What's New in Axonius 2.11

Adapters

New Adapters

The following new adapters have been added in this release:

1. Aqua Security - Provides container and cloud native cybersecurity for teams using Docker, Kubernetes, serverless, and other cloud native technologies.
2. Aruba AirWave - A network management system for wired and wireless infrastructure and provides granular visibility into devices, users, and applications on the network.
3. BambooHR - HR software used to collect, maintain, and analyze data for hiring, onboarding employees, and managing company culture.
4. CA Spectrum - A services and network infrastructure management system that enables the modeling of LAN, WAN, wired, wireless, physical, and virtual networks.
5. Cisco Unified Communications Manager - Provides secure and manageable call control and session management.
6. Freshservice - A cloud-based IT help desk and service management solution that enables organizations to simplify their IT operations.
7. Guardicore - A data center and cloud security company that protects the organization’s core assets.
8. HashiCorp Consul - A multi-cloud service networking platform to connect and secure services across any runtime platform and public or private cloud.
9. IBM BigFix Inventory - Gathers information about installed software and hardware in your IT infrastructure.
10. Masscan - A free internet port scanner utility.
11. OmniVista 2500 NMS - The Alcatel-Lucent OmniVista 2500 Network Management System (NMS) provides management tools and network-wide visibility, enabling operators to provision, manage and maintain a mobile infrastructure.
12. PKWARE - Finds, classifies, and protects sensitive data, allowing security managers to define data protection policies and monitor activity across the organization.
13. Randori - An attack platform which combines continuous reconnaissance, real-time target analysis, and the ability to safely execute attacks on-demand to provide an attacker’s perspective.
14. Skybox Firewall Assurance - Provides automation of firewall management tasks across different firewall vendors and complex rulesets.
15. Snow Software Asset Management - Snow Software provides Software Asset Management (SAM) products and services to reduce the risk, cost, and complexity associated with software assets and licensing.
16. Symantec Control Compliance Suite - A solution to help identify security gaps and vulnerabilities and automate compliance assessments for over 100 regulations, mandates, and best practice frameworks including GDPR, HIPAA, NIST, PCI and SWIFT. Symantec CCS discovers and inventories all networks and assets including managed and unmanaged devices allowing for assets to be profiled and ranked for risk potential.
17. Symantec DLP - A data loss protection and prevention solution. Its management console, the DLP Enforce Platform, and its reporting tool, IT Analytics for DLP, allows writing and enforce policies to reduce information risks.
18. Web Server Information - Provides information about the web server for a given website domain, including the server type, its version and operating system, the content management system (CMS) name and its version, the installed CMS plugins, versions and more.

For more details, see the entire list of supported and integrated adapters.

Updated Adapters

The following Adapters have been enhanced:

• Amazon Web Services (AWS) (advanced settings) - Multiple enhancements:
  • Added a new Fetch Information about IAM Users checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
    • If enabled, this adapter will also fetch information about IAM Users.
  • Added a new Fetch information about Workspaces checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
    • If enabled, this adapter will also fetch information about Amazon Workspaces.
  • Added a new Verify all IAM roles checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
    • If enabled, this adapter will verify all IAM roles. If one of the IAM roles is not valid, the adapter connection will fail.
      
      
• Aruba ClearPass (advanced settings) - Added a new Do not fetch Devices without Last Seen checkbox to the Aruba ClearPass Configuration tab in the Advanced Settings for this adapter.
  • If enabled, this adapter will not fetch devices that have not communicated with the Aruba ClearPass server and therefore have an empty Last Seen attribute.
    
    
• Carbon Black Cb Response (advanced settings) - Added a new Fetch Uninstalled Devices checkbox to the Carbon Black Cb Response Configuration tab in the Advanced Settings for this adapter.
  • If enabled, this adapter will also fetch devices that have had the Carbon Black Cb Response sensor uninstalled.
    
    
• CA Service Management (advanced settings) - Multiple enhancements:
  • Added a new Device Type Whitelist field to the CA CMDB Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you specify a comma-separated list of device types.
    • If supplied, all connections for this adapter will only collect devices whose device type matches a device type provided in this list.
  • Added a new Fetch Only Active Devices checkbox to the CA CMDB Configuration tab in the Advanced Settings for this adapter.
    • If enabled, this adapter will fetch only devices marked as active.
      
      
• Cisco Prime (connection configuration)- Added a new Wireless SSID Whitelist field to the Add Connection dialog for this adapter.
  • This new field lets you specify a comma-separated list of SSIDs.
  • If supplied, the configured adapter connection will only collect devices associated with SSIDs provided in this list.
    
    
• Crowdstrike Falcon (advanced settings) - Added a new Machine Domain Whitelist field to the CrowdStrike Configuration tab in the Advanced Settings for this adapter.
  • This new field lets you specify a comma-separated list of Microsoft Active Directory domains.
  • If supplied, all connections for this adapter will only collect devices from the domains provided in this list.
    
    
• Google Cloud Platform (GCP) - The Google Compute/Kubernetes Engine adapter has been renamed to Google Cloud Platform (GCP) in order to make it clearer that it is not limited to GCE. The adapter icon has been changed as well to the GCP logo.
  
  
• Linux SSH (connection configuration) - Added a new Sudo Path field to the Add Connection dialog for this adapter.
  • This new field lets you specify an absolute path (/path/to/sudo) of a binary to use for sudo'ing to the root user.
  • If provided, when the command line is executed it will be prefixed with the value supplied.
  • If not provided, when the command line is executed it will be prefixed with "sudo".
    
    
• Microsoft System Center Configuration Manager (SCCM) (advanced settings) - Added a new Do not fetch Devices without Last Seen checkbox to the SCCM Configuration tab in the Advanced Settings for this adapter.
  • If enabled, this adapter will not fetch devices that have not communicated with the Microsoft System Center Configuration Manager (SCCM) database and therefore have an empty Last Seen attribute.
    
    
• Okta (advanced settings) - Added a new Fetch Users Authentication Factors checkbox to the Okta Configuration tab in the Advanced Settings for this adapter.
  • If enabled, this adapter will also collect information on the authentication factors associated with users.
    
    
• Qualys Cloud Platform (advanced settings) - Added a new Qualys Tags Whitelist field to the Qualys Configuration tab in the Advanced Settings for this adapter.
  • This new field lets you specify a comma-separated list of Qualys tags.
  • If supplied, all connections for this adapter will only collect devices tagged in Qualys with the tags provided in this list.
    
    
• ServiceNow (advanced settings) - Modified the Exclude Disposed Devices field in the ServiceNow Configuration tab in the Advanced Settings for this adapter.
  • The field has been renamed to Exclude Disposed and Decommissioned Devices.
  • If enabled, this adapter will not collect information on devices if their status in ServiceNow is 'Disposed' or 'Decommissioned'.
    
    
• SQL Server - Added a new Database Type field to the Add Connection dialog for this adapter.
  • This field lets you choose the SQL server database type: Microsoft SQL Server, MySQL or PostgreSQL.
  • The Microsoft SQL Server adapter has been renamed to SQL Server and its icon changed in order to make it clearer that it is not limited to only Microsoft SQL Server DB connections.
    
    

Dashboard Updates

The following updates have been made to the Axonius Dashboard:

• System Lifecycle Panel – Has been moved to the first panel after the Device Discovery and the User Discovery panels.
  
  

• Reorder Custom Dashboard Panels - Added the ability to control the order of the custom dashboard panels.

  • Hover over a custom panel name and then drag and drop it to change the panel order in the dashboard space.
  • The Device Discovery, User Discovery and System Lifecycle panels are fixed and cannot be reordered.
    
    

• Field Segmentation Panels

  • Added a new Filter by field to the Field Segmentation chart configuration dialog.
    • This new field lets you configure a predefined filter on all the results of the selected segmented field, if it is a text field.
    • The filter is case-insensitive.
  • Added a new Include entities with no value checkbox to the Field Segmentation chart configuration dialog.
    • If enabled, entities that do not have a value for the segmented field are ignored and are not included in the chart results.
    • By default, this option is not selected.

  

• All Panels - Fetching Data Indication - Added a 'Fetching data' indication while charts are being created.
  
  

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

New Actions

The following new Actions have been added:

• Enrich Device Data with Web Server Information - Added a new enforcement action called Enrich Device Data with Web Server Information to the Enrich Device or User Data action category.
  • This new action will enrich devices with the following information if they are found on the device:
    • The type, version, and operating system of the web server.
    • The content management system (CMS) name, version, installed plugins and versions, and more.
    • The attributes of the SSL Certificate offered by the web server.
      
      
• Update LDAP Attributes of Users or Devices - Added a new enforcement called Update LDAP Attributes of Users or Devices to the Manage Microsoft Active Directory (AD) Services category.
  • This new action will update LDAP object attributes in Active Directory for device or user entities that are returned from a query.
    
    
• Create Freshservice Ticket - Added a new enforcement action called Create Freshservice Ticket to the Create Incident action category.
  • This new action will create a ticket in Freshservice for device or user entities returned from a query.

Updated Actions

The following Actions have been enhanced:

• Run Linux Shell Command - Added a new Sudo Path field to the Add Action dialog for this action.

  • This new field lets you specify an absolute path (/path/to/sudo) of a binary to use for sudo'ing to the root user.
  • If provided, when the command line is executed it will be prefixed with the value supplied.
  • If not provided, when the command line is executed it will be prefixed with "sudo".
    
    

• Run Linux SSH Scan - Added a new Sudo Path field to the Add Action dialog for this action.

  • This new field lets you specify an absolute path (/path/to/sudo) of a binary to use for sudo'ing to the root user.
  • If provided, when the command line is executed it will be prefixed with the value supplied.
  • If not provided, when the command line is executed it will be prefixed with "sudo".
    
    

• Add IPs to Tenable.sc Asset - Added a new CIDRs exclude list field to the Add Action dialog for this action.

  • This new field lets you specify a comma-separated list of CIDRs.
  • If provided, IP addresses of devices that are in the range of the specified CIDRs will not be added to the specified Tenable.sc Asset Name.
    
    

• Add IPs to Tenable.io Target Group - Added a new CIDRs exclude list field to the Add Action dialog for this action.

  • This new field lets you specify a comma-separated list of CIDRs.
  • If provided, IP addresses of devices that are in the range of the specified CIDRs will not be added to the specified Tenable.sc Target Group.
    
    

• Add Tag - Modified the Tag Name field in the Add Action dialog for this action.

  • This field now lets you search and choose a tag from a list of all the tags defined in the system.
  • If desired tag name does not exist in the system, you can choose to create it.
    
    

• Remove Tag - Modified the Tag Name field in the Add Action dialog for this action.

  • This field now lets you search and choose a tag from a list of all the tags defined in the system.

Device and User Tables Interface Updates

The following updates have been made to device and user tables related capabilities in Axonius:

• Multi-value fields

  • Modified each value in the list to a chip, instead of a plain text comma separated list.
  • Modified multi-value fields tooltip. The tooltip allows you to view the entire list, by hovering the “+X” icon.
    

  

  • Modified the adapters field tooltip. The tooltip allows you to view the adapter logos list along with their names.
    

Device and User Details Interface Updates

The following updates have been made to the Device Details and to the User Details:

• General Data Tab - Multi-value Fields

  • Modified each value in the list to a chip, instead of a plain text comma separated list.
  • Modified multi-value fields tooltip. The tooltip allows you to view the entire list, by hovering over the “+X” icon.

  

• Enforcement Tasks Tab - Modified the Enforcement Tasks action table:

  • The table now displays a consolidated list of all the Enforcement Task actions executed on the device.
  • Added a link to the Enforcement Task Name. It will open the Enforcement Task Summary page.
  • Added search and export to CSV options.

  

Administrator Settings Interface Updates

• GUI Settings Tab - Added a new setting titled Number of values displayed in each column.
  • This new setting lets you select whether Device and User multi-value fields display one or two values.
  • If multi-value fields have more values than the selected option, those values can be viewed by hovering the "+x" indication.
• Global Settings Tab
  • Under GUI SSL Settings - If the override default SSL settings checkbox is selected, you'll now see a new, optional Private Key Passphrase field to specify the passphrase for a password protected private key.