- 12 Feb 2024
- 12 Minutes to read
- Print
- DarkLight
- PDF
What's New in Axonius 3.0
- Updated on 12 Feb 2024
- 12 Minutes to read
- Print
- DarkLight
- PDF
Release Date: Feb-11-2020
Adapters
New Adapters
The following new adapters have been added in this release:
- Eclypsium - Protects the foundation of the computing infrastructure, controlling risks and stopping threats to enterprise firmware and hardware devices.
- Ivanti Service Manager - Is a cloud based ITSM solution that provides workflows automation, IT help desk and support ticket features, and ITIL service management processes.
- Invanti Unified Endpoint Manager (Landesk) - Helps IT administrators gather detailed device data, automate software and OS deployments, personalize workspace environments, and fix user issues.
- JSON - Is able to import .json files with information about devices, users, or installed software.
- Microsoft Defender ATP - Helps enterprise networks prevent, detect, investigate, and respond to advanced threats.
- Observium - An auto-discovering network monitoring platform supporting a wide range of device types, platforms and operating systems.
For more details, explore the entire list of supported and integrated adapters.
Updated Adapters
The following Adapters have been enhanced:
Amazon Web Services (AWS) - The Amazon Web Services (AWS) adapter has been enhanced to fetch:
- Amazon Virtual Private Cloud (VPC) tags as part of devices assets data.
- Information about the root user for each AWS account, including access token status, MFA status, and more.
Claroty - Multiple enhancements:
- Added a new Tenant Tag field to the Add Connection dialog for this adapter.
- This new field lets you automatically tag all devices discovered by the specific adapter connection.
- The tag value can be used in future queries.
- This field is optional.
- The default value for this field is empty.
- Added a new Virtual zone exclude list field to the Claroty Configuration tab in the Advanced Settings for this adapter.
- This new field lets you specify a comma-separated list of Claroty virtual zones.
- If supplied, all connections for this adapter will not fetch devices from virtual zones which are any of the comma-separated list of Claroty virtual zones that have been defined in this field.
- If not supplied, all connections for this adapter will fetch devices regardless of their Claroty virtual zone.
- This field is optional.
- The default value for this field is empty.
- Added a new Exclude devices with no MAC address checkbox to the Claroty Configuration tab in the Advanced Settings for this adapter.
- If enabled, all connections for this adapter will not fetch devices if they do not have a MAC address.
- If disabled, all connections for this adapter will fetch devices even if they do not have a MAC address.
- The default value for this checkbox is False.
- Added a new Tenant Tag field to the Add Connection dialog for this adapter.
'File-based' Adapters - All adapters that import files have been aligned with the CSV Serials adapter parameter list and functionality:
- CSV Serials - imports .csv files.
- Forcepoint Web Security Endpoint - imports .csv files.
- JSON - imports .json files.
- Masscan - imports .json files.
- Nmap Security Scanner - imports .xml files.
- Tenable Nessus CSV File - imports .csv files.
CSV Serials (Connection Configuration) - The CSV Serials adapter parameter list and functionality have been enhanced to support all adapters that import files:
- The Is Users CSV File field has been renamed to File contains users information, to clarify this field is now applicable for multiple different adapters supporting different file types.
- The Is Installed Software File field has been renamed to File contains installed software information, to clarify this field is now applicable for multiple different adapters supporting different file types.
- Modified and consolidated the CSV URL Path field and the CSV Share Path field to a single Path to Resource (SMB/URL) field in the Add Connection dialog for all adapters.
- This new field lets you specify a HTTP(S) URL or an SMB share path where a CSV file can be fetched for this connection.
- If an SMB share path is supplied, the path must start with double-backslashes ("\\").
- If a URL is supplied:
- The endpoint must support the HTTP GET method.
- All URLs must start with HTTP:// or with HTTPS://.
- The default value for this field is empty.
- Modified the CSV Share Username field in the Add Connection dialog for all adapters:
- This field has been renamed to User name for online resource (Share/URL), to clarify this field is now applicable for multiple different adapters supporting different file types.
- If supplied for an SMB path, the user name will be used for authentication for this connection.
- If supplied for a URL, the user name will be used for BASIC authentication for this connection.
- The default value for this field is empty.
- Modified the CSV Share Password field in the Add Connection dialog for all adapters:
- This field has been renamed to Password for online resource (Share/URL), to clarify this field is now applicable for multiple different adapters supporting different file types.
- If supplied for an SMB path, the password will be used for authentication for this connection.
- If supplied for a URL, the password will be used for BASIC authentication for this connection.
- The default value for this field is empty.
- Added a new Encoding field to the Add Connection dialog for all adapters.
- This new field lets you specify the file encoding type.
- If supplied Axonius will try to encode the CSV file based on the specified the file encoding type (for example, utf-8) for this connection.
- If not supplied, Axonius will try to encode the CSV file based on common file encoding types for this connection.
- The default value for this field is empty.
- Added a new Verify SSL field to the Add Connection dialog for all adapters.
- If HTTP(S) URL is supplied, verify the SSL certificate offered by the host supplied in the Path to Resource (SMB/URL) field. For more details, see SSL Trust & CA Settings.
- If enabled, the SSL certificate offered by the host will be verified against the CA database inside of Axonius. If it fails validation, the connection will fail with an error.
- If disabled, the SSL certificate offered by the host will not be verified against the CA database inside of Axonius.
- The default value for this field is False.
- Added a new HTTP proxy field to the Add Connection dialog for all adapters.
- This new field lets you specify a HTTP proxy to use when connecting to a HTTP(S) URL specified in Path to Resource (SMB/URL)
- If supplied, Axonius will utilize the HTTP proxy when connecting to the host defined for this connection.
- If not supplied, Axonius will connect directly to the host defined for this connection.
- This field is optional.
- The default value for this field is empty.
- Added a new HTTPs proxy field to the Add Connection dialog for all adapters.
- This new field lets you specify a HTTPs proxy to use when connecting to a HTTP(S) URL specified in Path to Resource (SMB/URL)
- If supplied, Axonius will utilize the HTTPs proxy when connecting to the host defined for this connection.
- If not supplied, Axonius will connect directly to the host defined for this connection.
- This field is optional.
- The default value for this field is empty.
- Added a new Additional HTTP headers field to the Add Connection dialog for all adapters.
- If supplied Axonius will pass additional information with the HTTP request (for example, {"Accept": "text/csv"}) for this connection.
- If not supplied, Axonius will not pass additional information with the HTTP request for this connection.
- The default value for this field is empty.
Endgame (Advanced Settings) - Added a new Endgame status exclude list field to the Endgame Configuration tab in the Advanced Settings for this adapter.
- This new field lets you specify a comma-separated list of Endgame statuses.
- If supplied, all connections for this adapter will not fetch devices whose Endgame status is any of the comma-separated list of Endgame statuses that have been defined in this field.
- If not supplied, all connections for this adapter will fetch devices with any Endgame status.
- This field is optional.
- The default value for this field is empty.
Google Cloud Platform (GCP) (Advanced Configuration) - Multiple enhancements:
- Added a new Fetch all Google Cloud Storage buckets checkbox to the Google Cloud Storage Configuration tab in the Advanced Settings for this adapter.
- If enabled, all connections for this adapter will fetch the Google Cloud Storage buckets.
- If disabled, all connections for this adapter will not fetch the Google Cloud Storage buckets.
- The default value for this checkbox is False.
- Added a new Fetch Object metadata in Google Cloud Storage buckets checkbox to the Google Cloud Storage Configuration tab in the Advanced Settings for this adapter.
- If enabled, all connections for this adapter will fetch Object metadata in Google Cloud Storage buckets.
- If disabled, all connections for this adapter will not fetch Object metadata in Google Cloud Storage buckets.
- This settings, even if checked, is only applicable when Fetch all Google Cloud Storage buckets is enabled, otherwise this setting is ignored.
- The default value for this checkbox is False.
- Added a new Fetch all Google Cloud Storage buckets checkbox to the Google Cloud Storage Configuration tab in the Advanced Settings for this adapter.
Splunk (Advanced Settings) - Multiple enhancements:
- Added a new Splunk search macros list field to the Splunk Configuration tab in the Advanced Settings for this adapter.
- This new field lets you specify a comma-separated list of Splunk search macro names. For details on Splunk search macros, see Splunk Knowledge Manager Manual - Define search macros in Settings.
- Axonius will run the Splunk search macros names and will consider the results as if those were received from a CSV file. This means the search macros must include at least one column of required data as specified in the CSV Serials adapter - Which fields will be imported with a devices file?.
- If supplied, all connections for this adapter will run the specified search macros and will fetch devices from the results.
- If not supplied, all connections for this adapter will not include any search macros results in the fetched data.
- This field is optional.
- The default value for this field is empty.
- Added a new Fetch devices from Cisco checkbox to the Splunk Configuration tab in the Advanced Settings for this adapter.
- If enabled, all connections for this adapter will fetch the devices data from Cisco data in Splunk.
- If disabled, all connections for this adapter will not fetch the devices data from Cisco data in Splunk.
- The default value for this checkbox is True.
- Added a new Splunk search macros list field to the Splunk Configuration tab in the Advanced Settings for this adapter.
SQL Server (Connection Settings) - Modified the Database Type field in the Add Connection dialog for this adapter.
- This field now lets you choose Oracle DB as the SQL server database type.
- This field now lets you choose Oracle DB as the SQL server database type.
Tanium (Connection Settings) - Multiple enhancements:
- Added a new Fetch devices from Tanium System Status checkbox to the Add Connection dialog for this adapter.
- If enabled, Axonius will fetch all assets from the Administration > System Status page.
- If disabled, Axonius will fetch not fetch assets from the Administration > System Status page.
- The default value for this field is False.
- Modified the Saved Question Name field in the Add Connection dialog for this adapter.
- Renamed the field to Saved Question Names (comma separated)
- This field now takes a comma separated list of Tanium Saved Questions to fetch assets from.
- Modified the logic of the Add Connection dialog for this adapter.
- An error will be returned if at least one of the following parameters are not supplied:
- Fetch devices from Tanium System Status
- Fetch devices from Tanium Discover Module
- Saved Question Names (comma separated)
- Tanium Asset Module Report Name
- An error will be returned if at least one of the following parameters are not supplied:
- Added a new Fetch devices from Tanium System Status checkbox to the Add Connection dialog for this adapter.
Tenable.io (Advanced Settings) - Added a new Do not fetch devices with no 'Last Scan' checkbox to the Tenable.io Configuration tab in the Advanced Settings for this adapter.
- If enabled, all connections for this adapter will not fetch devices if they do not have a last scan indication.
- If disabled, all connections for this adapter will fetch devices even if they do not have a last scan indication.
- The default value for this checkbox is False.
VMware ESXi (Advanced Settings) - Added a new Fetch only turned on machines checkbox to the VMware ESXi Configuration tab in the Advanced Settings for this adapter.
- If enabled, all connections for this adapter will only fetch ESXi devices in which their power state is turned on.
- If disabled, all connections for this adapter will fetch all ESXi devices, regardless of their power state.
- The default value for this checkbox is False.
Dashboard Updates
The following updates have been made to the Axonius Dashboard:
- Field Segmentation Charts - Added the option to search for specific segments within the Field Segmentation chart displayed results.
- Hover over the chart panel to display the search box.
- The search behaves as 'contains' and it is case-insensitive.
Enforcement Center Updates
The following updates have been made to the Axonius Security Policy Enforcement Center:
New Actions
The following Actions have been added:
Add IPs to Qualys Cloud Platform - Added a new enforcement action called Add IPs to Qualys Cloud Platform to the Add Device to VA Scan category.
- This new action adds IP addresses as host assets to an existing asset group or creates a new one.
Device and User Tables Interface Updates
The following updates have been made to the device and user tables related capabilities in Axonius:
- Query Wizard - Added the ability to drag and drop expressions.
Administrator Settings Interface Updates
The following updates have been made to administrator settings in Axonius:
Lifecycle Settings - Modified the Schedule Rate (hours) setting in the Discovery Settings section.
- This setting has been renamed to Discovery schedule, to clarify it also allows to schedule the daily discovery time.
- This setting lets you select from two values:
- Interval (Default) - When this option is selected, Discovery cycles will run in intervals according to the value defined in the Hours between discovery cycles field.
- Daily - When this option is selected, Discovery cycles will run daily at the time specified in Daily discovery time field.
- Global Settings - Multiple enhancements:
- Modified the Adapters errors email address setting in the Notifications Settings section to also send emails when a node hasn't communicated for over 3 hours.
- Added a new Correlate users by AD display name setting in the Correlation Settings section.
- If enabled, Axonius correlates users also by Microsoft Active Directory (AD) display name.
- If disabled, Axonius users correlation logic ignores Microsoft Active Directory (AD) display name.
- The default value for this setting is True.
- Added a new Correlate users by user name and domain only setting in the Correlation Settings section.
- If enabled, Axonius correlates users by user name and domain only.
- If disabled, Axonius use its default correlation logic to correlate users.
- The default value for this setting is False.