What's New in Axonius 2.14

Release Date: Dec-29-2019

Adapters

New Adapters

The following new adapters have been added in this release:

1. Arista Extensible Operating System (EOS) - The core of Arista cloud networking solutions for next-generation data centers and cloud networks.
2. Cisco UCS Manager - Supports the entire Cisco UCS server and Cisco HyperFlex Series hyperconverged infrastructure portfolios. It enables server, fabric, and storage provisioning as well as, device discovery, inventory, configuration, diagnostics, monitoring, fault detection, auditing, and statistics collection.
3. edgescan Fullstack Vulnerability Management - A cloud-based continuous vulnerability management and penetration testing solution that discovers, validates and rates vulnerabilities by running continuous asset profiling to detect rogue/exposed ports, hosts or even hidden API’s.
4. IBM Guardium Vulnerability Assessment - Scans data infrastructures (databases, data warehouses and big data environments) to detect vulnerabilities and exposures such as missing patches, weak passwords, unauthorized changes, and misconfigured privileges and suggests remedial actions.
5. NetBrain Integrated Edition - NetBrain Integrated Edition is an adaptive automation integrated with existing NMS tools and IT workflows to automate documentation, troubleshooting, network change, and defense.
6. Palo Alto Networks Cortex XDR - A detection and response app that natively integrates network, endpoint, and cloud data to detect threats and stop sophisticated attacks.

For more details, see the entire list of supported and integrated adapters.

Updated Adapters

The following Adapters have been enhanced:

• Aqua Security (Advanced Settings) - Added a new Aqua Status Exclude List field to the Aqua Security Configuration tab in the Advanced Settings for this adapter.

  • This new field lets you specify a comma-separated list of Aqua statuses.
  • If supplied, all connections for this adapter will not fetch devices whose Aqua status is any of the comma-separated list of Aqua statuses that have been defined in this field.
  • If not supplied, all connections for this adapter will fetch devices with any Aqua status.
  • This field is optional.
  • The default value for this field is empty.
    
    

• Aruba AirWave (Connection Configuration) - Multiple enhancements:

  • Added a new Wireless SSID Exclude List field to the Add Connection dialog for this adapter.
    • This new field lets you specify a comma-separated list of SSIDs.
    • If supplied, the adapter connection will not fetch devices whose SSID is any of the comma-separated list of SSIDs that have been defined in this field.
    • If not supplied, the adapter connection will fetch devices that are associated with any SSID.
    • This field is optional.
    • The default value for this field is empty.
  • Added a new Wireless SSID Whitelist field to the Add Connection dialog for this adapter.
    • This new field lets you specify a comma-separated list of SSIDs.
    • If supplied, the adapter connection will only fetch devices whose SSID is any of the comma-separated list of SSIDs that have been defined in this field.
    • If not supplied, the adapter connection will fetch devices that are associated with any SSID.
    • This field is optional.
    • The default value for this field is empty.
  • Added a new Exclude Device With No SSID checkbox to the Add Connection dialog for this adapter.
    • If enabled, Axonius will not fetch devices with no SSID.
    • If disabled, Axonius will fetch devices with no SSID.
    • The default value for this field is False.
      
      

• Carbon Black CB Defense (Configuration Settings) - Multiple enhancements:

  • The Carbon Black CB Defense adapter now supports the CB Defense REST API - appservices (v6) in addition to the CB Defense REST API - integrationServices (v3).
  NOTE

  It is recommended to use the CB Defense REST API - appservices (v6).
  • Modified the Carbon Black CB Defense Domain field in the Add Connection dialog for this adapter.
    • This field lets you specify your Carbon Black CB Defense domain.
    • It should be supplied in the following format:
      • To utilize the CB Defense REST API - appservices (v6): https://defense-[environment].conferdeploy.net/
      • To utilize the CB Defense REST API - intergrationServices (v3): https://api-[environment].conferdeploy.net/
  • Added a new Organization Key field to the Add Connection dialog for this adapter.
    • If supplied, Axonius will use the CB Defense REST API - appservices (v6) to fetch assets from Carbon Black CB Defense adapter connection.
    • If not supplied, Axonius will use CB Defense REST API - integrationServices (v3) to fetch assets from Carbon Black CB Defense adapter connection.
    • This field is optional.
    • The default value for this field is empty.
      
      

• Chef - The Chef adapter now fetches user assets as well as device assets.
  
  

• G Suite by Google - The G Suite by Google adapter has been enhanced to also fetch chrome OS device assets.
  
  

• Infoblox DDI (Advanced Settings) - Added a new CIDR exclude list field to the Infoblox Configuration tab in the Advanced Settings for this adapter.

  • This new field lets you specify a comma-separated list CIDR blocks (for example: 192.168.20.0/24,192.168.30.0/24)
  • If supplied, all connections for this adapter will not fetch devices with an IP address that is in the range of any of the comma-separated list of CIDR blocks that have been defined in this field.
  • If not supplied, all connections for this adapter will fetch devices with any or no IP address.
  • This field is optional.
  • The default value for this field is empty.
    
    

• Lansweeper (Advanced Settings) - Added a new Drop Devices With No MAC Address checkbox to the Lansweeper Configuration tab in the Advanced Settings for this adapter.

  • If enabled, all connections for this adapter will not fetch devices if they do not have a MAC address.
  • If disabled, all connections for this adapter will fetch devices even if they do not have a MAC address.
  • The default value for this field is False.
    
    

• Microsoft Active Directory (AD) (Connection Configuration) - Added a new Do Not Fetch Users checkbox to the Add Connection dialog for this adapter.

  • If enabled, the adapter connection will not fetch user assets.
  • If disabled, the adapter connection will fetch user assets.
  • The default value for this field is False.
    
    

• Microsoft Azure Active Directory (Azure AD) (Advanced Settings) - Added a new Fields to exclude field to the Microsoft Azure Active Directory (AD) Configuration tab in the Advanced Settings for this adapter.

  • This new field lets you specify a comma-separated list one or more LDAP fields to exclude from the data. For example, "employeeID, givenName". This will exclude both of these from the raw and parsed data from the adapter.
  • If supplied, all connections for this adapter will not fetch the specified LDAP fields. The specified fields will not be part of the assets data in Axonius.
  • If not supplied, all connections for this adapter will fetch all asset LDAP fields.
  • This field is optional.
  • The default value for this field is empty.
    
    

• NetBox (Advanced Settings) - Added a new NetBox Role Whitelist field to the NetBox Configuration tab in the Advanced Settings for this adapter.

  • This new field lets you specify a comma-separated list NetBox roles.
  • If supplied, all connections for this adapter will only fetch devices whose NetBox role is any of the comma-separated list of NetBox roles that have been defined in this field.
  • If not supplied, all connections for this adapter will fetch devices associated with any of the existing NetBox roles.
  • This field is optional.
  • The default value for this field is empty.
    
    

• Snipe-IT (Advanced Settings) - Multiple enhancements:

  • Added a new SnipeIT Category Whitelist field to the SnipeIT Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you specify a comma-separated list of Snipe-IT categories.
    • If supplied, all connections for this adapter will only fetch devices whose category is any of the comma-separated list of Snipe-IT categories that have been defined in this field.
    • If not supplied, all connections for this adapter will fetch devices with any Snipe-IT category.
    • This field is optional.
    • The default value for this field is empty.
  • Added a new Use Asset Tag As Hostname checkbox to the Snipe-IT Configuration tab in the Advanced Settings for this adapter.
    • If enabled, the Hostname field value for this adapter will be set with the Asset Tag value.
    • If disabled, the Hostname field value will not be set, as data from Snipe-IT doesn't include hostname.
    • The default value for this field is False.
      
      

• Ubiquiti Networks UniFi Controller (Advanced Settings) - Added a new UniFi SSID Whitelist field to the UniFi Configuration tab in the Advanced Settings for this adapter.

  • This new field lets you specify a comma-separated list of UniFi SSIDs.
  • If supplied, all connections for this adapter will only fetch devices whose SSID is any of the comma-separated list of UniFi SSID that have been defined in this field.
  • If not supplied, all connections for this adapter will fetch devices that are associated with any SSID.
  • This field is optional.
  • The default value for this field is empty.
    
    

Dashboard Updates

The following updates have been made to the Axonius Dashboard:

• Field Segmentation Charts - Added the option to filter by multiple fields .
  • The Filter by section now lets you to configure multiple predefined filters on all the results of the segmented field.
  • If the segmented field is a simple field, you will be able to filter only on the segmented field.
  • If the segmented field is a complex field, you will be able to filter on all simple fields consists the complex field.
  • All filters are text fields and behave as 'contains'. The filters are case-insensitive.
    

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

New Actions

The following new Actions have been added:

• Isolate in Carbon Black CB Defense - Added a new enforcement action called Isolate in Carbon Black CB Defense to the Execute Endpoint Security Agent Action category.
  • This new action will quarantine each of the query results entities (endpoints) from the network.
    
    
• Unisolate in Carbon Black CB Defense - Added a new enforcement action called Unisolate in Carbon Black CB Defense to the Execute Endpoint Security Agent Action category.
  • This new action will restore full network connectivity to each of the query results entities (endpoints).
    
    
• Automox Install Update - Added a new enforcement action called Automox Install Update to the Execute Endpoint Security Agent Action category.
  • This new action will install a specified package update (software or patch) on each of the query results entities (devices).
  NOTE

  Automox package name that is pending installation can be found on Automox.AutomoxPackages.Name field where Automox.AutomoxPackages.Installed field is False.

• Send to Webhook - Added a new enforcement action called Send to Webhook to the Notify category.
  • This new action takes the entities found in the saved query supplied as a trigger (or entities that have been selected in the asset table) and serializes them as JSON. This JSON data will be sent to a configured webhook. When used with a saved query as a trigger, only the fields configured in the saved query are added to the JSON.

• Create Jira Issue Per Entity - Added a new enforcement action called Create Jira Issue Per Entity to the Create Incident category.
  • This new action will create a separate Jira issue for each of the query results entities (devices or users)
  • The created Jira issue will include a JSON with the entity data, if configured.
    
    

Updated Actions

The following Actions have been enhanced:

• Create Jira Issue - Multiple enhancements:
  • Added a new Assignee field to the Add Action dialog for this action.
    • This new field lets you specify the default assignee for the created Jira issue.
    • If supplied, the specified assignee will be assigned to the created Jira issue.
    • If not supplied, the created Jira issue will be unassigned.
    • This field is optional.
    • The default value for this field is empty.
  • Added a new Labels field to the Add Action dialog for this action.
    • This new field lets you configure a comma-separated list of labels to be added to the created Jira issue.
    • If supplied, the specified labels will be part of the created Jira issue.
    • If not supplied, the created Jira issue will not include any labels.
    • This field is optional.
    • The default value for this field is empty.
  • Added a new Components field to the Add Action dialog for this action.
    • This new field lets you configure a comma-separated list of components to be added to the created Jira issue.
    • If supplied, the specified components will be part of the created Jira issue.
    • If not supplied, the created Jira issue will not include any components.
    • This field is optional.
    • The default value for this field is empty.
      
      

Device and User Tables Interface Updates

The following updates have been made to device and user tables related capabilities in Axonius:

• Simplified querying on Tags - When selecting the Tags field and the Equals operator, a list of all available tags will be shown for selection.
• New and improved tagging experience - Modified the Add Tag dialog
  • Added a new partial tag indicator when tagging multiple assets. It is presented when some but not all of the selected devices are tagged.
  • New, checked, partial and unchecked tags are now sorted and displayed in different sections. Displayed at the top are the newly created tags, then the checked tags are sorted and displayed, then the partial tags are sorted and displayed, and finally the unchecked tags are sorted and displayed at the bottom.
  • Added a 'New' indicator when adding new tags.
  • Modified and simplified the creation of new tags. No need to check them, they are automatically checked and marked when pressing the 'create new' option or by pressing 'Enter'.

Axonius Instances Interface Updates

The following updates have been made to Axonius instances:

• Instance Status - Added a new Status field to all listed Axonius nodes.
  • This new field reflects the status of each Axonius node.
  • The values for this field are Activated and Deactivated.
    
    
• Deactivate Node - Modified the Remove action in the Instances page.
  • The Remove action has been renamed to Deactivate to make it clear the action does not delete the selected Axonius Node.
  • The Deactivate action button is displayed only if you select one or more activated Axonius nodes.
  • If you execute this action:
    • All the adapter connections utilizing the selected Axonius node(s) are removed.
    • The status of all selected Axonius node(s) is updated as Deactivated.
      
      
• Reactivate Node - Added a new Reactivate action to the Instances page.
  • The Reactivate action button is displayed only if you select one or more deactivated Axonius nodes.
  • If you execute this action, the status of all selected Axonius node(s) is updated as Activated.
    
    

Administrator Settings Interface Updates

The following updates have been made to administrator settings in Axonius:

• Global Settings - Added a new CyberArk Settings section to enable CyberArk integration.
  • The integration between Axonius and CyberArk enables Axonius to securely pull privileged credentials from the CyberArk Vault using CyberArk’s Application Access Manager (AAM). The integration helps ensuring that privileged credentials are secured in the CyberArk Vault, rotated to meet company guidelines and meet complexity requirements.
  • For more inormation on the integration please see CyberArk Integration
    
    
• Global Settings - Added a new Correlate ServiceNow Adapter based on MAC Address Only setting to the Correlation Settings section.
  • If enabled, Axonius correlates assets from ServiceNow adapter connection based on MAC address only.
  • If disabled, Axonius correlates assets from ServiceNow adapter connection based on MAC address and at least one additional parameter, for example: name serial number or IP address.
  • The default value for this setting is False.
    
    
• GUI Settings tab - Added a new Session Idle Timeout (Minutes) setting to the System Settings section.
  • This new setting lets you configure user idle duration (in minutes) before the system automatically ends a user session and logs that user off the system.
  • This setting is ignored if a specific user has checked the Remember me option in the Axonius Login dialog.
  • The default value for this setting is 120 minutes.
    
    
• GUI Settings tab - Added a new Cache Time (Hours) setting to the LDAP Login Settings section.
  • This new setting lets you configure the login cache refresh rate and when changes will be reflected in Axonius.
  • Changes in the group hierarchy (groups added/remove/moved) will be reflected in Axonius only in the next login cache recalculation. Added/remove users from/to specific groups will be reflected in Axonius immediately and is independent on the next login cache recalculation.
  • Low number means that login may be slower more frequently, as the login cache will be calculated more frequently, but it will be more accurate.
  • High number means that login may be much faster, as the login cache will be calculated less frequently, but it will be less accurate.
  • The default value for this setting is 1 hour.
    
    
• GUI Settings tab - Added a new Mutual TLS Settings section. Mutual TLS is a common security practice that uses client TLS certificates to provide an additional layer of protection, allowing to cryptographically verify the client information.