What's New in Axonius 3.9

Release Date: September-07-2020

Adapters

New Adapters

The following new adapters have been added in this release:

1. BeyondTrust Privilege Management for Windows
   • BeyondTrust Privilege Management for Windows delivers privilege management and application control, allowing organizations to eliminate admin rights across the entire business and enforce least privilege.
   • This adapter fetches the following types of assets: Devices, Users.
2. Checkmarx SAST
   • Checkmarx SAST (CxSAST) is a static application security testing solution used to identify security vulnerabilities in custom code. It is used by development, DevOps, and security teams to scan source code early in the SDLC, identify vulnerabilities, and provide actionable insights to remediate them.
   • This adapter fetches the following types of assets: Devices.
3. DNS Made Easy
   • DNS Made Easy offers DNS management services.
   • This adapter fetches the following types of assets: Devices.
4. F5 BIG-IQ Centralized Management
   • F5 BIG-IQ Centralized Management provides centralized management, licensing, monitoring, and analytics for BIG-IP infrastructure.
   • This adapter fetches the following types of assets: Devices.
5. Ivanti Security Controls
   • Ivanti Security Controls is a unified IT management platform used for managing and protecting Windows-based machines, Red Hat Enterprise and CentOS Linux machines, and VMware ESXi Hypervisors.
   • This adapter fetches the following types of assets: Devices.
6. LogMeIn Central
   • LogMeIn Central is a cloud-based endpoint management solution that enables monitoring and management of endpoint infrastructure.
   • This adapter fetches the following types of assets: Devices, Users.
7. OneLogin
   • OneLogin's unified access management platform centralizes access across on-prem and cloud environments to give full control, management, and security for data, devices, and users.
   • This adapter fetches the following types of assets: Users.
8. Symantec Endpoint Detection and Response (EDR)
   • Symantec Endpoint Detection and Response (EDR) detects, protects, and responds to threats to the organization's network.
   • This adapter fetches the following types of assets: Devices.
9. Workday
   • Workday offers software solutions for financial management, human resources, and planning.
   • This adapter fetches the following types of assets: Users.

For more details, explore the entire list of supported and integrated adapters.

Updated Adapters

The following adapters have been enhanced:

• Add Connection Dialog - Multiple enhancements:
  • Added a new Save button.
    • This new button lets you save the connection configuration changes without initiating data fetch from the configured source.
  • The Save and Connect button has been renamed to Save and Fetch to make it clear clicking the button will save the configuration changes and will also initiate data fetch from the configured source.
  • The Test Reachability button has been renamed to Check Network Connectivity to make it clear clicking the button will only validate the network connectivity to the supplied hostname or the IP address and does not test the credentials or the fetch data workflow.
  • Replaced the Cancel button with an ‘X' button in the top right corner of the Add Connection dialog.
    

• Aruba (Connection Configuration) - Added a new Is OS CX device checkbox to the Add Connection dialog for this adapter.
  • This new checkbox lets you select whether the switch is managed by the AOS-CX operating system.
  • If enabled, Axonius will consider the connected switch as managed by the AOS-CX operating system.
  • If disabled, Axonius will not consider the connected switch as managed by the AOS-CX operating system.
  • This new checkbox is required.
  • The default value for this checkbox is False.
    
    
• Carbon Black Adapters - The various Carbon Black adapters have been renamed:
  • The Carbon Black CB Defense adapter has been renamed to VMware Carbon Black Cloud (Carbon Black CB Defense).
  • The Carbon Black CB Protection has been renamed to VMware Carbon Black App Control (Carbon Black CB Protection).
  • The Carbon Black CB Response has been renamed to VMware Carbon Black EDR (Carbon Black CB Response).
    
    
• FreeIPA (Advanced Settings) - Added a new Fetch size limit field to the FreeIPA Configuration tab in the Advanced Settings for this adapter.
  • This new field lets you specify the maximum amount of devices or users returned from every fetch of all connections for this adapter.
  • This field is required.
  • The default value for this field is 10000.
    
    
• GitLab (Advanced Settings) - Added a new Fetch projects as devices checkbox to the GitLab Configuration tab in the Advanced Settings for this adapter.
  • This new checkbox lets you select whether to fetch projects as devices from GitLab.
  • If enabled, all connections for this adapter will fetch GitLab projects as devices.
  • If disabled, all connections for this adapter will not fetch GitLab projects.
  • This new checkbox is required.
  • The default value for this checkbox is False.
    
    
• Google Cloud Platform (GCP) (Advanced Settings) - Multiple enhancements:
  • Modified the Fetch Object metadata in Google Cloud Storage buckets (0: disabled, max supported: 1000) field under the Google Cloud Platform Configuration tab in the Advanced Settings for this adapter.
    • This field lets you specify the number of objects metadata in GCP Storage buckets to be fetched. Those includes: name, size, and links to objects within each bucket.
    • If supplied, all connections for this adapter will fetch 1000 objects or the specified number, the smallest of the two.
    • If not supplied, all connections for this adapter will not fetch Object metadata in GCP Storage buckets.
    • This new field is optional.
    • The default value for this field is 0.
  • Added a new Fetch SCC findings from the last X days (0: disabled, max supported: 90) field under the Google Cloud Platform Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you specify the number of days SCC findings data to be fetched.
    • If supplied, all connections for this adapter will fetch SCC findings data gathered in the last number of days as specified.
    • If not supplied, all connections for this adapter will fetch SCC findings data gathered in the last 90 days.
    • This new field is optional.
    • The default value for this field is 90.
  • Added a new Custom filter expression for SCC findings field under the Google Cloud Platform Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you specify an expression that defines the filter to apply across assets fetched from SCC.
  • If supplied, all connections for this adapter will apply the specified filter when fetching SCC assets.
  • If not supplied, all connections for this adapter will not apply any filter when fetching SCC assets.
  • This new field is optional.
  • The default value for this field is empty.
    
    
• Microsoft Azure Active Directory (Azure AD) (Advanced Settings) - Added a new Fetch email activity from Office 365 in the last X days field under the Azure AD Configuration tab in the Advanced Settings for this adapter.
  • This new field lets you specify the number of days to fetch email activity per each user.
  • This new field is required.
  • The default value for this field is 0.
  NOTE

  In order to use this new field the application permissions in Microsoft Azure Portal must include the following permissions:

  • reports.Read.All

• Qualys Cloud Platform (Advanced Settings) - Added a new Fetch Asset Groups field under the Qualys Configuration tab in the Advanced Settings for this adapter.
  • This new field lets you specify whether to fetch Asset Groups.
  • If enabled, all connections for this adapter will fetch Asset Groups.
  • If disabled, all connections for this adapter will not fetch Asset Groups.
  • This new checkbox is required.
  • The default value for this checkbox is False.
    
    
• SolarWinds Network Performance Monitor (Advanced Settings) - Added a new CIDR exclude list field under the SolarWinds Configuration tab in the Advanced Settings for this adapter.
  • This new field lets you specify a comma-separated list CIDR blocks.
  • If supplied, all connections for this adapter will not fetch devices with an IP address that is in the range of any of the comma-separated list of CIDR blocks that have been defined in this field.
  • If not supplied, all connections for this adapter will fetch any device from SolarWinds.
  • This new field is optional.
  • The default value for this field is empty.
    
    
• Windows Server Update Services (WSUS) - This adapter now also fetches downstream computer targets.
  
  

Dashboard Updates

The following updates have been made to the Axonius Dashboard:

• Charts Color Palette - Multiple enhancements:

  • Modified the charts color palette.
  • Added a new color selection field to the following charts:
    • Query Intersection (pie chart)
    • Query Comparison (pie and bar charts)
    • Field Segmentation (bar chart)
    • Query Timeline
    • Matrix data (stacked bar chart)

  

  

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

• Enforcement Set Page - Multiple enhancements:
  • Moved the Enforcement Set Name field under the Main Action dialog.
  • Add Action dialog - Multiple enhancements:
    • Modified the Save button under the Add Action dialog and under the Trigger dialog.
      • This button lets you save the configured action and the configured enforcement set.
    • Added a new Clear button.
      • This new button lets you undo any unsaved changes of a newly configured action/trigger.
    • Added a new Edit button.
      • This new button lets you edit a configured action or the Trigger.
    • Added a new Delete button.
      • This new button lets you delete a configured action or remove the configured Trigger.
    • Added a new Cancel button.
      • This new button lets you undo any unsaved changes of an edited configured action/trigger.
  • Modified the Trigger and the Success / Failure / Post Actions buttons to be disabled until the Main Action is configured.
  • The Save & Exit button has been removed as the enforcement set is also saved and updated when any action is saved.
  • The Save & Run button has been renamed to Run to make it clear it only runs the configured enforcement set and does not save it.
    • The Run button is enabled only when following conditions are met:
      • The Main Action and the Trigger are configured.
      • The Main Action is not being edited.
      • The Trigger is not being edited.
      • Success / Failure / Post Actions are not being edited or created.

New Actions

The following Actions have been added:

• Add IPs to Rapid7 InsightVM Site - Added a new enforcement action called Add IPs to Rapid7 InsightVM Site under the Update VA Coverage category.
  • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table), and adds the IP addresses of those entities to an existing Rapid7 InsightVM site.
  • A site is a collection of assets that are targeted for a scan.
    
    

Updated Actions

The following Actions have been enhanced:

• Send Email - Added a new Email to include custom message only checkbox to the Add Action dialog for this action.
  • This new checkbox lets you select whether to include the Axonius email template in the sent email.
  • If enabled, the email being sent will not include the Axonius email template. It will only include the specified custom message.
  • If disabled, the email being sent will include the Axonius email template.
  • This new checkbox is required.
  • The default value for this checkbox is False.
    
    
• Create Cherwell Incident - Added a new Additional fields field to the Add Action dialog for this action.
  • This new field lets you specify additional fields to be added as part of the incident as key/value pairs in a JSON format. For example: {"field1": "value1", "field2": "value2"}.
  • If supplied, Axonius will add the specified fields and values to the created incident. If one of the specified fields is invalid, the request might fail.
  • If not supplied, Axonius will not add any additional fields to the created incident.
  • This field is optional.
  • The default value for this field is empty.

Device and User Tables Interface Updates

The following updates have been made to the device and user tables related capabilities in Axonius:

• Device Profile - Multiple enhancements:
  • Added a new Adapter Connections column to all Aggregated Data tables (e.g. Installed Software, Vulnerable Software and more) under the Aggregated tab in the Device Profile page.
    • This column lets you identify the source for each row in each of the Aggregated Data tables.
  • Modified the order of the adapters under the Adapter Connections tab to be sorted alphabetically.

Activity Logs Updates

The following updates have been made to the Activity Logs related capabilities in Axonius:

• Filters - Added a new date range picker to the Activity Logs page.
  • This new date range picker lets you select two dates that determine the date range for which activity logs events will be displayed.
  • To include specific times in the supplied date range, in the date range picker, click Select Time.
  • To filter activity logs only for a specific date, select the same date twice.