Axonius Documentation
  1. Asset Cloud
  2. Exposures

Recommended Actions

Recommended Actions turns complex Security Findings and scattered vulnerabilities into a prioritized to-do list of solutions.

The Recommended Actions page translates fragmented Security Findings into prioritized, executable actions. Based on advanced, AI-powered research, for each defined group of Security Findings, Axonius provides recommendations for either:

  • Remediations - Actions taken to eliminate vulnerabilities that were identified in your environment before attackers can exploit them. Examples: patches, version upgrades
  • Mitigations - Actions taken to reduce the likelihood or impact of a vulnerability being exploited, without fully eliminating the vulnerability itself. Example: Applying stricter access controls.

This allows security teams to move from discovery and prioritization to mobilization.

Recommended Actions Page

To access the Recommended Actions page, from the left navigation menu, select Action Center and then select the Recommended Actions tab.

recommended actions button

In Axonius New Navigation Experience:

  1. Select Action Center from the left navigation menu.
  2. Select Recommended Actions.

For each recommended action, the following details are displayed:

  • Action Type - Remediation or Mitigation.
  • Action Sub Type - The specific action to perform: upgrading a software, applying a specific policy, etc.
  • Software Name - The specific software affected by this action.
  • Affected Assets - The total number of assets affected by this action.
  • Lists of specific Security Findings (Aggregated or not) affected by this action, including how many Critical Security Findings are affected.
  • Remediation Owners - Each recommended action is associated with a group of Security Findings that can be under the responsibility of different remediation owners, based on its specific attributes. See Remediation Ownership for more details.

Action Drawer

Click on a recommended action row in the table to view its details in a separate drawer. Learn more about this action, the assets it affects, and how executing it helps improve your overall security posture.

The Action Drawer includes an Overview with basic details and an AI Recommended Action Plan, composed by AI-powered research performed by Axonius. This plan lists detailed Execution Steps and Verification Steps you need to follow to apply this fix. If a different action is required for different environments or operating systems - each option is listed in separate tabs as in the following example:

action plan for Windows actino plan for Ubuntu

In addition to the Overview tab, the Action Drawer also includes the following tabs:

  • Security Findings - A list of all Security Findings affected by this action.
  • Affected Devices - A list of all Devices affected by this action.

You can open each of these lists in their corresponding Assets page.

Creating an Incident or Ticket

You can create a ticket/incident in a third-party ticketing system directly from an Action Drawer.

create ticket

See Asset Actions for a step-by-step guide on how to create a ticket. When you finish, the ticket is available from the Tickets page.

You can also create a ticket and perform additional actions directly from the Recommended Actions table. See Asset Actions for all the options available from the table.

table actions

Viewing a Security Finding's Available Actions

Go to a specific Security Finding profile page to view the actions available to remediate or mitigate it. Select Available Actions from the left navigation menu of the profile page to see the action details:

  • Action type and sub type
  • Is recommended - The Available Actions table can contain more than one action, however, to balance between your stability and security needs, only one of them is marked by Axonius as "recommended" (Is Recommended = Yes).
  • Is Earliest Fix Version - To ensure maximum stability, Axonius indicates whether a software upgrade version is the earliest that remediates the Security Finding.
📘

Note

Since the recommendations are generated using AI (based on publicly available sources), we strongly recommend reviewing the references independently before execution.

In some cases, not all vulnerable software affected by a certain vulnerability is accurately reported. When that happens, Axonius displays available actions for all the products affected by this vulnerability, and you can select the one used on this specific device.

In other cases, the correct vulnerable software is reported, but not the specific version affected. When this happens, Axonius displays the latest minor versions (out of multiple major versions) that offer vulnerability remediation.

Updated 1 day ago