What's New in Axonius 2.8

Watch the two-part video series, “What’s New in Axonius 2.8”, or read the product release notes below.

Adapters

New Adapters

The following new adapters have been added in this release:

1. Cisco Firepower Management Center- Provides management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection.
2. Druva Cloud Platform - A data protection as-a-service that provides data visibility and control across organizations’ entire data footprint.
3. Imperva Data Activity Monitoring (DAM) - Defines and enforces data security and compliance policies for both cloud and on-premise instances of relational databases, mainframes, big data platforms, data warehouses, and enterprise file stores.
4. Symantec Endpoint Protection Cloud - Provides unified threat protection and device management for PC, Mac, mobile devices, and servers. It can protect endpoints from ransomware, zero-day threats, and other sophisticated attacks.

For more details, see the entire list of supported and integrated adapters.

Updated Adapters

The following Adapters have been enhanced:

• Link to the adapter connection documentation - Added a documentation link in the Add Server dialog. The Help link in the Add Server Dialog box for an Adapter will take you directly to the online documentation for that Adapter.
  

• Cisco (Connection Configuration) - Added support in SNMPv3 protocol.

• Cloudflare DNS: API Key / API Token (connection configuration) - Changed the name of the API Key field in the Add Server dialog box to API Key / API Token. This adapter now supports supplying an API Token instead of an API Key. The API Key provides full permissions, while the API Token provides the ability to define specific permissions in the Cloudflare UI.

• CrowdStrike Falcon (connection configuration) - Changed the name of the API Key field in the Add Server dialog box to API Key / Secret. This adapter now supports using the new API Key from the "API Clients and Keys" feature in the Falcon admin panel instead of the older API Secret.

• ESET Endpoint Security: Is Domain User (connection configuration) - Select this option to use a domain user credentials instead of ESET Endpoint Security internal user credentials.

• Have I Been Pwned: API Key (connection configuration) - Added a new API Key field in the Add Server dialog box.
  This required field has been added due to changes in the Have I Been Pwned service that requires purchasing an API Key in order to query their database.

• Kaseya VSA - The Installed Software for devices is now populated from this Adapter.

• Microsoft Azure and Microsoft Azure Active Directory (Azure AD) - The firewall rules for devices are now populated from this Adapter.

• Microsoft Active Directory (AD):(connection configuration) - Multiple enhancements.

  • Added a new Alternative DNS Suffix field in the Add Server dialog box.
    • This optional field allows you to replace the DNS suffix of a hostname with an alternative option when Actions perform DNS lookups.
    • For example:
      • Given a device hostname of “windows8.acme.corp”, “windows8.corp”, or “windows8”.
      • Given an Alternative DNS Suffix of “other.domain.corp”.
      • DNS lookups will be done with “windows8.other.domain.corp”.
  • Added a new Organizational units whitelist field in the Add Server dialog box.
    • This optional field allows you to restrict the Organizational Units that are fetched to a specific list, instead of fetching all of them.

• Tenable.sc: Fetch Software per Device (advanced settings) - Added a new Fetch Software per Device checkbox to the Tenable.sc Configuration tab in Advanced Settings for the Adapter.

  • This checkbox will have all clients for this Adapter fetch all of the installed software for devices instead of just the number listed in the Fetch Top N Installed Software field.
  • If you enable this checkbox, you need to set the Fetch Top N Installed Software field to 0.

• Zscaler Web Security - Added support for the Zscaler One solution.

Dashboard Updates

The following updates have been made to the Axonius Dashboard:

• Creating Field Segmentation dashboard chart on multi-value fields - This allows you to create a segmentation chart to view the top installed software or any other multi-value field.

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

New Actions

The following new Actions have been added:

• Run Linux Shell Command - Added a new enforcement action called Run Linux Shell Command to the Run Command action category.
  • This allows you to populate a field with the output of running the command supplied in the Command field via SSH. This field can then be used in future queries.
  • The name of the field that gets populated is the value of the Command Name field.

• Create Zendesk Ticket - Added a new enforcement action has been added to the Create Incident action category.
  • Create a ticket in Zendesk for all relevant entities.
    

Updated Actions

The following Actions have been enhanced:

• Enrich User Date with Have I Been Pwned - Added a new API Key field in the Add Action dialog box.
  This required field has been added due to changes in the Have I Been Pwned service that requires purchasing an API Key in order to query their database.

Device and User Interface Updates

The following updates have been made to device and user-related capabilities in Axonius:

• Saved Query - This has been removed from the top right side of the screen.

  • Query Name: This has been added to the top left of the Devices and Users pages.

    • If you have loaded a saved query:
      • This will show the name of the Saved Query.
      • The name of the Saved Query will be followed by [edited] if you have changed the query from its original value.
      • Clicking on this field will allow you to rename the Saved Query.

  • Save/Save As/Discard Changes: This has been added to the right of Query Name.

    • Save:
      • This will allow you to save the changes to the original Saved Query.
      • This is only shown when you have loaded a Saved Query and made changes to it.
    • Discard Changes:
      • This will reload the original Saved Query.
      • This is only shown in the pulldown menu from Save when you have loaded a Saved Query and made changes to it.
    • Save As:
      • This will allow you to save a new query or a Saved Query as a new Saved Query.
      • This is shown in the pulldown menu from Save when you have loaded a Saved Query and made changes to it.
      • This will be greyed out if you have not loaded a Saved Query or you have not started building a query.
    • Reset: This has been added to the right of Save/Save As/Discard changes.
      • This will clear the current Saved Query if one is loaded, clear the query search bar, clear Display by Date, reset any user-selected columns, and change Query Name back to New Query [Unsaved].

• Viewing and Exporting Asset Unique ID - View and export to CSV the Asset Unique ID field, that represented a unique identification assigned by Axonius to any device/user record. The Asset Unique ID is used in the webpage URL to display the device or the user profile.

• Indicating Export CSV in progress - This button on the right-hand side has been updated to show a spinning icon to the left of the button while the file is being generated.

Query Wizard Updates

The following updates have been made to the Query Wizard:

• Comparing Software Versions - Use the Query Wizard to compare software version values using 'earlier than' and 'later than' functions.
  

Device Details Interface Updates

The following updates have been made to Device Details:

• General Data Tab - Enhanced the Vulnerable Software section.

  • This will now show Common Vulnerability Scoring System (CVSS) ratings for the Vulnerable software.
  • The table columns have been reordered in order to provide a clearer display.

• Device Data Fetch Enhancements - View and query newly added data from the following adapters:

  • Kaseya VSA - list of installed software.
  • Microsoft Azure - list of firewall rules.
    
    

Administrator Settings Interface Updates

• Manage Users Tab - You can now edit an existing user’s password, first name, or last name.

• Global Settings Tab - Added a new setting titled SSL Trust & CA Settings.
  • When you check the Use custom CA certificate box, you will be able to upload multiple CA certificates.
  • The CA certificates you upload here will be used for SSL verification for all Adapters and Actions that have a Verify SSL setting and the Verify SSL setting is enabled.