Axonius Static Analysis

New
  • Updated on May 6, 2025
  • Published on May 5, 2025
  • 1 minute(s) read
Prev Next

Axonius Static Analysis identifies Common Vulnerabilities and Exposures (CVEs) within the installed software reported by adapters. To achieve this, Axonius leverages Common Platform Enumerations (CPEs) and the National Vulnerability Database (NVD). The process includes the following steps:

StaticDiagram

  1. Axonius maps every installed software on each device.
  2. Based on the data extracted from adapter reports, Axonius collects information on each installed software, normalizes and deduplicates the data, to extract the software's name, vendor and version.
  3. Axonius converts the normalized data into the calculated CPE of the installed software.
  4. Axonius sends the CPE to NVD to identify all CVEs associated with it.
  5. Based on the information received from NVD, Axonius lists all CVEs associated with the software installed on each device. Any CVE found in NVD that matches the generated CPE is reported as Static Analysis Findings in Axonius. Such assets have the Axonius Static Analysis icon StatisAnalysisicon.png under the Adapter Connection column.
  6. Vulnerability Instances assets are created based on the connection made between CVEs and Devices.

Device Count

Enabling Axonius Static Analysis

To enable Axonius Static Analysis in the system settings:

  1. From the System Settings page, select Enrichment.
  2. Enable Fetch software vulnerabilities from NVD DB.