- 24 Mar 2022
- 10 Minutes to read
- Print
- DarkLight
- PDF
What's New in Axonius 2.13
- Updated on 24 Mar 2022
- 10 Minutes to read
- Print
- DarkLight
- PDF
Release Date: Dec-8-2019
Adapters
New Adapters
The following new adapters have been added in this release:
- Cherwell IT Service Management - A service desk platform enabling automation for process workflows, supporting tasks, and related approvals.
- Cisco Stealthwatch - An agentless malware detection solution that provides visibility and network traffic security analytics across the extended network, including endpoints, branch, data center, and cloud.
- HP Network Node Manager i (NNMi) - A network health and performance monitoring software with scalability and device support.
- Microsoft BitLocker Administration and Monitoring (MBAM) - Provides a simplified administrative interface for BitLocker Drive Encryption. BitLocker offers protection against data theft or data exposure for computers that are lost or stolen, encrypting all data that is stored on the Windows operating system volumes and drives and configured data drives.
- Orca Cloud Visibility Platform - Delivers full-stack visibility including prioritized alerts on vulnerabilities, compromises, misconfigurations, and more across all cloud accounts.
- Red Hat Ansible Tower - A web console and REST API for operationalizing Ansible across teams, organizations, and the enterprise.
- Wazuh - A free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.
For more details, see the entire list of supported and integrated adapters.
Updated Adapters
The following Adapters have been enhanced:
Amazon Web Services (AWS) (Advanced Settings) - Multiple enhancements:
- Added a new Fetch Information about Route 53 checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
- If enabled, the adapter connection will also fetch information about Amazon Route 53 DNS records.
- The default value of this checkbox is False.
- Added a new Verify primary account permissions checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
- This new checkbox lets you choose whether the primary account permissions should be used when the adapter connections fetch data from AWS.
- If enabled, all connections for this adapter will use the primary account permissions to fetch data from AWS. If the primary account permissions are insufficient, the adapter connections will fail to fetch the data.
- If disabled, all connections for this adapter will only use the primary account to assume the roles attached to it, and the adapter connections will use those role permissions to fetch data from AWS.
- The default value of this checkbox is True.
- This new checkbox should be disabled only if you want to use the primary account assumed roles permissions instead of the primary account permissions when fetching assets from AWS.
- Added a new Fetch Information about Route 53 checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
Cisco ISE (Connection Configuration) - Added a new Use pxGrid to Fetch Live Sessions field to the Add Connection dialog for this adapter.
- This new field lets you fetch live session data using the pxGrid service.
- If enabled, the newly created connection for this adapter will use the pxGrid service to fetch live sessions.
- The default value of this checkbox is True.
NOTEUsing the pxGrid service requires an additional authentication step from pxGrid Services on your Cisco ISE domain. For more details, see Authorize Axonius in pxGrid Services.
Guardicore - The Guardicore adapter now fetches user assets as well as device assets.
Microsoft Active Directory (AD) (Advanced Settings) - Multiple enhancements:
Added a new LDAP fields to exclude field to the Microsoft Active Directory (AD) Configuration tab in the Advanced Settings for this adapter.
- This field allows you to set one or more inputs to exclude from the data. For example if you put "employeeID, givenName" this will exclude both of these from the raw and parsed data from the adapter.
Added a new Devices to exclude by objectCategory field to the Microsoft Active Directory (AD) Configuration tab in the Advanced Settings for this adapter.
- This field allows you to add input in order to exclude devices that have a specific AD objectCategory.
Microsoft Azure, Microsoft Azure Active Directory (Azure AD) and Microsoft Intune (Connection Configuration) - Added a new Is AzureAD B2C checkbox to the Add Connection dialog for this adapter.
- If enabled, the newly created connection will only fetch data from Microsoft Azure AD B2C
- The default value for this checkbox is False.
Tanium (Connection Configuration) - Multiple enhancements:
- Added a new Saved Question Name field to the Add Connection dialog for this adapter.
- This new field lets you fetch assets from the results of a Saved Question in Tanium.
- If populated, the newly created connection for this adapter will fetch results from the Saved Question and parse them into fields in Axonius. See the Tanium Adapter Documentation Page for more information.
- This field is optional.
- The default value for this field is empty.
- Added a new Always re-ask Saved Question checkbox to the Add Connection dialog for this adapter.
- If Saved Question Name is supplied, this new field will re-ask the question of all endpoints every time a fetch is performed by Axonius.
- If enabled, the newly created connection for this adapter will always re-ask the Saved Question and wait for the answers to come in (or for the question to expire) before getting the results.
- If disabled, the newly created connection for this adapter will get the most recent results available for the Saved Question.
- The default value for this field is False.
- Added a new Re-ask Saved Question if results are older than N hours field to the Add Connection dialog for this adapter.
- If Saved Question Name is supplied, this new field will re-ask the question of all endpoints if the results from the previously asked question are older than this many hours.
- If populated, the newly created connection for this adapter will re-ask the Saved Question and wait for the answers to come in (or for the question to expire) before getting the results if the expiration of the last question that was asked for the Saved Question is older than the number supplied here.
- If not populated, the newly created connection for this adapter will get the most recent results available for the Saved Question.
- This field is optional.
- The default value for this field is empty.
- Added a new Saved Question Name field to the Add Connection dialog for this adapter.
Web Server Information (Advanced Settings) - Added a new Fetch Data from SSL Labs checkbox to the Web Server Information Configuration tab in the Advanced Settings for this adapter.
- This new checkbox lets you choose to fetch data from Qualys SSL Labs.
- If enabled, all connections for this adapter will enrich device data with data from SSL Labs data, including information about the server host, its endpoints and indications on exposure to known SSL vulnerabilities, such as Heartbleed and POODLE.
- To enrich device with data from SSL Labs:
- Host name is required. If the device data does not include a host name, one of the following can be used:
- Device IP address (must be a public IP address).
- Domain, if fetched as part of the SLL Certificate data.
- Port 443 must be open for Axonius to use the SSL Labs API.
- Host name is required. If the device data does not include a host name, one of the following can be used:
- The default value for this checkbox is False.
Zscaler Web Security - The Zscaler Web Security adapter has been enhanced to fetch user assets in addition to device assets.
- The API Key field is mandatory to fetch user data from Zscaler.
- For more details about adding a new API key, see Zscaler documentation - About API Key Management.
Enforcement Center Updates
The following updates have been made to the Axonius Security Policy Enforcement Center:
- Enforcement Center Screen - Added a new Updated by column to the Enforcement Set list.
- This new column displays the name of last user that has updated the Enforcement Set:
- The user name is displayed with a prefix:
- Internal – If the user has been defined internally in Axonius by one of the system admins.
- External – If the user has logged in using LDAP or SAML based login option.
- If the user no longer exists in the system, the displayed user name will be displayed with a “(deleted)” suffix.
- The user name is displayed with a prefix:
- Hover over the field to display the user's first and last name in addition to the user name, if it exists.
- This new column displays the name of last user that has updated the Enforcement Set:
Updated Actions
The following Actions have been enhanced:
Enrich Device Data with Web Server Information - Multiple enhancements:
- Added a new Scan Thread Pool Size field to the Add Action dialog for this action.
- This new field lets you specify the number of threads to be opened to control the performance of the scan.
- The default value for this field is 10.
- Added a new Fetch Data from SSL Labs checkbox to the Add Action dialog for this action.
- This new checkbox lets you choose to fetch data from Qualys SSL Labs.
- If enabled, the device is enriched with data from SSL Labs data, including information about the server host, its endpoints and indications on exposure to known SSL vulnerabilities, such as Heartbleed and POODLE.
- To enrich device with data from SSL Labs:
- Host name is required. If the device data does not include a host name, one of the following can be used:
- Device IP address (must be a public IP address).
- Domain, if fetched as part of the SSL Certificate data.
- Port 443 must be open for Axonius to use the SSL Labs API.
- Host name is required. If the device data does not include a host name, one of the following can be used:
- The default value for this checkbox is False.
- Added a new Scan Thread Pool Size field to the Add Action dialog for this action.
Add Tag - Added a new Remove this tag from entities not found in the Saved Query results checkbox to the Add Action dialog for this action.
- This new checkbox lets you choose whether only the list of entities the Enforcement Task ran on should be tagged with the tag name specified in the enforcement action.
- If enabled, the specified tag name is removed from all entities that are:
- Tagged with that tag
- Not part of the list of entities the Enforcement Task ran on.
- The default value for this checkbox is False.
Device and User Tables Interface Updates
The following updates have been made to device and user tables related capabilities in Axonius:
Saved Queries - Added a new Updated by column to the Saved Queries list.
- This new column displays the name of last user that has updated the Saved Query:
- The user name is displayed with a prefix:
- Internal – If the user has been defined internally in Axonius by one of the system admins.
- External – If the user has logged in using the LDAP or SAML based login option.
- If the user no longer exists in the system, the displayed user name will be displayed with a “(deleted)” suffix.
- The user name is displayed with a prefix:
- Hover over the field to display the user's first and last name in addition to the user name, if it exists.
- For predefined Saved Queries that have been preconfigured by Axonius, the Updated by value is Predefined.
- This new column displays the name of last user that has updated the Saved Query:
Microsoft Azure Active Directory (Azure AD) adapter: Added an Azure AD Device Type data field.
- This field reflects the device or user data source.
- The value of this field is:
- Azure AD – if the device or user has been fetched from Azure AD
- Intune – if the device or user has been fetched from Microsoft Intune
Reporting Updates
The following updates have been made to Axonius reports:
- Reports Screen - Added a new Updated by column to the reports list.
- This new column displays the name of last user that has updated the report:
- The user name is displayed with a prefix:
- Internal – If the user has been defined internally in Axonius by one of the system admins.
- External – If the user has logged in using LDAP or SAML based login option.
- If the user no longer exists in the system, the displayed user name will be displayed with a “(deleted)” suffix.
- The user name is displayed with a prefix:
- Hover over the field to display the user first and last name in addition to the user name, if exist.
- This new column displays the name of last user that has updated the report:
Administrator Settings Interface Updates
The following updates have been made to administrator settings in Axonius:
Global Settings tab - Modified the Adapters Errors Mail Address setting in the Notifications Settings section.
- Instead of a single configured email address, this modified field now lets you configure a comma-separated list of email addresses to receive an email when there is a connection issue with any of the adapter servers.
- Instead of a single configured email address, this modified field now lets you configure a comma-separated list of email addresses to receive an email when there is a connection issue with any of the adapter servers.
GUI Settings tab - Added a new Match Group Name by DN setting to the LDAP Login Settings section.
- This new setting lets you choose whether to authenticate user logins by the the user exact group Distinguished Name (DN).
- If enabled, when a user logs in, the user group Distinguished Name (DN) must match (case sensitive) the value defined in the A Group the User Must be Part of field.
- The default value of this setting is False.