What's New in Axonius 2.15

Release Date: Jan-16-2020

Adapters

New Adapters

The following new adapters have been added in this release:

1. CSCDomainManager - A web-based portfolio management platform consolidating domains alongside social media usernames, SSL digital certificates, and DNS.
2. DigiCert CertCentral - CertCentral consolidates tasks for issuing, installing, inspecting, remediating, and renewing certificates.
3. GitHub - Provides hosting for software development version control using Git, including distributed version control and source code management (SCM) functionality.
4. Men&Mice DNS Management - A Network Management software providing secure, centralized, and highly resilient control of DNS across diverse platforms.
5. Netskope - Provides visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device.
6. RiskIQ Digital Footprint - Provides an active, comprehensive inventory of all of the organization’s IPs, domains, and hosts.
   
   

For more details, explore the entire list of supported and integrated adapters.

Updated Adapters

The following Adapters have been enhanced:

• All Adapter Connections - Added a new Label Connection field to the Add Connection dialog for all adapters.
  • This label can help distinguish between multiple connections for the same adapter.
  • This label will be concatenated to the relevant Adapter Name in the Device/User Profile page and will also be visible when hovering over the Adapters column in the Devices/Users pages.
  • This field is optional.
  • The default value for this field is empty.
    
    
• Alibaba Cloud - Added a new HTTPS Proxy field to the Add Connection dialog for this adapter.
  • If supplied, Axonius will utilize the proxy when connecting to the host defined for this connection.
  • If not supplied, Axonius will connect directly to the host defined for this connection.
  • This field is optional.
  • The default value for this field is empty.
    
    
• Amazon Web Services (AWS) (Advanced Settings) - Added a new Do not fetch EC2 machines that are turned off checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
  • If enabled, all connections for this adapter will only fetch EC2 devices in which their power state is turned on.
  • If disabled, all connections for this adapter will fetch all EC2 devices, regardless of their power state.
  • The default value for this checkbox is False.
    
    

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

Updated Actions

The following Actions have been enhanced:

• Send to Webhook - Multiple enhancements:
  • Added a new Custom format for body (use {$BODY} as keyword) field to the Add Action dialog for this action.
    • This new field lets you customize the webhook body. Specify "{$BODY}" to include the entities found in the saved query supplied as a trigger (or entities that have been selected in the asset table) data.
    • This field is mandatory.
    • The default value for this field is {"entities": {$BODY}}.
  • Added a new Connection timeout (seconds) field to the Add Action dialog for this action.
    • This new field lets you define the number of seconds before the connection attempt to the webhook is considered to be timed out. As a result, the enforcement action execution will fail.
    • This field is mandatory.
    • The default value for this field is 10 seconds.
  • Added a new Writing data to webhook timeout (seconds) field to the Add Action dialog for this action.
    • This new field lets you define the maximum number of seconds that is attempted to complete sending the data to the webhook before it is considered to be timed out. As a result, the enforcement action execution will fail.
    • This field is mandatory.
    • The default value for this field is 1200 seconds (20 minutes).
      
      
• Send CSV to Amazon S3 - Multiple enhancements:
  • Added a new Amazon S3 object location (key) field to the Add Action dialog for this action.
    • This new field lets you specify the S3 object key to store a CSV file that contains the entities derived from the saved query supplied as a trigger (or entities that have been selected in the asset table).
    • If supplied, the CSV file path and name will be stored in the specified object key. For example, if reports/axonius is specified, the file path and name will be reports/axonius.csv.
    • If not supplied, the CSV file will be stored as axonius_csv.csv
    • This field is optional.
    • The default value for this field is axonius_csv.
  • Added a new Append date and time to file name checkbox to the Add Action dialog for this action.
    • If enabled, the date and time (in UTC) of when the enforcement action was executed will be added as a suffix to the generated CSV file name. For example, axonius_csv_2020-01-06-16:48:13.csv.
    • If disabled, the CSV file will be stored based on the specified/default object key.
    • The default value for this checkbox is True.
  • Added a new Override file if exists checkbox to the Add Action dialog for this action.
    • This new checkbox lets you choose to store the generated CSV file even if a CSV file with the same name already exists. It will override the existing file.
    • If enabled, the generated CSV file will be stored even if a CSV file with the exact name already exists. It will override the existing file.
    • If disabled, the generated CSV file will be not be stored if a CSV file with the exact name already exists. As a result, the Enforcement action will fail.
    • The default value for this checkbox is True.
      
      

Device and User Tables Interface Updates

The following updates have been made to the device and user tables related capabilities in Axonius:

• Devices and Users Saved Queries pages – Multiple enhancements:

  • Added a new Saved Query drawer. This drawer lets you perform these actions:

    • View and edit the following saved query details:
      • Name
      • Description (limited to 300 characters)
      • Associated tags
    • View the following saved query details:
      • Query Wizard expressions
      • Last updated
      • Updated by
    • Run a query. The Run Query button executes the query and displays its result in the Devices / Users page.
    • Create a new enforcement set using the saved query as a trigger.
    • Remove the saved query

    

  • Modified the Saved Queries page:

    • Added a new Description column.
      • This new column displays the saved query description, if exists.
      • Hover over a value in this column to display the full description.
    • Added a new Tags column.
      • This new column displays the saved query associated tags, if exists.
    • Modified the search capability to search in all saved queries names and descriptions.
    • Added a new Tags filter.
      • This new filter lets you select one or more tags from a list of all the tags associated with the saved queries.
      • The filter will display only the saved queries tagged with at least one of the selected tags.
    • Added a new Reset button. This button sets the screen back to its default view.

  • Added a list of predefined saved queries with examples for useful use cases.

    • Predefined saved queries are identified by the “Predefined” value in the Updated By field.
    • Predefined saved queries can be removed but cannot be edited.

• Devices and Users pages – Added a Description field to the Save/Rename Query dialog.

  • This field lets you specify a description for the saved query.
  • The maximum length for this field is 300 characters.
  • This field is optional.

  

• Query Wizard – Multiple enhancements:

  • Modified the OBJ button. This button has been replaced with a Source drop-down.
    • This drop-down contains the following options:
      • Aggregated Data (displayed as ALL)
        • This option lets you query on all assets common fields fetched from any of the adapter connections.
        • This option is selected by default.
      • Complex Field (displayed as OBJ)
        • This option lets you query assets with a specific complex field that meets the specified criteria.
        • Example: query on all devices that have an installed software that meets the following criteria:
          • Installed Software:Software Name contains 'chrome'.
          • Installed Software:Software Version* contains '79'.
      • Asset Entity (displayed as ENT)
        • This option lets you query on a specific asset entity, meaning, a device or a user entity fetched from a specific adapter connection.
        • This option is useful if assets in your Axonius environment have been correlated by several different asset entities from the same adapter connection. For example: Amazon Web Services (AWS), Microsoft Azure Active Directory (Azure AD), SolarWinds Network Performance Monitor and Tanium.
          • Example 1: query on all devices that were fetched from Microsoft Azure Active Directory (Azure AD) (but not from Microsoft Intune, which is also part of this adapter) and are managed by Azure AD.
          • Example 2: query on all users that were fetched from Amazon Web Services (AWS) with a specific Account Tag and do not have MFA.

  

• Adapter Connection Label - Added a new Connection Label field which can be defined on each adapter connection and has been added to the Adapters field tooltip.

  • The adapter connection label is added as a suffix to the displayed adapter name.
  • This enables users to easily distinguish between adapter connections from the same adapter.
  • This field is optional.
  • The default value for this field is empty.

  
  
  

• Aggregated data fields - The General adapter name has been renamed to Aggregated to clarify this option when selected:

  • You can select from any of the asset common fields (fields that are not limited to a specific adapter and that can be fetched by any adapter).
  • Axonius will query all assets common fields fetched from any of the adapter connections.

  

• Filter out from query results - Added a new option to the Actions dropdown to allow you to filter out devices/users from an existing query.

  • You can select multiple assets to filter out from the current query.
  • When filtering out query results, a new "Filtered out from query result" line will be added to the Query Wizard . You can easily "Clear" to remove the filtered out devices.

  

Device and User Details Interface Updates

The following updates have been made to the Device and User Details:

• Adapter Connection Label - Added a new Connection Label field which can be defined on each adapter connection has been added to the adapter names in the tabs as part of the Adapters Data in the Device/User profile page.
  • The adapter connection label is added as a suffix to the displayed adapter name.
  • This enables users to easily distinguish between adapter connections from the same adapter.
    

• Adapter Connections Tab - The Adapters Data tab has been renamed to Adapter Connections to make it clear that the tab displays the asset data per each adapter connection which Axonius has fetched data about that asset.
  
  
• Aggregated Tab - The General Data tab has been renamed to Aggregated to make it clear that the tab displays aggregated asset data from all the adapter connections Axonius had used to fetch data about that asset.

Axonius Instances Interface Updates

The following updates have been made to Axonius instances:

• Added a new Hostname field to the Rename Instance dialog.
  • This new field lets you rename the selected Axonius instance Hostname.
    
    

Administrator Settings Interface Updates

The following updates have been made to administrator settings in Axonius:

• Global Settings - Added a new Adapters Errors Webhook Address setting to the Notifications Settings section.
  • This new field lets you specify a webhook URL.
  • If supplied, Axonius will send a message to the configured webhook when there is a connection issue with any of the adapter connections.
  • If not supplied, Axonius will not send a message to any webhook when there is a connection issue with any of the adapter connections.
  • This field is optional.
  • The default value for this field is empty.
    
    
• GUI Settings - Added a new Use Exact Match for Assets Search setting to the System Settings section.
  • If enabled, searching for assets will be faster. When you use the search bar to find assets in the Devices/Users page, Axonius runs the following search logic on the specified value:
    • 'Case sensitive exact match' search in any of the selected columns.
    • 'Case insensitive exact match' search in the following columns:
      • Devices page: Hostname, Last Used Users.
      • Users page: User Name, Email.
  • If disabled, when you use the search bar to find assets in the Devices/Users page, Axonius runs 'contains' search to find the specified value in any of the selected columns.
  • The default value for this setting is False.