What's New in Axonius 4.8

Release Date: January - 8 -2023

Axonius version 4.8 includes all of the features and enhancements from all the 4.7 minor releases since version 4.7.1. Read the release notes to learn what's new.

Release Highlights

• User Experience Enhancements
• Dashboard Enhancements
• Vulnerability Management
• Enhanced Asset Investigation
• New Enforcement Center

Ongoing Updates

Check out ongoing updates to Version 4.8:
What's New in Axonius 4.8.1
What's New in Axonius 4.8.2
What's New in Axonius 4.8.3
What's New in Axonius 4.8.4
What's New in Axonius 4.8.5
What's New in Axonius 4.8.6
What's New in Axonius 4.8.7

User Experience Enhancements

The Axonius User Interface was updated for a cleaner look and feel, to make it easier to find and access everything you need to work with Axonius Cybersecurity Asset Management

• The sidebar icons for access to the modules have been refreshed.
• The Action Settings, Avatar and Logout button were moved to the bottom of the sidebar.
• The Search icon appears at the top of every page on the system so that users can use it more easily, from wherever they are in the platform, Search results open on a new page.
• The icons on the top bar were updated.
• Information banners that appear at the top of the page appear above the User Interface elements.

Dashboard New Features and Enhancement

The following new features and enhancements were added to the Dashboards:

Duplicating a Dashboard

• The capability was added to duplicate a Dashboard. This makes it easy to create new Dashboards that are similar to an existing Dashboard. All charts in the Dashboard are duplicated along with their configurations.

Updating a Dashboard Dynamically

• The capability was added to easily have a Dashboard update automatically by selecting a filter that is applied to all the charts in the dashboard. The filter can be either a query or a field.

Updating a Chart Dynamically

The capability was added to easily have a chart temporarily display data from a different filter than the one configured. The filter can be either a query or a field.

Import and Export Dashboards

It is now possible to import and export Dashboards using the Axonius user interface (without using the API). This makes sharing and moving Dashboards between environments easy.

Adapters Fetch History and Activity Logs Queries Supported in Field Segmentation Chart

• The capability was added to create Field Segmentation Charts based on saved queries from the Adapters Fetch History and the Activity Logs module.

Chart Enhancements

A wide range of enhancements was added to the charts to make working with charts smoother.

• Table Presentation Style for Query Comparison Bar Charts and Field Segmentation Charts
  • The data in Query Comparison bar charts and Field Segmentation charts can be displayed in a table format without the bars. This can make viewing data easier in some cases.

• Chart Tools Appear on Mouse Hover

  • When hovering over a chart, the chart tools (filter, resize, etc.) are displayed. This provides a cleaner look and makes it easy to see which chart is active. See Chart Actions for more information.

• Automatic Color Assignment for Field Segmentation Charts

  • You can now have Axonius assign colors to the bars in field segmentation charts.

• Auto-duplication of the Asset Module When Adding Multiple Queries to a Query Comparison Chart

  • When adding additional queries to a Query Comparison Chart, the type of asset module selected will be automatically listed on the Add Query button. Click the button to add a query for the same module or select a different module from the list. Selecting an asset module causes that module to be automatically selected for the next query.

• Default Query Display

  • By default the queries displayed in the query drop-down in charts are displayed by the date they were created.

• Chart Query Details Displayed in the Query Wizard for Field Summary

  • When a Field Summary chart is clicked to see a list of the assets it represents, the query configured in the chart is populated into both the query bar and the Query Wizard.
    Limitation

Devices and Users Page New Features and Enhancements

The following new features and enhancements were added to the Devices and Users pages.

Asset Investigation - Unified View

A new enhanced Asset Investigation page was added. The Asset Investigation page is accessed from the Devices or Users page. It shows the changes over time for all the devices or users in the system. Users can use Asset Investigation to:

• Compare groupings of assets, more easily, from one central console
• Accelerate incident response and alert triage
• Track changes amongst assets
• Identify unusual or risky patterns.

Asset Investigation

• Added a Search bar to search for values added or removed in the single asset Asset Investigation page.

Freeze Columns

• You can freeze the columns displayed on the Assets page.

CVE Count Field

• A new Total CVE Count field was added, which displays the number of CVEs on a device. This is currently not supported in Dashboards.

Data Refinement

• A new 'in' operator was added to Data Refinement for all numeric fields.

CSV Export

• It is now possible to hide the parent field of complex fields in exported CSV files.

Tag Management

• It is now possible to set a color for Tags that are added to the system making it easier to identify tags added.

Custom Data

• It is now possible to add a list of dates in the Custom Data field.

Query Wizard Enhancements

• Custom Data

  • Custom Data Fields created by users now appear first in the Custom data dropdown in the Query Wizard.

• Field Comparison on List Fields

  • Added the capability to perform a Field Comparison on list fields using the in and equals operators.
  • 

• Field Comparison Supports “contains” for List Strings and Strings

  • In Field Comparison queries added the capability to use “contains” to compare between list strings such as Preferred IPs and strings such as Asset Name. This comparison is not case sensitive. Results are returned when the first value contains the second value.

• Count operators for the AD memberOf field

  • The AD memberOf field in the Query Wizard now supports new operators: 'count =', 'count <', 'count >'.

Vulnerability Management Module New Features and Enhancements

The following new features and enhancements were added to the Vulnerability Management Module:

• The CVE ID column has been renamed Vuln ID to support non-CVE vulnerabilities. In this way, vulnerability data can be presented either by a CVE ID or by a Vulnerability ID.

  • When Vulnerability information appears with a CVE ID, then the vulnerability is a CVE type.
  • When Vulnerability information appears with an ID without a CVE prefix, this means that the vulnerability isn't a CVE type and the vulnerability information is presented without the CVE enrichment information.

Enhanced Visibility of Vulnerabilities Not on the CVE List

The following user-interface enhancements were made to facilitate identifying vulnerability information not included in the CVE list but fetched by supported adapters.

• An Is CVE column (when added by the customer) indicates whether the vulnerability is a CVE type.
• For Tenable adapters, the Vuln-ID of a vulnerability not included in the CVE list will appear with a 'Plugin' prefix in the 'Vuln ID' column. For example, Plugin-21745.
• To align with the user-interface enhancements, the CVE Severity column was renamed Severity, and now displays the severity level of all vulnerabilities.

Enhanced Vulnerability Information

When a vulnerability isn’t a CVE type but fetched by some adapters, such as Tenable, added the ability to learn more about the vulnerability and how to remediate it by clicking the link in the Vuln ID column.

Query Management New Features and Enhancements

The following new features and enhancements were added to the Queries:

• Filter by Folder Path

  • Capability was added to filter saved queries by the Folder Path.

• Arrange Folders using Drag-and-Drop in the Folders Pane

  • Capability was added to rearrange folders by dragging folders and subfolders from one folder to another. This makes it easy to rearrange folders.

• Expand and Collapse Folders in the Folders Pane

  • Capability was added to collapse and expand the folders in the Folder pane. This enables you to collapse or expand folders to see the folders you want when there are many folders.

• Move to Folder Action Menu Enlarged

  • On the Query page the pane for the Move To Folder action was made larger.

Enforcement Center New Features and Enhancements

New Enforcement Center

The Enforcement Center was redesigned and new capabilities were added. You can now create and manage enforcement sets more easily and quickly due to the complete user interface (UI) makeover. The upgrades include a modern look and feel, a tile action library, test runs, and more.

New features include:

• Enforcement Sets can be organized and managed using folders, offering you a cleaner, more user-friendly experience.

• Unfinished Enforcement Sets are automatically saved to the Drafts folder and can be completed at a later time.
  

• Enforcement Sets can be tested on a single asset to ensure accuracy and validate results prior to wide-scale rollout.
  

• Required fields are separate from optional fields (under Additional fields) making the actions quicker to fill in and easier to navigate.

• During Enforcement Set creation, fields are pre-filled when possible, speeding up the Enforcement Set creation process.
  

• Complex rules can be created for every enforcement action, using condition statements that assign values to an action field according to conditional criteria.
  

• Control the order of enforcement actions to create a logical chain of linked actions.
  

Additional Enforcement Center Enhancements

• Enforcement Actions Rename

  • Enforcement Action names have been updated for clarity and consistency.

• Links from Actions to Documentation

  • There are now links from each Enforcement Action to the relevant documentation pages. Select the question mark icon to access documentation.

Enhancements to Axonius Actions

• Set Color for Tag Background

  • In the Axonius - Add Tag Enforcement Action, the capability was added to set a color for tags added to the system, making it easier to identify tags added.

• Add List Dates to Custom Data

  • In the Axonius - Add Custom Data to Assets action it is now possible to add a list of dates in the Custom Data field.

• Remove Values from Custom Data

  • In the Axonius - Remove Custom Data from Assets action, it is now possible to remove specific values from a list field, instead of the complete field.

• New Enforcement Center action to create Custom Enrichment

  • New Axonius enforcement action enriches assets with information from a CSV file using the Custom Enrichment feature.

Adapter Pages and Adapter Interface New Features and Enhancements

The following updates were made to the common functionality across all adapters:

Adapter Fetch History

Added a new Discovery Cycle filter on the Adapters Fetch History page to filter Fetch History by the Discovery Cycle in which it occurred.

Connection Configuration

• A new Connection Configuration column in the Adapter Connections page displays the configuration of each adapter connection in a JSON format.
• A new Connection Configuration Search in the Adapter Connections allows searching by a key, string value, or combination of a key and string value of an adapter connection configuration.

Adapter Advanced Settings

A new Exclude devices within IPv4 ranges was added to Adapter Advanced Settings. This setting lets you exclude a device within one or more comma-separated IPv4 address ranges from the fetch. For example, if 127.0.0.1-127.0.0.20 , 127.0.0.30-127.0.0.50 is entered, all devices that have an IPv4 address in the specified range will be excluded from the discovery cycle.

Instance Page New Features and Enhancements

• The installed version is now displayed for each node on the Instances page, and in the Instances drawer.
• The default name for the main instance in Axonius was changed to Primary instead of Master. This is only for new systems and does not affect any names already configured in your system.

Activity Log New Features and Enhancements

Added a new Discovery Cycle filter on the Activity Log page to filter Activity Logs by the Discovery Cycle in which the events occurred is displayed.

Administrator Settings New Features and Enhancements

The following updates were made to various Administrator settings:

Manage Custom Fields and Tags

New Manage Custom Fields and Manage Custom Tags tabs were added to enable administrators to globally manage all Custom Fields and Tags in the system in one location.
The following capabilities were added:

• Add, delete, and merge custom fields

• Export, rename, and delete tags

  Global Settings

The Fetch software vulnerabilities from CISA DB option in the Data Enrichment Settings has been renamed Enrich software vulnerabilities from CISA DB. There is no change in functionality to this setting.

BeyondTrust Password Safe Password Manager

Added BeyondTrust Password Safe as a new option to the Password Manager field under the Enterprise Password Management Settings section.
The integration between Axonius and BeyondTrust Password Safe enables Axonius to securely pull privileged credentials from BeyondTrust Password Safe. The integration helps ensure that privileged credentials are secured in the BeyondTrust Password Safe, rotated to meet company guidelines, and meet complexity requirements.

Identity Providers Settings

The Identity Provider Settings page has been separated into separate pages to make it easier to find the documentation for each type of provider setup.

• Support for Multiple SAML Providers

  • You can now configure multiple SAML identity providers. This allows users with different providers to seamlessly log in to Axonius.

• Multiple LDAP Configuration

  • It is now possible to configure more than one LDAP Configuration.
    • Note: Multiple LDAP is not supported when you are working with a tunnel.

• Smartcard Authentication

  • Username hinting is now supported in Smartcard Authentication in LDAP Identify Providers Settings.

Custom Enrichment

• Custom Enrichment Files
  • It is now possible to use a CSV file from an online storage location using the capabilities of the CSV adapter.
• Custom Enrichment Using and/or and ( ) in Rules
  • and, or and ( ) can be used to create complex Custom Enrichment rules.
• Custom Enrichment additional enhancements
  • It is now possible to create Custom Enrichment statements that enrich:
    • Aggregated fields
    • Enforcement Action fields
    • Preferred fields

Role Based Access Control Management New Features and Enhancements

The following updates were made to Role Based Access Control:

Deleting the Default admin Account

• It is now possible to delete the default admin user account.

Data Scopes New Features and Enhancements

The following updates were made to Data Scopes:

Switching Data Scopes

• The ability for a user to temporarily enter another Data Scope without having to log in as a different user. A yellow banner at the top of the window lets you know to which Data Scope you are connected.

Axonius-hosted (SaaS) Deployments Updates

Email Notification on Tunnel Connection

It is now possible to configure the system to send emails when a tunnel is connected and not only when it is disconnected,

New Adapters

The following new adapters were added to this release:

• A10
  • A10 provides load balancing for application deliverability, availability, and security. (Fetches: Devices)
• Acunetix
  • Acunetix is an automated web application security testing tool that checks for vulnerabilities like SQL Injection, Cross-site scripting, and other exploitable vulnerabilities. (Fetches: Devices, Users)
• Addigy
  • Addigy is a real-time Apple mobile device management platform (MDM) that is combined with live agent capabilities. (Fetches: Devices, Users)
• ADP Vantage HCM
  • ADP Vantage HCM is an all-in-one HR platform that includes payroll, benefits, and talent management administration. (Fetches: Users)
• Akamai App and API Security
  • Akamai App and API Security provides protection against web application attacks including SQL injections, cross-site scripting, and remote file inclusion. (Fetches: Devices)
• AlgoSec Firewall Analyzer
  • AlgoSec Firewall Analyzer (AFA) is a device analysis solution that builds a model of users' network security postures and Layer 3 connectivity. (Fetches: Devices)
• Apple Business Manager
  • Apple Business Manager supports deployment and remote MDM enrollment of corporate-owned Apple devices. (Fetches: Devices)
• AppNeta
  • AppNeta provides monitoring of network paths, flows, packets, and web applications. (Fetches: Devices)
• Auth0
  • Auth0 provides authentication and authorization solutions for web, mobile, and legacy applications. (Fetches: Users)
• Avi Networks
  • Avi Networks (now part of VMware) delivers multi-cloud application services used for load balancing, web application firewall and container ingress. (Fetches: Devices)
• Barracuda CloudGen Firewall
  • Barracuda CloudGen Firewall provides real-time network protection against a broad range of network threats, vulnerabilities, and exploits. (Fetches: Devices, Users)
• BloodHound
  • BloodHound is used to find relationships within an Active Directory (AD) domain to discover attack paths. (Fetches: Devices)
• Checkmk
  • Checkmk provides powerful monitoring of networks, servers, clouds, containers and applications. (Fetches: Devices, Users)
• Citrix DaaS
  • Citrix DaaS (device as a service) is a cloud-based solution that allows companies to securely deliver DaaS and VDI apps and desktops to any device, over any network. (Fetches: Devices)
• CrashPlan
  • CrashPlan provides backup and recovery, ransomware recovery, and device migration services for small businesses and enterprises. (Fetches: Devices, Users)
• Cyberhaven
  • Cyberhaven provides a data detection and response (DDR) solution, based on big data graph analytics of all user interactions with data over time and across the enterprise. (Fetches: Devices)
• ECI FMAudit
  • ECI FMAudit is print management software that allows users to remotely monitor print environments and maintain visibility into their operations. (Fetches: Devices)
• Equinix
  • Equinix provides digital infrastructure and data center services. (Fetches: Users)
• Exabeam Datalake
  • Exabeam Data Lake (previously known as Exabeam Log Manager) is a cloud-native data lake architecture to securely ingest, parse, and store security data at scale from any location, across multi-year data. (Fetches: Devices)
• FortiNAC
  • FortiNAC is a network access control solution that provides protection against IoT threats, control of third-party devices, and automated responses to networking events. (Fetches: Devices)
• Genian
  • Genian NAC identifies and monitors all hardware and software in the network environment to determine each device’s security state then establish the appropriate level of access to ensure compliance. (Fetches: Devices)
• GLPI
  • GLPI is an open-source service management software tool to manage Helpdesk and IT assets. (Fetches: Devices, Users)
• GRR Rapid Response
  • GRR Rapid Response is an incident response framework focused on remote live forensics delivered through a client-server architecture. (Fetches: Devices)
• Hawk
  • HAWK.io is a fully automated, multi-tenant, cloud-based, managed detection and response (MDR) service. (Fetches: Devices)
• Hoxhunt
  • Hoxhunt provides security awareness training for employees based on cognitive automation and risk calculations. (Fetches: Users)
• IBM Spectrum Protect Plus
  • IBM Spectrum Protect Plus provides recovery, replication, retention, and reuse for VMs, databases, applications, file systems, SaaS workloads, and containers in hybrid cloud environments. (Fetches: Devices)
• Invicti
  • Invicti (formerly Netsparker) is DAST and IAST vulnerability scanning for web applications. (Fetches: Devices)
• Island
  • Island is an enterprise browser, built on Chromium, with numerous built-in capabilities for protecting against user-, data-, and network-based threats. (Fetches: Devices, Users)
• JFrog
  • JFrog Artifactory is a DevOps solution for housing and managing artifacts, binaries, packages, files, containers, and components throughout the software development lifecycle. (Fetches: Devices, Users)
• Lansweeper Cloud
  • Lansweeper Cloud federates data from all local Lansweeper discovery instances into a single source of truth. (Fetches: Devices)
• ManageEngine AssetExplorer
  • ManageEngine AssetExplorer is a web-based IT Asset Management (ITAM) software that helps monitor and manage assets in network from planning phase to disposal phase. (Fetches: Devices)
• ManageEngine Mobile Device Management
  • ManageEngine MDM is a mobile device management solution. (Fetches: Devices, Users)
• ManageEngine OpManager
  • ManageEngine OpManager enables monitoring of routers, switches, firewalls, servers and VMs for fault and performance. (Fetches: Devices)
• MarkMonitor
  • MarkMonitor provides domain management, security, and consulting. (Fetches: Devices)
• MoroCloud
  • Moro Cloud is a software-defined datacenter (SDDC) that offers integrated cloud components such as compute, network, storage, and security. (Fetches: Devices)
• N2WS
  • N2WS Backup & Recovery offers orchestrated recovery for core AWS and Azure services. (Fetches: Devices, Users)
• NetMotion Mobility
  • NetMotion Mobility is mobile VPN software that maximizes mobile field worker productivity by maintaining and securing their data connections as they move in and out of wireless coverage areas and roam between networks. (Fetches: Devices, Users)
• Oracle Fusion HCM Cloud
  • Oracle Cloud Human Capital Management is a cloud-based HCM software application suite for global HR, talent, and workforce management. (Fetches: Users)
• Outpost24
  • Outpost24 is a cyber risk management platform that helps organizations assess their attack surface and prioritize vulnerabilities. (Fetches: Devices)
• PeopleHR
  • PeopleHR is HR automation software (HRIS) for small and growing businesses. (Fetches: Users)
• Phosphorus
  • Phosphorus provides IoT discovery, password management, and patch management. (Fetches: Devices)
• Proofpoint Endpoint DLP
  • Proofpoint Endpoint DLP helps identify risk user behavior and protect sensitive data. (Fetches: Devices)
• Qush Reveal
  • Qush enables customers to discover risks, educate employees, enforce policies and prevent data loss. (Fetches: Devices)
• Radiflow
  • Radiflow provides visibility and anomaly detection for OT assets. (Fetches: Devices)
• Rippling
  • Rippling provides an HR software used to collect, maintain, and analyze data for hiring, onboarding employees, and managing company culture. (Fetches: Users)
• RSA SecurID
  • RSA SecurID provides identity and access management capabilities for on-premise deployments – in authentication, access management, and identity governance. (Fetches: Users)
• SailPoint IdentityNow
  • SailPoint IdentityNow is a SaaS identity and access management (IAM) solution. (Fetches: Users)
• SecureAuth
  • SecureAuth is an identity access management security solution that provides passwordless authentication, multi-factor authentication, SSO, and more. (Fetches: Users)
• Shadowserver
  • Shadowserver gathers and analyzes data on malicious internet activity including malware, botnets, DDoS, fraud, and more. (Fetches: Devices)
• SimpleMDM
  • SimpleMDM is a mobile device management solution for Apple devices. (Fetches: Devices)
• Syncro MSP
  • Syncro MSP is a combined remote monitoring and management (RMM) and professional services automation (PSA) platform that manages invoicing, credit card payments, help desk, customer relationship tracking, remote access and support, and more managed IT services. (Fetches: Devices)
• TalentLMS
  • TalentLMS is an all-in-one training platform. (Fetches: Users)
• Talon
  • Talon is a secure enterprise browser designed to defend against malware and prevent data loss for managed and unmanaged devices. (Fetches: Devices)
• Tessian
  • Tessian is a cloud email security platform that prevents email threats and protects against data loss. (Fetches: Devices)
• Trend Micro Conformity
  • Trend Micro Conformity provides real-time monitoring, automated security and compliance checks, and auto-remediation for cloud infrastructure. (Fetches: Devices)
• Tychon
  • TYCHON is an endpoint analytics and remediation platform that allows users to search, visualize, remediate, and monitor security compliance across assets. (Fetches: Devices)
• Unisys Stealth
  • Unisys Stealth transforms existing networks—both on-premises and in the cloud—into a Zero Trust Network through identity-based microsegmentation. (Fetches: Devices)
• Viptela (Cisco) SD-WAN
  • Cisco SD-WAN (previously Viptela) allows users to establish an SD-WAN overlay fabric that connects data centers, branches, campuses, and colocation facilities. (Fetches: Devices)
• VMware SD-WAN
  • VMware SD-WAN (formerly by VeloCloud) is a software-based network technology that virtualizes WAN connections. (Fetches: Devices)
• Whitehat
  • WhiteHat provides SAST, DAST, SCA, and IaC security solutions. (Fetches: Devices)
• Zscaler ZDX
  • Zscaler Digital Experience (ZDX) is a monitoring solution providing end-to-end visibility and troubleshooting of end-user performance issues for any user or application, regardless of location. (Fetches: Devices, Users)

For more details:

• Explore the entire list of supported and integrated adapters.
  View all enhancements made to adapters in this release.

  
  

New Enforcement Actions

The following Enforcement Actions were added to this release:

• Adobe Workfront - Create Issue - Adobe Workfront issues can be created automatically by this Enforcement Action.
• Automox - Run Worklet per Asset - runs a worklet in Automox for each asset that matches the parameters of the saved query supplied as a trigger (or from the assets selected in the asset table).
  Custom Enrichment - Enrich Assets with CSV File - enriches assets with information from a CSV file using the Custom Enrichment feature.
• Email - Send per Asset - action sends an email to each email address in the list of recipients for each asset that matches the parameters of the selected query.
• GSuite - Add Users - adds the users retrieved from the saved query supplied as a trigger (or users that have been selected in the asset table) as GSuite users.
• GSuite - Add Users to Group - adds the users retrieved from the saved query supplied as a trigger (or users that have been selected in the asset table) to a GSuite group.
• GSuite - Remove Users - removes each GSuite user retrieved from the saved query supplied as a trigger (or users selected in the asset table).
• Microsoft Active Directory (AD) - Remove Assets from AD - removes the assets (users or devices) retrieved from the saved query supplied as a trigger (or devices that were selected in the asset table) from Active Directory.
• Microsoft Azure (Azure AD) - Delete Assets - deletes an asset record from an Azure AD for each asset that matches the parameters of the saved query supplied as a trigger (or devices that have been selected in the asset table).
• Microsoft Azure (Azure AD) - Enable or Disable Assets -enables each of the assets that are the results of the query, which are Microsoft Azure (Azure AD) blocked/disabled managed devices or users or assets selected on the relevant asset page or disables and blocks each of the assets that are the results of the query, which are Microsoft Azure (Azure AD) managed devices or users or assets selected on the relevant asset page.
• Qualys Cloud Platform - Update Asset Names to Host Names - Updates the Asset Name to be the same as the Host Name for all Qualys devices which are the result of the query run, or for the assets selected.
• TOPdesk Enterprise Service Management - Create Asset - creates an asset in TOPdesk Enterprise for each asset that matches the parameters of the selected query or assets selected in one of the asset tables.
• SolarWinds Service Desk - Create Incident - creates an incident in SolarWinds for all the assets retrieved from the saved query supplied as a trigger (or for the assets selected in the asset table).

For more details:

• See the complete Enforcement Action Library.
  View all enhancements made to Enforcement Actions in this release.

Known Limitations

Dashboards

• Field Summary Chart - There are cases when the query configured in the chart was written or edited in the query bar of the Queries page as an Axonius Query Statement, and not in the Query Wizard, and then run. If you configure a chart with that query and then click the chart to see a list of assets, the query parameters are not populated into the Query Wizard.