Global Settings

• Proxy enabled (required, default: switched off) - Select whether to use a proxy for the Axonius machine, if a proxy service exists in your environment.
  • If switched on, you need to configure the proxy address and port (default is 8080), and user name and password as optional fields for proxy services, if required.
  • Choose whether to verify the SSL certificate of the server. By default, the Verify SSL checkbox is selected.

• Axonius external URL (optional, default: switched off) - An external URL to be part of every link to the system.
  • If switched on, configure the host name or IP address (without http:// or https://) to be used for links re-directing to the system in:
    • Reports
    • Reset password links
    • Emails
    • Enforcement actions under the following categories:
      • Notify
      • Create Incident
  • If switched off, all links re-directing back to the system will use the host name or IP address the user has used to access the Axonius node.

• Enforce password complexity (required, default: switched off) - Select whether to configure and to enforce password complexity for new/changed Axonius user accounts defined passwords.
  
  

  If switched on, specify the following parameters:

  • Minimum password length (required, default: 10) - Specify the minimum password length for a defined password. The specified value must be equals or greater to the sum of the rest of the fields.
  • Minimum lowercase letters required (optional, default: 1) - Specify the minimum lowercase letters required for a defined password.
    • If supplied, new/changed Axonius user accounts defined passwords must include at least the specified numbers of lowercase letters.
    • If not suppled, new/changed Axonius user accounts defined passwords do not have to include any lowercase letter.
  • Minimum uppercase letters required (optional, default: 1) - Specify the minimum uppercase letters required for a defined password.
    • If supplied, new/changed Axonius user accounts defined passwords must include at least the specified numbers of uppercase letters.
    • If not suppled, new/changed Axonius user accounts defined passwords do not have to include any uppercase letter.
  • Minimum numbers required (optional, default: 1) - Specify the minimum numbers required for a defined password.
    • If supplied, new/changed Axonius user accounts defined passwords must include at least the specified amount of numbers.
    • If not suppled, new/changed Axonius user accounts defined passwords do not have to include any number.
  • Minimum special characters required (optional, default: 0) - Specify the minimum special characters required for a defined password.
    • If supplied, new/changed Axonius user accounts defined passwords must include at least the specified amount of special characters.
    • If not suppled, new/changed Axonius user accounts defined passwords do not have to include any special character.
    • Special characters refer to the following list: ~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/

If switched on, when a user wants or needs to change their password, the password complexity requirements are displayed. For example, changing user password from the Manage Users page.

• Reset password link expiration (hours) (required, default: 48) - The number of hours which the reset password link will be valid until it expires.

• Enable Brute force protection (required, default: switched on) - Select whether to enforce rate limit on user login and on Changing user account password.
  
  
  Axonius uses fixed window with elastic expiry strategy for rate limiting. This strategy helps circumvent bursts.
  Example - 10/minute rate limit is configured:

  • If the user login is attacked at the rate of 10 hits for 1 minute - the attacker will be locked out of the resource for 1 minute after the last hit.
  • If the user login is attacked at the rate of 1 hit per second for 1 minute (total of 60 hits) - after passing the first 10 hits (after 10 seconds), the attacker will be locked out of the resource for 1 minute. Since the attacker continues with additional attempts, each attempt after the rate limit is exceeded, will increase the lock out by the relative impact of a single hit on the defined window size. In the example, each hit increases the lock out by additional 6 seconds (60 seconds / 10 hits = 6 seconds per hit).
    
    

  If switched on, specify the following parameters:

  • Maximum attempts (required, default: 20) - Specify the maximum number of attempts allowed.
    Note:

    both GET and POST requests are considered as attempts.

  • Window size in minutes (required, default: 5) - Specify the number of minutes to define a window size for the attempts allowed.
  • Lock Type (required, default: IP address) - Select between IP Address or User name.
    • User login rate limit is always done per IP Address.
    • Changing user account password rate limiting can be done by either IP address or by the user name.
    Note:

    When a specific user name is locked, Axonius also locks the IP address associated with the session of that user name.

• Enable password expiration (required, default: switched off) - Select whether to enforce password expirations that will apply to all users in the system.
• Password expiration (days) (required, default: 90) - The number of days from the last password change that passwords will expire. Users with expired passwords will be required to change their password when logging in.

• Use Password Manager (required, default: switched off) - Select whether to use password manager integration and allow Axonius to securely pull privileged credentials from the password manager defined.
  Configuring a password manager enables you to manage the passwords used for adapters and enforcement actions using the password manager configured. When you enable and configure a password manager, this does not make any immediate change to your configured adapters or Enforcement Actions. An icon is displayed in the credential fields of the adapters or Enforcement Actions so that users can enter credentials using the password manager according to their company guidelines.
  • Password Manager (required, default: AWS Secrets Manager) - Select the password manager for the integration. You can choose more than one password manager:
    • AWS Secrets Manager
    • Akeyless Vault
    • Azure Key Vault
    • BeyondTrust Privileged Identity
    • Beyond Trust Password Safe
    • Click Studios Passwordstate
    • CyberArk Vault
    • HashiCorp Vault
    • Thycotic Secret Server

When you choose more than one password manager, the system lets you choose which password manager to use in the password field.

AWS Secrets Manager

To use AWS Secrets Manager

1. Toggle on AWS Secrets Manager
2. Specify the following parameters to fetch secrets from AWS Secrets Manager:
   • Region Name (required) - Specify the region name for a specific region.
   • AWS Access Key ID (required) - Provide AWS Access Key ID.
   • AWS Access Key Secret (required) - Provide AWS Access Key Secret.

• To fetch secrets from AWS Secrets Manager, you must have the following permissions:
  • secretsmanager:GetSecretValue
  • kms:Decrypt - required only if you use a customer-managed AWS KMS key to encrypt the secret. You do not need this permission to use the account's default AWS managed CMK for Secrets Manager.

For more details about AWS Secrets Manager configuration and guidelines, see AWS Secrets Manager Integration.

Akeyless Vault

To use Akeyless Vault
Axonius pulls credentials from the Akeyless Vault. Follow Akeyless Vault configuration guidelines,

1. Toggle on Akeyless Vault
2. Specify the following parameters:
   Akeyless Domain (required) - The URL or IP address of the Akeyless Vault server.
   Port (optional) - The port the Akeyless Vault listens to 8080/443.
   Akeyless Access ID (required) - An ID for Akeyless
   Akeyless Access key (required) - The key used to unseal the vault.
   Refer to Akeyless API Key for details of how to generate the Access ID and Key

Azure Key Vault

To use Azure Key Vault
Axonius pulls credentials from the Azure Key Vault. Follow Azure Key Vault configuration guidelines,

1. Toggle on Azure Key Vault
2. Specify the following parameters:
   • Client ID (required) - The Application ID of the Axonius application.
   • Client Secret (required) - Specify a non-expired key generated from the new client secret.
   • Tenant ID (required) - Microsoft Azure Tenant ID.

BeyondTrust Privileged Identity

To use BeyondTrust Privileged Identity
Axonius pulls credentials from BeyondTrust Privileged Identity.

1. Toggle on BeyondTrust Privileged Identity
2. Specify the following parameters:
   • Hostname (required) - The hostname or IP address of the BeyondTrust Privileged Identity server.
   • Login type (required) - The login type of the authentication. Valid values:
     NativeStaticAccount (Privileged Identity explicit accounts) or FullyQualifiedAccount.
   • Username and Password (required) - the credentials for the user account

BeyondTrust Password Safe

Axonius pulls credentials from BeyondTrust Password Safe.
To use BeyondTrust Password Safe

1. Toggle on BeyondTrust Password Safe
2. Follow BeyondTrust Password Safe configuration guidelines, and specify the following parameters:
   • BeyondTrust Domain (required) - The hostname or IP address of the BeyondTrust Password Safe server.
   • API Token (required) - The API key configured in BeyondInsight for the application.
   • Username - The username of a BeyondInsight user who has been granted permission to use the API key.

• Password - The relevant password.

  Click Studios Passwordstate

To use Click Studios Passwordstate
Axonius pulls credentials from the Click Studios Passwordstate. Follow Click Studios Passwordstate configuration guidelines,

1. Toggle on Click Studios Passwordstate
2. Specify the following parameters:

• PasswordState Domain (required) - The domain for the PasswordState password manager.
• API Key (required) - The key needed to authenticate the PasswordState request. Get the API Key by generating an API Key for the password list on Passwordstate. If you are using more than one password list, then you should generate a 'System Wide API Key'.

CyberArk Vault

To use CyberArk Vault
Axonius uses CyberArk’s Application Access Manager (AAM) to pull credentials from the CyberArk Vault.

1. Toggle on CyberArk Vault

2. Follow CyberArk integration configuration guidelines, and specify the following parameters:

   • CyberArk Domain (required) - The base URL of the Central Credential Provider (CCP).
   • Port (required) - The port the Central Credential Provider (CCP) is listening to.
   • Application ID (required) - The Application ID which identifies the Axonius application created in CyberArk.
   • Certificate key (PEM format) (optional) - The certificate (PEM format) which will be authenticated against the Certificate Serial Number defined on the Application.
   • Tunnel Name - Select the tunnel through which to connect to the CyberArk Vault when working with Axonius-hosted (SaaS).

HashiCorp Vault

To use HashiCorp Vault
Axonius pulls credentials from the HashiCorp Vault. Follow HashiCorp Vault integration configuration guidelines,

1. Toggle on HashiCorp Vault
2. Specify the following parameters:
   • HashiCorp Vault Domain (required) - The URL or IP address of the HashiCorp Vault server.
   • Secrets Engine (required, default Cubbyhole) - Set the secrets engine, either KV Version 1, KV Version 2, Cubbyhole or Active Directory.
   • Port (required, default 8200) - The port the HashiCorp Vault listens to.
   • Token (required) - The token for authentication.
   • Unseal key (optional) - The key used to unseal the vault.

Thycotic Secret Server

To use Thycotic Secret Server
Follow Thycotic Integration configuration guidelines,

1. Toggle on HashiCorp Vault

2. Specify the following parameters:

   • Thycotic Secret Server URL (required)
     • For on-prem Thycotic Secret Server, needs to be in the following format: https://<hostname>/SecretServer (e.g., https://demo-server/SecretServer)
       * For cloud Thycotic Secret Server, needs to be in the following format: https://<tenant>.secretservercloud.com (e.g., https://mycompany.secretservercloud.com)
   • Username and Password (required) - The credentials of a local Thycotic user with read-only permissions for the secrets.
   • Port (optional, default: 443)
     • If supplied, the port specified will be used for the connection.
       * If not supplied, default 443 for https URL or if http/https not supplied in URL, default 80 for http URL.
   • Verify SSL (required, default: false) - Select whether to verify the SSL certificate offered by the value supplied in Thycotic Secret Server URL. For more details, see SSL Trust & CA Settings.

• Send emails (required, default: switched off) - Select whether to use an Email server. A configured Email server is a prerequisite before you can configure an email notification as part of a configured Enforcement Set or configuring a report to be sent via mail.

  • Define the Email host name and Port.
  • SMTP Authentication Type - Select the SMTP Authentication type, either Password Authentication, or OAuth2 Authentication.

Password Authentication

When you choose Password Authentication you can configure a User name and Password (optional).

OAuth2 Authentication

When you choose OAuth2 Authentication set the following:

• OAuth Authentication email - The email for which the OAuth token was created.
• OAuth client ID - Standard OAuth parameter
• OAuth client secret - Standard OAuth parameter
• OAuth refresh token - The derived value of creating active tokens from Client ID and Secret ID (Procedure is standard)
• OAuth URL - The URL to authenticate with and which generates the Access tokens, for example:
  • Microsoft AD:

            https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

• Google:

             https://accounts.google.com/o/oauth2/token

Microsoft Azure AD Permissions
You need to grant the following permissions

General Email Configuration

• Configure if the connection will be unencrypted, verified or unverified. If you select the Verified or Unverified options, you need to provide the SSL CA, certificate and private key files.
  • Define the Sender Address for all mails sent by Axonius. If empty, the sender address will be 'system@axonius.com'.
  • Compress email attachments (default, false) - select this option to compress email attachments. This affects email attachments sent from reports, and email attachments sent as part of the Send email Enforcement Set action.
  • When this feature is activated email attachments are sent as one compressed attachment in zip format.
  • If this feature is not activated all email attachments are not compressed, and are sent as separate files.

• Use Syslog (required, default: switched off) - Select whether to use a Syslog server.
  If switched on, define Syslog Host name, Protocol and Port (optional). You can configure an SSL connection and upload certificates as required.

• Extra headers around message (JSON format) (optional, default: empty) - Use this setting to add a JSON formatted string that can be added to the HTTPS Log JSON thus enabling efficient integration with tools that accept input of JSON. The input should appear as follows:

   {"index": 12345, "sourcetype": "_json"}
  

You can configure more than one Syslog server.

• Click to add an additional syslog server; another Syslog section opens.
• Make sure you fill in all the parameters correctly.
• Click to remove a Syslog server.

Syslog Settings must be switched on to use the Send to Syslog Server action.

When Syslog Settings is active, all log entries shown in the Activity Logs module are sent to the configured Syslog server, Examples of events sent include:

• Login
  • Sent on success or failure of each login attempt.
  • Entries include the supplied user name and the result.
• Discovery cycle phase
  Sent on the beginning and ending of each discovery cycle phase.
• Adapter connection failures
  • Sent when an adapter connection fails to connect using the supplied configuration.
  • Entries include the adapter name, ID of the node running the adapter, and connection error.
• Adapter connection fetches
  • Sent when a fetch is finished if the "Notify on Adapters" setting is enabled.
  • Entries include the number of assets fetched and how long the fetch took.
• Adapter connection asset cleanup
  • Sent when an adapter decides to remove assets due to the configuration defined in Advanced Settings.
  • Entries include the number of assets removed.
  • To learn more, see: Adapter Advanced Settings.

In addition, low disk space notifications are also sent to the configured Syslog server.

• Use HTTPS logs (required, default: switched off) - Select whether to use an HTTPS logs server.

This setting must be switched on if you want to use the Send to HTTPS Log Server action.

When Use HTTPS logs is activated, all log entries shown in the Activity Logs module are sent to the configured HTTPS log server.
When you use HTTPS logs, define HTTPS logs host, Port (optional) and the HTTPs proxy (optional).

• Authorization header - An authorization header to be used for authentication with the log server.
  Example value: “Basic AaBbCc123456”

• Extra headers around message (JSON format) (optional, default: empty) - Use this setting to add a JSON formatted string that can be added to the HTTPS Log JSON thus enabling efficient integration with tools that accept input of JSON. The input should appear as follows:

   {"index": 12345, "sourcetype": "_json"}
  

• Max retries (optional, default = 3) - The maximum number of retries to perform if connection to the HTTPS logging server is not successful.

• Backoff for retries in seconds (optional, default = 0.5) - The number of seconds to wait between retries, using exponential backoff. (By default, the wait between retries is 0.5s, 1s, 2s.)

• Use Atlassian Opsgenie *(required, default: switched off) - Select whether to use Atlassian Opsgenie server.

If switched on, specify the following:

• Opsgenie API domain (required, default: https://api.opsgenie.com/) - Specify the Opsgenie API URL. If using the EU instance of Opsgenie, the URL needs to be https://api.eu.opsgenie.com for requests to be executed.

• API key (required) - API key generated from the Opsgenie console.
  To add an API key:

  1. Navigate to Settings page >> App Settings >> API Key Management.
     

  2. Click Add New API Key.

  3. Enter a name for the API key and select the following access rights to give to this API key:

     • Read - Can read the alerts, incidents, and configurations.
     • Create/Update - Can create new alerts, configurations and incidents, and update them.
       

  4. Click Add API Key to save the new API key.
     For more details, see Atlassian Opsgenie - API Key Management.

• Verify SSL (required, default: false) - Select whether to verify the SSL certificate offered by the value supplied in Opsgenie API domain. For more details, see [SSL Trust & CA Settings]((/docs/certificate-settings#ssl-trust-ca-settings).

• HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Opsgenie API domain.

  • If supplied, Axonius will utilize the proxy when connecting to the value supplied in Opsgenie API domain.
  • If not supplied, Axonius will connect directly to the value supplied in Opsgenie API domain.

If the Use Atlassian Opsgenie setting is switched on, Adapter connection failures will create alarms in the configured Opsgenie server. The alarm will include the adapter name, ID of the node running the adapter, and connection error.

• Use Jira (required, default: switched off) - Select whether to use a Jira server. This is a prerequisite to configure an Enforcement Set with a Create Jira Issue and Create Jira Issue Per Entity enforcement actions.
  
  
  To integrate Axonius with Jira, you need to do the following :

  1. Create a user in your Atlassian site with access to Jira. The user should be part of the most basic group which is jira-software-users.

  

  2. Log in to Jira using the created user and generate an API token.
     For cloud based Atlassian sites, use the following URL to generate an API token: https://id.atlassian.com/manage/api-tokens#

  

  3. Under the Global Settings, specify the Jira domain, User Name and API Key.
  4. It is also possible to use an Authentication Token instead of the User Name and API Key. Obtain the Authentication Token from the account. Refer to Using Personal Access Tokens for information about obtaining the Authentication Token.
  5. Choose whether the assignee name or ID to be used in Assignee fields.
  6. Choose whether to verify the SSL certificate of the server. By default, the Verify SSL checkbox is unselected.

• Notifications email address (optional, default: empty) - Configure a comma-separated list of email addresses to receive an email:
  • When there is a connection issue with any of the adapter connections. The email contains a table of affected adapters with relevant details.
  • When a node has not communicated for over 3 hours.
  • When the available free disk space is below the limited defined (If configured).
• Notifications webhook address (optional, default: empty) - Configure webhook URL to receive a message. The message sent is as same as the message included in the email.
  • When there is a connection issue with any of the adapter connections.
  • When the available free disk space is below the limited defined (If configured).
• Enable notifications for low disk space (percentage %) (required, default: switched off)
  • When switched on, the system will monitor the available free disk space percentage for all nodes and will create critical or warning notifications based on the following settings:
    • Critical notifications: notify when free disk space is below (percentage %) (optional, default: 5)
      • If supplied, the system will create a critical notification when the available free space percentage is below the percentage supplied.
      • If not supplied, the system will not create a critical notification based on available free space percentage.
    • Warning notifications: notify when free disk space is below (percentage %) (optional, default: 10)
      • If supplied, the system will create a warning notification when the available free space percentage is below the percentage supplied.
      • If not supplied, the system will not create a warning notification based on available free space percentage.
    • Minimum days between critical notifications (required, default: 1) - the minimum number of days that need to pass since the last time a critical disk space notification based on percentage was created per node.
    • Minimum days between warning notifications (required, default: 7) - the minimum number of days that need to pass since the last time a warning disk space notification based on percentage was created per node.
• Enable notifications for low disk space (GB) (required, default: switched off)
  • When switched on, the system will monitor the available free disk space in GB for all nodes and will create critical or warning notifications based on the following settings:.
    • Critical notifications: notify when free disk space is below (GB) (optional, default: 10)
      • If supplied, the system will create a critical notification when the available free space is below the disk space supplied in GB.
      • If not supplied, the system will not create a critical notification based on available free space in GB.
    • Warning notifications: notify when free disk space is below (GB) (optional, default: 15)
      • If supplied, the system will create a warning notification when the available free space is below the disk space supplied in GB.
      • If not supplied, the system will not create a warning notification based on available free space in GB.
    • Minimum days between critical notifications (required, default: 1) - the minimum number of days that need to pass since the last time a critical disk space notification based on available space in GB was created per node.
    • Minimum days between warning notifications (required, default: 7) - the minimum number of days that need to pass since the last time a warning disk space notification based on available space in GB was created per node.

It is not recommended to change the correlation settings without consulting with your Account Manager.
For more details about correlation settings, contact Axonius Support.

• Enable correlation schedule (required, default: switched off)
  • If switched on, specify the number of hours between asset correlation calculations. Only one correlation can be run at once, meaning, correlation will run as part of each discovery cycle and based on the configured scheduling.
  • If switched off, asset correlation will be calculated as part of the discovery cycle.

• Enable reports generation schedule (required, default: switched off) - Select whether to enable custom scheduling for the generation of reports PDF files.

  • If switched on, specify the number of hours between report PDF file generation. The reports PDF files will be also generated at the end of each discovery cycle.
  • If switched off, reports PDF files will be at the end of the discovery cycle.

• Fetch software vulnerabilities from NVD DB (required, default: true) - Select whether to fetch software vulnerabilities details from the NIST National Vulnerabilities Database (NVD) using Axonius Static Analysis.

• Enrich software vulnerabilities from NVD DB (required, default: true) - Select whether to enrich software vulnerabilities with additional information from the NIST National Vulnerabilities Database (NVD).

  Note:

  If this option is cleared, software vulnerabilities details from NVD are only enriched using Axonius Static Analysis.

• Fetch software vulnerabilities even when the vendor name is unknown

  • If enabled, Axonius fetches vulnerabilities even if the software vendor name is unknown.
  • If disabled, Axonius fetches vulnerabilities only if they include both software and vendor names.

• Enable NVD enrichment proxy settings (required, default: switched off)
  

  Set a proxy to download the NVD database used for NVD enrichment.

  • Toggle on to enable NVD enrichment proxy settings
  • You can set a proxy address and a port. The default port value is 8080

• Don’t create new users from WMI devices - Select this setting so the data enrichment process will not create new users from devices fetched by the WMI adapter.

• Enable device location mapping (required, default: switched off) - Select whether to upload a CSV file that maps between subnets and location.

  • If switched on, use the Device location mapping CSV file file upload control to upload a CSV file with a list of subnets and the respective location.
    • The CSV file must include two columns and headers: (case insensitive):
      • Subnet
      • Either of the following
        • Location
        • Location Name
    • The CSV file support additional optional columns and headers (case sensitive):
      • Location ID
      • Facility Name
      • Facility ID
      • Region
      • Zone
      • Country
      • State
      • City
      • Postal Code
      • Street Address
      • Full Address
      • Latitude
      • Longitude
      • AD SiteName
      • AD SiteCode
      • Site Criticality
      • Site Function
      • Comments
    • The CSV file must be encoded in UTF-8.
  • If switched off, Axonius will not enrich IP addresses with location information.
  • This checkbox is required.
  • The default value for this checkbox is false.

• MAC address metadata enrichment (DeepMac) - Select whether to enrich each MAC address with data from the DeepMac database which adds the Production Date, Manufacturing Country and Device Type.

• Enrich software vulnerabilities from CISA DB (required, default: true) - Select whether to enrich software vulnerabilities details from the CISA Known Exploited Vulnerabilities Catalog via connected adapters.

Use Custom Enrichment to enrich the asset (device or user) data received from adapters, and add columns containing additional useful information. This allows you to add a large number of custom or proprietary fields.

Toggle on Enable custom enrichment to activate Custom Enrichment.

Refer to Custom Enrichment to learn how to work with this feature.

• Maximum adapters to execute asynchronously (required, default: 20) - Define the number of adapters that - as part of discovery cycle - will be executed to fetch asset information in parallel.
• Socket read-timeout in seconds (required, default: 5 seconds) - Define the number of seconds to wait for any initial or existing connection response before reporting a connection timeout. Default value is 5 seconds.
• Convert all hostnames to uppercase (required, default: false) - Define whether starting from the next data fetch, Axonius will convert all fetched hostnames to uppercase, otherwise Axonius leaves fetched hostnames in the format received from each adapter connection.
• Convert all asset names to uppercase (required, default: false) - Define whether starting from the next data fetch, Axonius will convert all fetched asset names to uppercase, otherwise Axonius leaves fetched asset names in the format received from each adapter connection.
• Remove domain from preferred host name (required, default: false) - Select whether to include the domain value in the Preferred Host Name field.
• If enabled, the Preferred Host Name field value will not include the domain value.
• If disabled, the Preferred Host Name field value will include the domain value.
• Set asset name as hostname, if hostname does not exist (required, default: false) - Select whether to set the Host Name field with the Asset Name field value, if no hostname has been fetched for the asset.
  • If enabled, if no hostname has been fetched for an asset, the Host Name field will be set with the Asset Name field value for that asset.
  • If disabled, if no hostname has been fetched for an asset, the Host Name field will remain empty for that asset.
• Calculate preferred fields every X hours (required, default: 6) - Specify the number of hours between each recalculation of preferred fields values.
  • The preferred field displays the most authoritative value for a specific piece of information when there are multiple values for a given asset. For example, the Preferred Host Name field will have the most common host name value out of all the Host Name field values for any given device.
  • The preferred fields values are calculated as part of each global discovery cycle and also every number of hours as specified.
• Remove domain from preferred host name (required, default: False) - Select whether to include the domain value in the Preferred Host Name field.
  • If enabled, the Preferred Host Name field value will not include the domain value.
  • If disabled, the Preferred Host Name field value will include the domain value.
• Preferred OS fields: Ignore the following adapters (comma separated list) - Enter a comma separated list of adapters to exclude from the Preferred_OS. The adapter name is the adapter as it appears in the URL when viewing the adapter in the Axonius URL.
  • Update adapters connections status periodically (every 1:30 hours) (required, default: false) - Select whether to update the status of all the adapter connections every 1:30 hours, otherwise Axonius updates the status of all the adapter connections as part of a discovery cycle.
• Number of enforcement tasks that can run in parallel (required, default: 10) - Specify the number of enforcement tasks that can run simultaneously.
  
  

• Enable base device query caching in the Vulnerability Management module * (default: false)* - Select this option to enable a query optimization feature which may improve performance on the Vulnerabilities Management Module.

• Enable Getting Started with Axonius checklist (required, default: switched on) - Select whether to display the Getting Started with Axonius checklist.

To learn more about the settings required for central core architecture, see Core Node and Central Core Node Configuration.

This section has been moved to the Certificate Settings page

• Enable advanced API settings (required, default: switched off) - Select whether to control and configure the REST API.
• Enable API destroy endpoints (required, default: False) - Control access to the /users/destroy and /devices/destroy endpoints that allow deleting all assets.
  • If enabled, allow access to the destroy endpoints.
  • If disabled, do not allow access to the destroy endpoints.

• Restrict Assignment of non-authorized permissions (required, default: switched off) - Select whether an Administrator user can edit or assign permissions to roles that the administrator does not have themselves.

  • If enabled, users with permissions to create/edit roles can only assign permissions that they themselves have.
  • If disabled, users with permissions to create/edit roles may assign any permissions to roles that they create or edit.
    This includes all permissions when creating and editing roles.
    Refer to Manage Admin Permissions for more information about this capability.

• Add time zone indication to date field names (required, default: false) - Select whether to add a time zone label to date field columns appearing in CSV reports.

• Remote Support (required, default: True) - Allow Axonius to remotely connect to the instance using a Chef agent. Remote support is required to provide continuous updates, maintenance, and troubleshooting. It is strongly recommended to keep this enabled to have the best customer experience.
  If you turn remote support off, you can still allow Axonius to remotely connect to the instance for a predefined number of hours.
• Anonymized Analytics (required, default: True) - Anonymized analytics data will be sent to Axonius. This kind of data consists of errors and exceptions, usage alerts, and more. It is strongly recommended to keep this enabled to have the best customer experience.
• Remote Access (required, default: True) - Remote Access allows Axonius to keep the system updated by providing continuous updates and to speed-up issue resolution time.