Axonius Documentation
  1. Asset Cloud
  2. Exposures
  3. Security Findings

Security Finding Rules - Overview

Security Finding Rules are a mechanism used to define and manage cyber threats and exposures that are not addressed by traditional vulnerability identifiers, such as CVEs. These assets are identified based on their specific organizational policy, which is assessed against granular entities in your environment, such as users or devices. This mechanism provides security and IT operations teams with the ability to manage and address a broader range of risks, and helps move past the singular focus on finding CVE-based vulnerabilities.

How Security Finding Rules Benefit Different Teams

  • Security Engineers and Vulnerability Managers - This feature helps cut through a "flood of alerts" by focusing on the most critical risks. This allows for a security posture tailored to organizational policies and regulatory needs.
  • Security Leaders (CISO/CIO) - This feature provides access to a centralized "hub" of their security posture, which helps understand the organization's prominent risks and ensure the company is addressing those risks effectively.
  • Technical Security Staff and IT Teams - This feature helps automate data gathering and threat discovery. By defining non-vulnerability exposures clearly, it helps prevent misalignment between security and IT teams regarding specific threats, thus allowing faster fixes.

You can interact with Security Finding Rules in the following ways:

Exposures Customers:

  • Adoption: Fully adopt an Axonius-defined rule and monitor its connection to assets in the environment for mitigation.
  • Fine-Tuning: Duplicate an Axonius-defined rule and change specific values (for example - the number of days for a password expiration) to customize it based on specific organizational policy.
  • Independent Creation: Define a fully customized rule based on the following components: a user-built query, a selected asset type, and a defined Exposure category.

Axonius Cyber Assets Customers:

  • Independent Creation only.

Example Use Case: Identity & Access Management

One of the key problems this feature helps solve is the high volume of entities and threats to track across the Identity & Access Management domain.

The problem: A security engineer needs to track users, admins, and other roles in the organization holding different authentication and authorization policies. Some of these users hold critical roles such as admins.

The solution: Engineers can create a new, custom rule under the Identity & Access Management category. This rule is based on a query that identifies admins with an expired password. The system translates this policy violation into an Axonius Security Finding asset, providing a count of affected assets (admin users) and a unique ID for each of them. This facilitates a centralized process of tracking, prioritizing, and linking to mitigation efforts.

See Managing Security Finding Rules for information on how to create, edit, and manage rules on your Axonius environment.

Updated 1 day ago