Global Settings
  • 09 Jun 2022
  • 26 Minutes to read
  • Dark
    Light
  • PDF

Global Settings

  • Dark
    Light
  • PDF

Use the Global Settings page to set options that have system-wide impact.

To open the Global Settings, from the top right corner of any page, click image.png . The System Settings page opens. Then click the Global Settings tab.

The Global Settings consist of the following options, none of which are selected by default:

Proxy Settings

image.png

Note:

Proxy Settings are not applicable for Axonius-hosted (SaaS) customers.

  • Proxy enabled (required, default: switched off) - Select whether to use a proxy for the Axonius machine, if a proxy service exists in your environment.
    • If switched on, you need to configure the proxy address and port (default is 8080), and user name and password as optional fields for proxy services, if required.
    • Choose whether to verify the SSL certificate of the server. By default, the Verify SSL checkbox is selected.

System External URL

image.png

Note:

System External URL setting is not applicable for Axonius-hosted (SaaS) customers.

  • Axonius external URL (optional, default: switched off) - An external URL to be part of every link to the system.
    • If switched on, configure the host name or IP address (without http:// or https://) to be used for links re-directing to the system in:
      • Reports
      • Reset password links
      • Emails
      • Enforcement actions under the following categories:
        • Notify
        • Create Incident
    • If switched off, all links re-directing back to the system will use the host name or IP address the user has used to access the Axonius node.

Password Policy Settings

image.png

Note:

Password Policy Settings are configured by default for Axonius-hosted (SaaS) customers and cannot be changed.

  • Enforce password complexity (required, default: switched off) - Select whether to configure and to enforce password complexity for new/changed Axonius user accounts defined passwords.

    If switched on, specify the following parameters:

    • Minimum password length (required, default: 10) - Specify the minimum password length for a defined password. The specified value must be equals or greater to the sum of the rest of the fields.
    • Minimum lowercase letters required (optional, default: 1) - Specify the minimum lowercase letters required for a defined password.
      • If supplied, new/changed Axonius user accounts defined passwords must include at least the specified numbers of lowercase letters.
      • If not suppled, new/changed Axonius user accounts defined passwords do not have to include any lowercase letter.
    • Minimum uppercase letters required (optional, default: 1) - Specify the minimum uppercase letters required for a defined password.
      • If supplied, new/changed Axonius user accounts defined passwords must include at least the specified numbers of uppercase letters.
      • If not suppled, new/changed Axonius user accounts defined passwords do not have to include any uppercase letter.
    • Minimum numbers required (optional, default: 1) - Specify the minimum numbers required for a defined password.
      • If supplied, new/changed Axonius user accounts defined passwords must include at least the specified amount of numbers.
      • If not suppled, new/changed Axonius user accounts defined passwords do not have to include any number.
    • Minimum special characters required (optional, default: 0) - Specify the minimum special characters required for a defined password.
      • If supplied, new/changed Axonius user accounts defined passwords must include at least the specified amount of special characters.
      • If not suppled, new/changed Axonius user accounts defined passwords do not have to include any special character.
      • Special characters refer to the following list: ~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/

If switched on, when a user wants or needs to change their password, the password complexity requirements are displayed. For example, changing user password from the Manage Users page.

image.png

Password Reset Settings

image.png

  • Reset password link expiration (hours) (required, default: 48) - The number of hours which the reset password link will be valid until it expires.

Password Brute Force Settings

image.png

Note:

Password Brute Force Settings are configured by default for Axonius-hosted (SaaS) customers and cannot be changed.

  • Enable Brute force protection (required, default: switched on) - Select whether to enforce rate limit on user login and on Changing user account password.


    Axonius uses fixed window with elastic expiry strategy for rate limiting. This strategy helps circumvent bursts.
    Example - 10/minute rate limit is configured:

    • If the user login is attacked at the rate of 10 hits for 1 minute - the attacker will be locked out of the resource for 1 minute after the last hit.
    • If the user login is attacked at the rate of 1 hit per second for 1 minute (total of 60 hits) - after passing the first 10 hits (after 10 seconds), the attacker will be locked out of the resource for 1 minute. Since the attacker continues with additional attempts, each attempt after the rate limit is exceeded, will increase the lock out by the relative impact of a single hit on the defined window size. In the example, each hit increases the lock out by additional 6 seconds (60 seconds / 10 hits = 6 seconds per hit).

    If switched on, specify the following parameters:

    • Maximum attempts (required, default: 20) - Specify the maximum number of attempts allowed.
      Note:

      both GET and POST requests are considered as attempts.

    • Window size in minutes (required, default: 5) - Specify the number of minutes to define a window size for the attempts allowed.
    • Lock Type (required, default: IP address) - Select between IP Address or User name.
      • User login rate limit is always done per IP Address.
      • Changing user account password rate limiting can be done by either IP address or by the user name.
      Note:

      When a specific user name is locked, Axonius also locks the IP address associated with the session of that user name.

Password Expiration Settings

image.png

  • Enable password expiration (required, default: switched off) - Select whether to enforce password expirations that will apply to all users in the system.
  • Password expiration (days) (required, default: 90) - The number of days from the last password change that passwords will expire. Users with expired passwords will be required to change their password when logging in.

Enterprise Password Management Settings

PasswordSettingsN

  • Use Password Manager (required, default: switched off) - Select whether to use password manager integration and allow Axonius to securely pull privileged credentials from the password manager defined.
    • Password Manager (required, default: AWS Secrets Manager) - Select the password manager for the integration. You can choose more than one password manager:
      • AWS Secrets Manager
      • Akeyless Vault
      • BeyondTrust Privileged Identity
      • CyberArk Vault
      • HashiCorp Vault
      • Thycotic Secret Server

When you choose more than one password manager, the system lets you choose which password manager to use in the password field.

ChooseMultiplePAss.png

AWS Secrets Manager

image.png

To use AWS Secrets Manager

  1. Toggle on AWS Secrets Manager
  2. Specify the following parameters to fetch secrets from AWS Secrets Manager:
    • Region Name (required) - Specify the region name for a specific region.
    • AWS Access Key ID (required) - Provide AWS Access Key ID.
    • AWS Access Key Secret (required) - Provide AWS Access Key Secret.
  • To fetch secrets from AWS Secrets Manager, you must have the following permissions:
    • secretsmanager:GetSecretValue
    • kms:Decrypt - required only if you use a customer-managed AWS KMS key to encrypt the secret. You do not need this permission to use the account's default AWS managed CMK for Secrets Manager.

For more details about AWS Secrets Manager configuration and guidelines, see AWS Secrets Manager Integration.

Akeyless Vault

AkeylessConfig

To use Akeyless Vault
Axonius pulls credentials from the Akeyless Vault. Follow Akeyless Vault configuration guidelines,

  1. Toggle on Akeyless Vault
  2. Specify the following parameters:
    Akeyless Domain (required) - The URL or IP address of the Akeyless Vault server.
    Port (optional) - The port the Akeyless Vault listens to 8080/443.
    Akeyless Access ID (required) - An ID for Akeyless
    Akeyless Access key (required) - The key used to unseal the vault.
    Refer to Akeyless API Key for details of how to generate the Access ID and Key

CyberArk Vault

image.png

To use CyberArk Vault
Axonius uses CyberArk’s Application Access Manager (AAM) to pull credentials from the CyberArk Vault.

  1. Toggle on CyberArk Vault

  2. Follow CyberArk integration configuration guidelines, and specify the following parameters:

    • CyberArk Domain (required) - The base URL of the Central Credential Provider (CCP).
    • Port (required) - The port the Central Credential Provider (CCP) is listening to.
    • Application ID (required) - The Application ID which identifies the Axonius application created in CyberArk.
    • Certificate key (PEM format) (optional) - The certificate (PEM format) which will be authenticated against the Certificate Serial Number defined on the Application.

HashiCorp Vault

HashiCorpVaule.png

To use HashiCorp Vault
Axonius pulls credentials from the HashiCorp Vault. Follow HashiCorp Vault integration configuration guidelines,

  1. Toggle on HashiCorp Vault
  2. Specify the following parameters:
    • HashiCorp Vault Domain (required) - The URL or IP address of the HashiCorp Vault server.
    • Secret Engine (required, default Cubbyhole) - Set the secret engine, either KV Version 1, KV Version 2 or Cubbyhole.
    • Port (required, default 8200) - The port the HashiCorp Vault listens to.
    • Token (required) - The token for authentication.
    • Unseal key (required) - The key used to unseal the vault.

Thycotic Secret Server

image.png

To use Thycotic Secret Server
Follow Thycotic Integration configuration guidelines,

  1. Toggle on HashiCorp Vault

  2. Specify the following parameters:

    • Thycotic Secret Server URL (required)
      • For on-prem Thycotic Secret Server, needs to be in the following format: https://<hostname>/SecretServer (e.g., https://demo-server/SecretServer)
        * For cloud Thycotic Secret Server, needs to be in the following format: https://<tenant>.secretservercloud.com (e.g., https://mycompany.secretservercloud.com)
    • Username and Password (required) - The credentials of a local Thycotic user with read-only permissions for the secrets.
    • Port (optional, default: 443)
      • If supplied, the port specified will be used for the connection.
        * If not supplied, default 443 for https URL or if http/https not supplied in URL, default 80 for http URL.
    • Verify SSL (required, default: false) - Select whether to verify the SSL certificate offered by the value supplied in Thycotic Secret Server URL. For more details, see SSL Trust & CA Settings.

Email Settings

emailsettings.png

  • Send emails (required, default: switched off) - Select whether to use an Email server. A configured Email server is a prerequisite before you can configure an email notification as part of a configured Enforcement Set or configuring a report to be sent via mail.

    • If switched on, you need to define the Email host name and Port. User name and Password are optional.
    • Configure if the connection will be unencrypted, verified or unverified. If you select the Verified or Unverified options, you need to provide the SSL CA, certificate and private key files.
    • Define the Sender Address for all mails sent by Axonius. If empty, the sender address will be 'system@axonius.com'.
    • Compress email attachments (default, false) - select this option to compress email attachments. This affects email attachments sent from reports, and email attachments sent as part of the Send email Enforcement Set action.
      • When this feature is activated email attachments are sent as one compressed attachment in zip format.

      • If this feature is not activated all email attachments are not compressed, and are sent as separate files.

        Note: If attachments are larger than 10 Megabytes the system notifies you that the email is 'big' (since some systems have a limitation on the size of emails that they can handle).

Syslog Settings

SyslogSettigns.png

  • Use Syslog (required, default: switched off) - Select whether to use a Syslog server.
    If switched on, define Syslog Host name, Protocol and Port (optional). You can configure an SSL connection and upload certificates as required.

  • Extra headers around message (JSON format) (optional, default: empty) - Use this setting to add a JSON formatted string that can be added to the HTTPS Log JSON thus enabling efficient integration with tools that accept input of JSON. The input should appear as follows:

     {"index": 12345, "sourcetype": "_json"}
    

You can configure more than one Syslog server.

  • Click AddIcon.png to add an additional syslog server; another Syslog section opens.
  • Make sure you fill in all the parameters correctly.
  • Click DeletIcon to remove a Syslog server.

Syslog Settings must be switched on to use the Send to Syslog Server action.

When Syslog Settings is active, all log entries shown in the Activity Logs module are sent to the configured Syslog server, Examples of events sent include:

  • Login
    • Sent on success or failure of each login attempt.
    • Entries include the supplied user name and the result.
  • Discovery cycle phase
    Sent on the beginning and ending of each discovery cycle phase.
  • Adapter connection failures
    • Sent when an adapter connection fails to connect using the supplied configuration.
    • Entries include the adapter name, ID of the node running the adapter, and connection error.
  • Adapter connection fetches
    • Sent when a fetch is finished if the "Notify on Adapters" setting is enabled.
    • Entries include the number of assets fetched and how long the fetch took.
  • Adapter connection asset cleanup
    • Sent when an adapter decides to remove assets due to the configuration defined in Advanced Settings.
    • Entries include the number of assets removed.
    • To learn more, see: Adapter Advanced Settings.

In addition, low disk space notifications are also sent to the configured Syslog server.

HTTPS Logs Settings

image.png

  • Use HTTPS logs (required, default: switched off) - Select whether to use an HTTPS logs server.

This setting must be switched on if you want to use the Send to HTTPS Log Server action.

When Use HTTPS logs is activated, all log entries shown in the Activity Logs module are sent to the configured HTTPS log server.
When you use HTTPS logs, define HTTPS logs host, Port (optional) and the HTTPs proxy (optional).

  • Authorization header - An authorization header to be used for authentication with the log server.
    Example value: “Basic AaBbCc123456”

  • Extra headers around message (JSON format) (optional, default: empty) - Use this setting to add a JSON formatted string that can be added to the HTTPS Log JSON thus enabling efficient integration with tools that accept input of JSON. The input should appear as follows:

     {"index": 12345, "sourcetype": "_json"}
    
  • Max retries (optional, default = 3) - The maximum number of retries to perform if connection to the HTTPS logging server is not successful.

  • Backoff for retries in seconds (optional, default = 0.5) - The number of seconds to wait between retries, using exponential backoff. (By default, the wait between retries is 0.5s, 1s, 2s.)

Atlassian Opsgenie Settings

image.png

If switched on, specify the following:

  • Opsgenie API domain (required, default: https://api.opsgenie.com/) - Specify the Opsgenie API URL. If using the EU instance of Opsgenie, the URL needs to be https://api.eu.opsgenie.com for requests to be executed.

  • API key (required) - API key generated from the Opsgenie console.
    To add an API key:

    1. Navigate to Settings page >> App Settings >> API Key Management.
      image.png

    2. Click Add New API Key.

    3. Enter a name for the API key and select the following access rights to give to this API key:

      • Read - Can read the alerts, incidents, and configurations.
      • Create/Update - Can create new alerts, configurations and incidents, and update them.
        image.png
    4. Click Add API Key to save the new API key.
      For more details, see Atlassian Opsgenie - API Key Management.

  • Verify SSL (required, default: false) - Select whether to verify the SSL certificate offered by the value supplied in Opsgenie API domain. For more details, see [SSL Trust & CA Settings]((/docs/certificate-settings#ssl-trust-ca-settings).

  • HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Opsgenie API domain.

    • If supplied, Axonius will utilize the proxy when connecting to the value supplied in Opsgenie API domain.
    • If not supplied, Axonius will connect directly to the value supplied in Opsgenie API domain.

If the Use Atlassian Opsgenie setting is switched on, Adapter connection failures will create alarms in the configured Opsgenie server. The alarm will include the adapter name, ID of the node running the adapter, and connection error.

Jira Settings

JiraSettings.png

  • Use Jira (required, default: switched off) - Select whether to use a Jira server. This is a prerequisite to configure an Enforcement Set with a Create Jira Issue and Create Jira Issue Per Entity enforcement actions.


    To integrate Axonius with Jira, you need to do the following :

    1. Create a user in your Atlassian site with access to Jira. The user should be part of the most basic group which is jira-software-users.

    image.png

    1. Log in to Jira using the created user and generate an API token.
      For cloud based Atlassian sites, use the following URL to generate an API token: https://id.atlassian.com/manage/api-tokens#

    image.png

    1. Under the Global Settings, specify the Jira domain, User Name and API Key.
    2. It is also possible to use an Authentication Token instead of the User Name and API Key. Obtain the Authentication Token from the account. Refer to Using Personal Access Tokens for information about obtaining the Authentication Token.
    3. Choose whether the assignee name or ID to be used in Assignee fields.
    4. Choose whether to verify the SSL certificate of the server. By default, the Verify SSL checkbox is unselected.

Notifications Settings

notifications

  • Notifications email address (optional, default: empty) - Configure a comma-separated list of email addresses to receive an email:
    • When there is a connection issue with any of the adapter connections. The email contains a table of affected adapters with relevant details.
    • When a node has not communicated for over 3 hours.
    • When the available free disk space is below the limited defined (If configured).
  • Notifications webhook address (optional, default: empty) - Configure webhook URL to receive a message. The message sent is as same as the message included in the email.
    • When there is a connection issue with any of the adapter connections.
    • When the available free disk space is below the limited defined (If configured).
  • Enable notifications for low disk space (percentage %) (required, default: switched off)
    • When switched on, the system will monitor the available free disk space percentage for all nodes and will create critical or warning notifications based on the following settings:
      • Critical notifications: notify when free disk space is below (percentage %) (optional, default: 5)
        • If supplied, the system will create a critical notification when the available free space percentage is below the percentage supplied.
        • If not supplied, the system will not create a critical notification based on available free space percentage.
      • Warning notifications: notify when free disk space is below (percentage %) (optional, default: 10)
        • If supplied, the system will create a warning notification when the available free space percentage is below the percentage supplied.
        • If not supplied, the system will not create a warning notification based on available free space percentage.
      • Minimum days between critical notifications (required, default: 1) - the minimum number of days that need to pass since the last time a critical disk space notification based on percentage was created per node.
      • Minimum days between warning notifications (required, default: 7) - the minimum number of days that need to pass since the last time a warning disk space notification based on percentage was created per node.
  • Enable notifications for low disk space (GB) (required, default: switched off)
    • When switched on, the system will monitor the available free disk space in GB for all nodes and will create critical or warning notifications based on the following settings:.
      • Critical notifications: notify when free disk space is below (GB) (optional, default: 10)
        • If supplied, the system will create a critical notification when the available free space is below the disk space supplied in GB.
        • If not supplied, the system will not create a critical notification based on available free space in GB.
      • Warning notifications: notify when free disk space is below (GB) (optional, default: 15)
        • If supplied, the system will create a warning notification when the available free space is below the disk space supplied in GB.
        • If not supplied, the system will not create a warning notification based on available free space in GB.
      • Minimum days between critical notifications (required, default: 1) - the minimum number of days that need to pass since the last time a critical disk space notification based on available space in GB was created per node.
      • Minimum days between warning notifications (required, default: 7) - the minimum number of days that need to pass since the last time a warning disk space notification based on available space in GB was created per node.
Note:

Axonius cloud customers are not required to configure an email server in order to receive notification emails.

Correlation Settings

  • Correlate users by email prefix (required, default: false) - Axonius correlates users based on several criteria, including the user name and email address.

    • If enabled, Axonius correlates users by email prefix only, instead of correlating users by the entire email address. For example, in the email address JohnDoe@CompanyDomain.com, “JohnDoe” is the email prefix.
    • If disabled, Axonius correlates users by the entire email address.
  • Correlate users by AD display name (required, default: true)

    • If enabled, Axonius correlates users also by Microsoft Active Directory (AD) display name.
    • If disabled, Axonius users correlation logic ignores Microsoft Active Directory (AD) display name.
  • Correlate users by user name and domain only (required, default: false) -

    • If enabled, Axonius correlates users by user name and domain only.
    • If disabled, Axonius use its default correlation logic to correlate users.
  • Do not use ServiceNow email for correlation (required, default: False)

    • If enabled Axonius does not use ServiceNow email for correlation
  • Correlate Microsoft Active Directory (AD) and Microsoft SCCM data based on Distinguished Names (required, default: false)

    • If enabled, Axonius only correlates devices from a Microsoft Active Directory (AD) or a from Microsoft SCCM adapter connection by the LDAP object distinguished name only.
    • If disabled, Axonius correlates devices from connections for those adapters based on hostname, serial number, MAC address, IP address and more.
  • Correlate devices by exact hostnames when no MAC and no IPs (required, default: false)

    • If enabled, Axonius only correlates devices based on the exact hostnames, if the device entity does not have any MAC or IP address.
    • If disabled, the Axonius does not correlate devices, if the device entity does not have any MAC or IP address.
  • Correlate ServiceNow adapter based on MAC address only (required, default: false)

    • If enabled, Axonius only correlates assets from ServiceNow adapter connection based on MAC address.
    • If disabled, Axonius correlates assets from ServiceNow adapter connection based on MAC address, hostname and others.
  • Correlate Microsoft Azure AD based on asset name only (required, default: false)

    • If enabled, Axonius only correlates assets from Microsoft Azure AD adapter connection based on asset name.
    • If disabled, Axonius correlates assets from Microsoft Azure AD adapter connection based on several parameters such as MAC address, hostname and others.
  • Correlate Tenable.sc based on MAC addresses even if hostnames contradict (required, default: false)

    • If enabled Axonius correlates Tenable.sc based on MAC addresses even if hostnames contradict
  • Correlate devices based on Tenable agent UUID (required, default: false)

    • If enabled, Axonius only correlates assets from Tenable.sc and Tenable.io adapter connections based on UUID.
  • Correlate ServiceNow users by username only (required, default: false)

    • If enabled, Axonius only correlates assets from ServiceNow adapter connections based on the username.
  • Correlate Cloudfront Distributions to their resources (required, default: false)

    • If enabled, AWS Cloudfront resources are correlated together with their associated resources.
Note:

For more details about these settings, contact Axonius Support.

Correlation Schedule

image.png

  • Enable correlation schedule (required, default: switched off)
    • If switched on, specify the number of hours between asset correlation calculations. Only one correlation can be run at once, meaning, correlation will run as part of each discovery cycle and based on the configured scheduling.
    • If switched off, asset correlation will be calculated as part of the discovery cycle.

Reports Generation Schedule

image.png

  • Enable reports generation schedule (required, default: switched off) - Select whether to enable custom scheduling for the generation of reports PDF files.
    • If switched on, specify the number of hours between report PDF file generation. The reports PDF files will be also generated at the end of each discovery cycle.
    • If switched off, reports PDF files will be at the end of the discovery cycle.

Data Enrichment Settings

DataEnrichN.png

  • Fetch software vulnerabilities from NVD DB (required, default: true)
    • If enabled, Axonius enriches software vulnerabilities details from NIST National Vulnerabilities Database (NVD)
    • If disabled, Axonius does not enrich software vulnerabilities details from NIST National Vulnerabilities Database (NVD)
  • Fetch software vulnerabilities even when the vendor name is unknown (required, default: false)
    • If enabled, Axonius fetches vulnerabilities even if the software vendor name is unknown.
    • If disabled, Axonius fetches vulnerabilities only if they include both software and vendor names.
  • Enable NVD enrichment proxy settings (required, default: switched off)
    Enable NVD.png

Set a proxy to download the NVD database used for NVD enrichment.

* Toggle on to enable NVD enrichment proxy settings
* You can set a proxy address and a port. The default port value is 8080

  • Don’t create new users from WMI devices - Select this setting so the data enrichment process will not create new users from devices fetched by the WMI adapter.
  • Enable device location mapping (required, default: switched off) - Select whether to upload a CSV file that maps between subnets and location.
    • If switched on, use the Device location mapping CSV file file upload control to upload a CSV file with a list of subnets and the respective location.
      • The CSV file must include two columns and headers: (case insensitive):
        • Subnet
        • Either of the following
          • Location
          • Location Name
      • The CSV file support additional optional columns and headers (case sensitive):
        • Location ID
        • Facility Name
        • Facility ID
        • Region
        • Zone
        • Country
        • State
        • City
        • Postal Code
        • Street Address
        • Full Address
        • Latitude
        • Longitude
        • AD SiteName
        • AD SiteCode
        • Site Criticality
        • Site Function
        • Comments
      • The CSV file must be encoded in UTF-8.
    • If switched off, Axonius will not enrich IP addresses with location information.
    • This checkbox is required.
    • The default value for this checkbox is false.
      MAC address metadata enrichment (DeepMac) - Select whether to enrich each MAC address with data from the DeepMac database which adds the Production Date, Manufacturing Country and Device Type.

Custom Enrichment Settings

CustomEnrichment(1)

Use Custom Enrichment to enrich the asset (device or user) data received from adapters, and add columns containing additional useful information. This allows you to add a large number of custom or proprietary fields.

Toggle on Enable custom enrichment to activate Custom Enrichment.

Refer to Custom Enrichment to learn how to work with this feature.

Aggregation Settings

Aggregation Settings.png

  • Maximum adapters to execute asynchronously (required, default: 20) - Define the number of adapters that - as part of discovery cycle - will be executed to fetch asset information in parallel.
  • Socket read-timeout in seconds (required, default: 5 seconds) - Define the number of seconds to wait for any initial or existing connection response before reporting a connection timeout. Default value is 5 seconds.
  • Convert all hostnames to uppercase (required, default: false) - Define whether starting from the next data fetch, Axonius will convert all fetched hostnames to uppercase, otherwise Axonius leaves fetched hostnames in the format received from each adapter connection.
  • Convert all asset names to uppercase (required, default: false) - Define whether starting from the next data fetch, Axonius will convert all fetched asset names to uppercase, otherwise Axonius leaves fetched asset names in the format received from each adapter connection.
  • Remove domain from preferred host name (required, default: false) - Select whether to include the domain value in the Preferred Host Name field.
  • If enabled, the Preferred Host Name field value will not include the domain value.
  • If disabled, the Preferred Host Name field value will include the domain value.
  • Set asset name as hostname, if hostname does not exist (required, default: false) - Select whether to set the Host Name field with the Asset Name field value, if no hostname has been fetched for the asset.
    • If enabled, if no hostname has been fetched for an asset, the Host Name field will be set with the Asset Name field value for that asset.
    • If disabled, if no hostname has been fetched for an asset, the Host Name field will remain empty for that asset.
  • Calculate preferred fields every X hours (required, default: 6) - Specify the number of hours between each recalculation of preferred fields values.
    • The preferred field displays the most authoritative value for a specific piece of information when there are multiple values for a given asset. For example, the Preferred Host Name field will have the most common host name value out of all the Host Name field values for any given device.
    • The preferred fields values are calculated as part of each global discovery cycle and also every number of hours as specified.
  • Remove domain from preferred host name (required, default: False) - Select whether to include the domain value in the Preferred Host Name field.
    • If enabled, the Preferred Host Name field value will not include the domain value.
    • If disabled, the Preferred Host Name field value will include the domain value.
  • Update adapters connections status periodically (every 1:30 hours) (required, default: false) - Select whether to update the status of all the adapter connections every 1:30 hours, otherwise Axonius updates the status of all the adapter connections as part of a discovery cycle.
  • Number of enforcement tasks that can run in parallel (required, default: 10) - Specify the number of enforcement tasks that can run simultaneously.

Getting Started with Axonius Settings

image.png

Data Synchronization Settings

Note:

Data Synchronization Settings are not applicable for Axonius-hosted (SaaS) customers.

To learn more about the settings required for central core architecture, see Core Node and Central Core Node Configuration.

SSL Trust & CA Settings

This section has been moved to the Certificate Settings page

API Settings

  • Enable advanced API settings (required, default: switched off) - Select whether to control and configure the REST API.
  • Enable API destroy endpoints (required, default: False) - Control access to the /users/destroy and /devices/destroy endpoints that allow deleting all assets.
    • If enabled, allow access to the destroy endpoints.
    • If disabled, do not allow access to the destroy endpoints.

Permission Assignment Settings

image.png

  • Restrict Assignment of non-authorized permissions (required, default: switched off) - Select whether an Administrator user can edit or assign permissions to roles that the administrator does not have themselves.
    • If enabled, users with permissions to create/edit roles can only assign permissions that they themselves have.
    • If disabled, users with permissions to create/edit roles may assign any permissions to roles that they create or edit.
      This includes all permissions when creating and editing roles.
      Refer to Manage Admin Permissions for more information about this capability.

Export CSV Settings

Export_CSV_settings

  • Add time zone indication to date field names (required, default: false) - Select whether to add a time zone label to date field columns appearing in CSV reports.

Advanced Settings

image.png

Note:

Advanced Settings are not applicable to Axonius-hosted (SaaS) customers.

  • Remote Support (required, default: True) - Allow Axonius to remotely connect to the instance using a Chef agent. Remote support is required to provide continuous updates, maintenance, and troubleshooting. It is strongly recommended to keep this enabled to have the best customer experience.
    If you turn remove support off, you can still allow Axonius to remotely connect to the instance for a predefined number of hours.
  • Anonymized Analytics (required, default: True) - Anonymized analytics data will be sent to Axonius. This kind of data consists of errors and exceptions, usage alerts, and more. It is strongly recommended to keep this enabled to have the best customer experience.
  • Remote Access (required, default: True) - Remote Access allows Axonius to keep the system updated by providing continuous updates and to speed-up issue resolution time.



First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.