |
|
| 13 | Devices | Finding Assets With Out-of-Policy Software Installed | 1. All installed software on devices 2. Devices with Apple software 3. Devices with "torrent" software |
|
| 14 | Users | Finding Users with Compromised Credentials | 1. AD enabled users with bad configurations 2. Admin users with passwords that never expire 3.Users disabled in Okta but not in AD 4. Users found in HIBP with compromised passwords |
|
| 15 | Users | Finding Users with Old Passwords | 1. Active admin users with passwords not changed in the last 30 days 2. Users with passwords not changed in the last 30 days |