What's New in Axonius 4.7

Release Date: September-18-2022

Axonius version 4.7 includes all of the features and enhancements from all the 4.6 minor releases since version 4.6.8. Read the release notes to learn what's new.

Release Highlights

• Dashboard New Features and Enhancements
• Vulnerability Management New Features and Enhancements
• Role Based Access Control New Features

Ongoing Updates

Check out ongoing updates to Version 4.7
What's New in Axonius 4.7.1
What's New in Axonius 4.7.4
What's New in Axonius 4.7.5
What's New in Axonius 4.7.6
What's New in Axonius 4.7.7
What's New in Axonius 4.7.8

Dashboard New Features and Enhancements

The following new features and enhancements were added to the Dashboards:

Chart Enhancements

Several new features were added to different chart types to provide enhanced visibility.

• Setting Timeline Chart y-axis Min/Max Values

  You can now set the minimum and maximum y-axis values for timeline charts.

  

• Setting Asset Count Threshold Colors
  The capability was added to define asset count thresholds and color code them. This makes it easy to see the current status of the environment. For most chart types, thresholds are set as specific values.

  

  The chart is updated with the configured threshold and color selections.

  

  For pie charts, thresholds are set as percentages. When the returned asset count meets or exceeds a set threshold, the configured color is applied to the chart.

  

  The chart is updated with the configured threshold and color selections.

  

• Comparing Today's Query Results to a Previous Date

  The capability was added to compare the query results for today to a previous date. You can select to compare to a date relative to today or to a fixed date.

  

  Color coding is applied to the asset count change indication to the right of the chart.

• Viewing Query Results from a Historical Date

  The capability was added to view historical query results for a date in the past. You can select to view results for a date relative to today or for a fixed date.

  

Vulnerabilities Queries Supported in Field Segmentation Chart

The capability was added to select saved queries from the Vulnerabilities module in the Field Segmentation chart.

Devices and Users Page New Features and Enhancements

The following new features and enhancements were added to the Devices and Users pages.

• Asset Profile Page Navigation
  Arrows were added to the Device Profile and User Profile pages to easily navigate between query results.

• Complex Objects Can Appear in a Single Column in CSV Files
  Added the capability for complex objects to appear in a single column in CSV files in JSON format. By default, each field in a complex object is split into a separate column in the CSV file.

• Noncompliant CIS Controls Tab
  A new Noncompliant CIS Controls tab was added to the Device Profile and to the Users Profile pages to display CIS benchmark controls for all Devices/Users that are noncompliant. Clicking a benchmark control opens the Rule Details drawer, which displays a detailed description of the benchmark control and its remediation.

New Vulnerabilities Features on the Devices Page

New Vulnerabilities features are reflected on the Devices page

• CISA Known Exploited Vulnerabilities table in the Aggregated tab of the Device Profile page refer to CISA Known Exploited Vulnerabilities table

  • CVE Vector information is now displayed on the Devices page. Refer to New CVE Vector Fields in the Vulnerabilities page for a list of the columns that can be added.

Asset Investigation

• An i icon shows users an indication when the value displayed in the Values Added is the earliest value that Axonius started to track for this field.
• In Asset Investigation the Event Type and Updated Field Value columns were removed.

Limitation:
The following limitations were added to Asset Investigation:
After upgrade you can see “value added” fields when the value had a previous investigation record changes before the upgrade. This situation occurs only for devices with historical changes recorded in Asset Investigation after an upgrade to this version.

Data Refinement

• Refine Data by In/Not In Subnet
  In subnet, not in subnet, operators have been added to Data Refinement for IP address fields. This enables querying devices in subnets and filtering the display to only show a specific range of IP addresses.

Vulnerability Management Module New Features and Enhancements

The following new features and enhancements were added to the Vulnerability Management Module:

Tagging Vulnerabilities

You can now tag vulnerabilities from the Vulnerabilities Management Module page. You can then query tagged vulnerabilities via the Query Wizard.

NVD Enhancements

• Vulnerabilities are now enriched with the following additional NVD information, which is displayed as columns by default on the Vulnerabilities page and on relevant Devices pages:

  • NVD Published Date
  • NVD Modified Date
  • CVE Impact Score
  • CVE Exploitability Score
  • CVSS Vector
  • CWE ID which includes a clickable link to learn more about a vulnerability appearing in the Common Weakness Enumeration (CWE) list and how to remediate it.

• New Columns displayed by default
  The CVE Description and the CVSS Vector are now displayed as default columns.

• New CVE Vector Fields in the Vulnerabilities Page

  • The CVSS Vector information is now displayed on the Vulnerabilities page and subdivided into the following columns, which you can add to the Vulnerabilities page. These columns can also be displayed on the Devices page. CVSS vector fields are populated according to the CVSS vector, i.e. some fields are populated when the vector is 3.X, and others when the vector is 2.0 (and some in both cases)

    • CVE Vector: Access Complexity
    • CVE Vector: Access Vector
    • CVE Vector: Attack Complexity
    • CVE Vector: Attack Vector
    • CVE Vector: Authentication
    • CVE Vector: Availability
    • CVE Vector: Confidentiality
    • CVE Vector: Integrity
    • CVE Vector: Privileges Required
    • CVE Vector: Scope
    • CVE Vector: User Interaction
    • CVE Vector: Version

• Fetch software vulnerabilities from NVD DB

  • The Fetch software vulnerabilities from NVD DB setting has been split into two separate settings:
    • Fetch software vulnerabilities from NVD DB fetches software vulnerabilities details using Axonius Static Analysis.
    • Enrich software vulnerabilities from NVD DB enriches software vulnerabilities with additional information from the NVD DB.

CISA Known Exploited Vulnerabilities

Axonius now enriches vulnerabilities information from your connected adapters with additional details from the CISA Known Exploited Vulnerabilities (KEV) Catalog.

This is indicated in the Vulnerabilities module by the CISA logo. When relevant, CISA information will appear in the Vulnerabilities module and Devices module.

CISA enrichment is enabled by the Fetch software vulnerabilities from CISA DB option in Global Settings, which is selected by default.

A CISA Exploited Vulnerabilities table was added to the Aggregated tab of the Device Profile page. It enhances your detected Common Vulnerabilities and Exposures (CVEs) with additional CISA vulnerabilities information as defined by the CISA catalog.

Query Management New Features and Enhancements

The following new features and enhancements were added to the Queries:

• Default Folder for Saved Queries
  Added pre-defined default folders when saving queries.

• Duplicate Query Added to Actions Dropdown
  A Duplicate option has been added to the Actions dropdown on the Queries page. One query can be duplicated at a time.

• New Filters
  • Added a new Adapter filter to filter queries by adapters that are in use in the query expression.
  • Added a new Used In filter for administrators to filter queries by the components in which they are used.

Query Wizard Enhancements

The following new features and enhancements were added to the Query Wizard:

• Disable / Enable Query Expression
  Added a capability to disable/enable the query expression in a row, and therefore compare the results of a query expression without needing to delete it.

  

• Adapter Connection Label Queries Enhancement

  • Enhancement to Adapter Connection Label field in the Query Wizard to support expressions with the following operators:
    • starts
    • ends
    • regex
    • contains

• Query Tags by Create and Update Date
  Addition of a new Tags Metadata field enables users to query tags by date of creation and date of last update.

• Exists Operator

  • An Exists operator has been added for Boolean fields in the Query Wizard.

• Last Users User email field is now supported in Field Comparison.

• New In Operator

  • It is now possible to add multiple values from an external file by using the new In operator in the Query Wizard. Use the In operator to select multiple values and to copy and paste values from and to the Query Wizard. Support includes dynamic and pre-populated (closed) lists.
  • Limitations:
    • Each In operator can contain a list of up to 2000 values.

  

Reports New Features and Enhancements

The following enhancements were made to reports.

• Change Report Name
  It is now possible to change the name of a report after it has been saved.

• Generate a CSV File
  The capability was added to reports to generate and download a CSV file of query results without having to create an email report.

• Support Vulnerabilities Queries
  The Report Configuration page now has an option to include saved query data from the Vulnerabilities module, in addition to the Devices and Users modules.

  

Adapter Pages and Adapter Interface New Features and Enhancements

The following updates were made to the Adapter pages:

• Adapter Fetch History New Filters

The following new filters were added to the Adapters Fetch History page

• Total Users and Total Devices filters
  Added new Total Users and Total Devices filters on the to identify cases where a fetch retrieves fewer or more assets than expected.

• Duration Filter
  Added a new Adapter Fetch Duration filter to the Adapter Fetch History page.

Fetch Events for Adapter Fetch History

A new Adapter Fetch Events page was added. Use Adapter Fetch Events to view detailed information and investigate the progress of the Adapter Fetch process and various events that occurred during that process. Some adapters fetch multiple asset types (e.g. devices and users) or fetch additional data from various services, such as installed software, vulnerabilities or additional user information. In such cases, the Adapter Fetch process consists of a number of stages. Each stage it has its own status update and potential failures that may impact the overall result of the fetch process.
Events are currently supported for a small number of adapters.

Filter by Instance on Adapters Connections Page

Filter by Instance was added to the Adapter Connections page.

Adapter Error Messages Enhancement

It is now possible to scroll and copy long error messages in the Adapter Connections dialog.

Ingestion Rules Enhancement

• It is now possible to use Ingestion Rules to remove values from a field.
• Added the capability to add date operations to Ingestion Rules.
• Added the capability to use And between Ingestion Rules to ingest an entity only if all of the rules apply.
• Added the capability to add Remove items to Ingestion Rules.
• Added the capability to use Trim Suffix/Prefix in Ingestion Rules.

Administrator Settings New Features and Enhancements

The following updates were made to various Administrator settings:

Role Based Access Control

• Switch Data Scopes

• Users can switch between multiple data scopes to validate proper data access and activities​. This feature is available as Early Availability.

• Create Dynamic Data Scopes

  • Create and assign Data Scopes based on user attributes (SAML). This feature is available as Early Availability.

Global Settings

• HTTPS Logs Settings
  Added retries in case of failure to connect to the HTTP logging server, with the number of seconds to wait between retries set using exponential backoff.

• OAuth2 Authentication for Email
  Added OAuth2 Authentication for Email Settings.

• Time Zone Indication in CSV Files
  It is now possible to add a timezone indication label to date field columns appearing in CSV files. To enable this functionality, navigate to Global Settings > Export CSV Settings. Then select Add time zone indication to date field names.

Enterprise Password Manager Settings

• Akeyless Secrets Manager

  • Added Akeyless Secrets Manager as a new option to the Password Manager field under the Enterprise Password Management Settings section.
    • The integration between Axonius and Akeyless Secrets Manager enables Axonius to securely pull privileged credentials from Akeyless Secrets Manager. The integration helps ensure that privileged credentials are secured in the Akeyless Secrets Manager, rotated to meet company guidelines, and meet complexity requirements.

• HashiCorp Vault

  • HashiCorp Vault now supports Active Directory as a secrets engine.

• Azure Key Vault

  • Added Azure Key Vault as a new option to the Password Manager field under the Enterprise Password Management Settings section. The integration between Axonius and Azure Key Vault enables Axonius to securely pull privileged credentials from Azure Key Vault. The integration helps ensure that privileged credentials are secured in the Azure Key Vault, rotated to meet company guidelines, and meet complexity requirements.

SSH Support for added to Central Core Backup and Restore

Added a capability to backup and restore the central core to servers that support SSH.

Cloud Asset Compliance New Features and Enhancements

The following updates were made to Axonius Cloud Asset Compliance:

• The Results (Failed/Checked) column is now divided into separate Failed Results and Passed Results columns to enhance the user experience.

• The Affected Devices/Users column has been renamed Noncompliant Assets.

• Added the Profile Applicability column, which shows whether the CIS control is Level 1 (basic security) or Level 2 (more intensive security).

• Each column is sortable.

• Control Details Drawer

  • The Results section is now called Failed Results.
  • The Show Affected Devices/Users button is now called Show Noncompliant Users/Devices. To enhance the user experience, the button shows the number of affected devices.

• Updated Terminology

  • The term rule, used in Axonius configuration, has been changed to control to align with industry-standard CIS and SOC 2 Compliance terminology.

• Support of CIS Microsoft Azure Foundations Benchmark Version 1.4

  • The CIS Microsoft Azure Foundations Benchmark Version 1.4 is now supported. To use the new Azure benchmark, see Calculating a Different Benchmark Version.

Enforcement Center New Features and Enhancements

The following new features and enhancements were added to the Enforcement Center:

• Add or Remove Multiple Tags
  The Add Tag and the Remove Tag actions now support addition or removal of more than one tag in the action.

• Add Tag Enforcement Action Supports Expiring Tags

  • The Add Tag Enforcement action now supports Expiring Tags. You can set a specific expiration date, or set a number of days from now.

• Export CSV Enforcement Actions

  • All Enforcement Actions that create and export CSV files now provide the same functionality as Export Data on the Assets pages. The following new options are available for these actions:
    • Split by asset entities
    • Split by field values
    • Don't split complex object into columns
    • Delimiter to use for multi-value fields
    • Maximum rows

New Adapters

The following new adapters were added to this release:

• Adobe Workfront
  • Adobe Workfront is work and project management software for enterprise resource management, cross-team collaboration, and strategic planning. (Fetches: Users)
• Aha!
  • Aha! is a platform enabling customers to build roadmaps, manage projects and development. (Fetches: Users)
• Aruba Mobility Master
  • Aruba Mobility Master enables deployment and management of up to 1,000 Mobility Controllers to scale large deployments. Integrate Aruba Mobility Master with the Axonius Cybersecurity Asset Management Platform. (Fetches: Devices)
• Aviatrix
  • The Aviatrix cloud network platform delivers a single platform for multi-cloud networking, security, and operational visibility. (Fetches: Devices)
• BeyondTrust Cloud Privilege Manager
  • BeyondTrust Cloud Privilege Manager delivers privilege management and application control, allowing organizations to eliminate admin rights across the entire business and enforce least privilege. (Fetches: Devices, Users)
• BlueCoat ProxySG
  • Edge Secure Web Gateway (BlueCoat ProxySG) from Broadcom provides URL filtering, central policy management, and security against malware attacks. (Fetches: Devices)
• BMC Atrium CMDB onPrem
  • BMC Atrium CMDB stores information about the configuration items (CIs) in your IT environment and the relationships between them. (Fetches: Devices)
• Buildkite
  • Buildkite is a continuous integration tool designed to improve software developer productivity. (Fetches: Devices, Users)
• Check Point Harmony Endpoint
  • Check Point Harmony Endpoint is a suite of endpoint protection products that include mobile, email, collaboration, and SASE security.
• CIS CAT Pro
  • CIS CAT Pro is a tool for automating CIS Benchmark testing and reporting. Integrate CIS CAT Pro with the Axonius Cybersecurity Asset Management Platform. (Fetches: Devices)
• Cisco Intersight
  • Cisco Intersight is a cloud operations platform that consists of optional, modular capabilities of infrastructure, workload optimization, and Kubernetes services. (Fetches: Devices)
• CloudFlare Zero Trust
  • Deliver Zero Trust Network Access on CloudFlare's Edge. (Fetches: Devices, Users)
• Cyberint Argos Edge
  • Cyberint Argos Edge is an attack surface management solution providing findings into the external attack surface, phishing threats, brand impersonation, and more. (Fetches: Devices)
• DefenseStorm
  • DefenseStorm provides CyberSecurity, CyberCompliance and CyberFraud solutions specifically built for banking. (Fetches: Devices)
• Digital Guardian DLP
  • Digital Guardian DLP is a SaaS-based platform that provides data-loss prevention across Windows, Mac, and Linux systems and applications. (Fetches: Devices)
• Eracent
  • Eracent provides IT asset management and software asset management solutions to help customers inventory assets and optimize licensing costs
• ExtremeCloud IQ
  • ExtremeCloud IQ enables management of wireless access points, switches, and routers. (Fetches: Devices)
• GoDaddy
  • GoDaddy is a domain registrar that also offers additional services such as website building and management, website and email hosting, SSL security, and more. (Fetches: Devices)
• IBM Maximo
  • IBM Maximo Application Suite offers a single platform for asset management, monitoring, maintenance, computer vision, safety and reliability. (Fetches: Devices)
• iCIMS
  • iCIMS is an enterprise recruiting platform allowing employers to attract, engage, hire, and advance employees. (Fetches: Users)
• IT Glue
  • IT Glue is a SOC 2-compliant IT documentation management platform designed for managed service providers (MSPs). (Fetches: Users)
• JetPatch
  • JetPatch is a centralized patch management platform focusing on end-to-end enterprise patch management and vulnerability remediation. (Fetches: Devices)
• Lakeside Systrack
  • Lakeside SysTrack is a digital experience monitoring solution used for workplace analytics, IT asset optimization, and end-user troubleshooting. (Fetches: Devices)
• Litmos
  • Litmos is a learning management system that provides pre-built courses and eLearning solutions. (Fetches: Users)
• ManageEngine OpUtils
  • ManageEngine OpUtils is an IP address and switch port management software geared toward helping engineers efficiently monitor, diagnose, and troubleshoot IT resources. (Fetches: Devices)
• N-able
  • N-able provides integrated monitoring, management, security, and ticketing for managed service providers. (Fetches: Devices)
• New Relic
  • New Relic provides cloud-based software to monitor and track servers, instances and services. (Fetches: Devices)
• OnDMARC
  • OnDMARC provides automated management for DMARC, DKIM and SPF records. (Fetches: Devices)
• OpenVPN Cloud
  • OpenVPN Cloud is a VPN-as-a-Service solution that eliminates the need for VPN server installation. (Fetches: Devices, Users)
• Palo Alto Networks Prisma Cloud Workload Protection
  • Prisma Cloud Workload Protection (CWPP) provides protection across hosts, containers, and serverless deployments in any cloud, throughout the application lifecycle. (Fetches: Devices)
• PingID
  • Ping offers an identity management solution that includes multi-factor authentication, single sign-on, identity verification, and more. (Fetches: Users)
• PluralSight
  • PluralSight offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. (Fetches: Users)
• Portnox Clear
  • Portnox CLEAR provides automated security, visibility and control for every device accessing the network including Internet of Things (IoT), BYOD, mobile and unmanaged systems. (Fetches: Devices)
• Projector PSA
  • Projector PSA is a cloud-based Professional Services Automation (PSA) solution that helps services organizations optimize their delivery to provide better resource usage, stronger project profitability, and comprehensive measurement and management of their services business. (Fetches: Users)
• SailPoint IdentityIQ
  • SailPoint IdentityIQ is an identity and access management (IAM) solution that delivers automated access certifications, policy management, access request and provisioning, password management, and identity intelligence. (Fetches: Users)
• Secureworks Taegis VDR
  • Secureworks Taegis VDR is a cloud-based vulnerability management solution. (Fetches: Devices)
• Site24x7
  • Site24x7 offers a performance monitoring solution for websites, servers, cloud environments, networks, applications, and users. (Fetches: Devices)
• Snowflake Data Warehouse
  • Snowflake is a data warehouse built on top of the Amazon Web Services or Microsoft Azure cloud infrastructure, and allows storage and compute to scale independently. (Fetches: Devices)
• Snow Software Exceptions
  • Snow Software Exceptions adapter provides a way to track and manage software exceptions. (Fetches: Devices)
• SonicWall Network Security Manager
  • SonicWall Network Security Manager enables organizations to deploy and manage all firewalls, connected switches and access points in one interface. (Fetches: Devices)
• Syxsense
  • Syxsense is an endpoint security management tool that combines IT management, patch management, and vulnerability scanning. (Fetches: Devices)
• Tableau
  • Tableau is a data visualization and analysis tool used to create charts, graphs, maps, dashboards, and stories. (Fetches: Users)
• Tailscale
  • Tailscale is a minimal-configuration WireGuard-based VPN. (Fetches: Devices)
• TeamViewer
  • TeamViewer is remote access and remote control computer software, allowing maintenance of computers and other devices. (Fetches: Devices)
• Thycotic Privilege Manager
  • Thycotic Privilege Manager mitigates malware and security threats from exploiting applications by removing local administrative rights and enforcing least privilege on endpoints. (Fetches: Devices, Users)
• Varonis CSV
  • Varonis is a data security and analytics company providing data security, threat detection and response, and privacy protection. (Fetches: Devices)
• WhatsUp Gold
  • WhatsUp Gold is network monitoring software. (Fetches: Devices)
• Xshield
  • ColorTokens Xshield is a zero trust-based, cloud-delivered micro-segmentation solution that secures critical corporate assets, including applications and workloads. (Fetches: Devices)
• Zenoss
  • Zenoss enables monitoring of all physical and virtual networks as one part of a real-time model that includes both cloud and on-premises infrastructure. (Fetches: Devices)
• Zscaler Workload Segmentation
  • Zscaler Workload Segmentation is a SaaS solution for applying and managing network segmentation in cloud and on-prem environments. (Fetches: Devices)

For more details:

• Explore the entire list of supported and integrated adapters.

• View Axonius 4.7 Ongoing Adapter and Enforcement Actions Updates

  
  

New Enforcement Actions

The following Enforcement Actions were added:

• Enrich Device Data with Greynoise IO
• Tag in SentinelOne

For more details:

• See the complete Enforcement Action Library.
• View Axonius 4.7 Ongoing Adapter and Enforcement Actions Updates