What's New in Axonius 3.0
  • 12 Feb 2024
  • 12 Minutes to read
  • Dark
    Light
  • PDF

What's New in Axonius 3.0

  • Dark
    Light
  • PDF

Article summary

Release Date: Feb-11-2020


Adapters

New Adapters

The following new adapters have been added in this release:

  1. Eclypsium - Protects the foundation of the computing infrastructure, controlling risks and stopping threats to enterprise firmware and hardware devices.
  2. Ivanti Service Manager - Is a cloud based ITSM solution that provides workflows automation, IT help desk and support ticket features, and ITIL service management processes.
  3. Invanti Unified Endpoint Manager (Landesk) - Helps IT administrators gather detailed device data, automate software and OS deployments, personalize workspace environments, and fix user issues.
  4. JSON - Is able to import .json files with information about devices, users, or installed software.
  5. Microsoft Defender ATP - Helps enterprise networks prevent, detect, investigate, and respond to advanced threats.
  6. Observium - An auto-discovering network monitoring platform supporting a wide range of device types, platforms and operating systems.

For more details, explore the entire list of supported and integrated adapters.

Updated Adapters

The following Adapters have been enhanced:

  • Amazon Web Services (AWS) - The Amazon Web Services (AWS) adapter has been enhanced to fetch:

    • Amazon Virtual Private Cloud (VPC) tags as part of devices assets data.
    • Information about the root user for each AWS account, including access token status, MFA status, and more.

  • Claroty - Multiple enhancements:

    • Added a new Tenant Tag field to the Add Connection dialog for this adapter.
      • This new field lets you automatically tag all devices discovered by the specific adapter connection.
      • The tag value can be used in future queries.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Virtual zone exclude list field to the Claroty Configuration tab in the Advanced Settings for this adapter.
      • This new field lets you specify a comma-separated list of Claroty virtual zones.
      • If supplied, all connections for this adapter will not fetch devices from virtual zones which are any of the comma-separated list of Claroty virtual zones that have been defined in this field.
      • If not supplied, all connections for this adapter will fetch devices regardless of their Claroty virtual zone.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Exclude devices with no MAC address checkbox to the Claroty Configuration tab in the Advanced Settings for this adapter.
      • If enabled, all connections for this adapter will not fetch devices if they do not have a MAC address.
      • If disabled, all connections for this adapter will fetch devices even if they do not have a MAC address.
      • The default value for this checkbox is False.

  • 'File-based' Adapters - All adapters that import files have been aligned with the CSV Serials adapter parameter list and functionality:

  • CSV Serials (Connection Configuration) - The CSV Serials adapter parameter list and functionality have been enhanced to support all adapters that import files:

    • The Is Users CSV File field has been renamed to File contains users information, to clarify this field is now applicable for multiple different adapters supporting different file types.
    • The Is Installed Software File field has been renamed to File contains installed software information, to clarify this field is now applicable for multiple different adapters supporting different file types.
    • Modified and consolidated the CSV URL Path field and the CSV Share Path field to a single Path to Resource (SMB/URL) field in the Add Connection dialog for all adapters.
      • This new field lets you specify a HTTP(S) URL or an SMB share path where a CSV file can be fetched for this connection.
      • If an SMB share path is supplied, the path must start with double-backslashes ("\\").
      • If a URL is supplied:
        • The endpoint must support the HTTP GET method.
        • All URLs must start with HTTP:// or with HTTPS://.
      • The default value for this field is empty.
    • Modified the CSV Share Username field in the Add Connection dialog for all adapters:
      • This field has been renamed to User name for online resource (Share/URL), to clarify this field is now applicable for multiple different adapters supporting different file types.
      • If supplied for an SMB path, the user name will be used for authentication for this connection.
      • If supplied for a URL, the user name will be used for BASIC authentication for this connection.
      • The default value for this field is empty.
    • Modified the CSV Share Password field in the Add Connection dialog for all adapters:
      • This field has been renamed to Password for online resource (Share/URL), to clarify this field is now applicable for multiple different adapters supporting different file types.
      • If supplied for an SMB path, the password will be used for authentication for this connection.
      • If supplied for a URL, the password will be used for BASIC authentication for this connection.
      • The default value for this field is empty.
    • Added a new Encoding field to the Add Connection dialog for all adapters.
      • This new field lets you specify the file encoding type.
      • If supplied Axonius will try to encode the CSV file based on the specified the file encoding type (for example, utf-8) for this connection.
      • If not supplied, Axonius will try to encode the CSV file based on common file encoding types for this connection.
      • The default value for this field is empty.
    • Added a new Verify SSL field to the Add Connection dialog for all adapters.
      • If HTTP(S) URL is supplied, verify the SSL certificate offered by the host supplied in the Path to Resource (SMB/URL) field. For more details, see SSL Trust & CA Settings.
      • If enabled, the SSL certificate offered by the host will be verified against the CA database inside of Axonius. If it fails validation, the connection will fail with an error.
      • If disabled, the SSL certificate offered by the host will not be verified against the CA database inside of Axonius.
      • The default value for this field is False.
    • Added a new HTTP proxy field to the Add Connection dialog for all adapters.
      • This new field lets you specify a HTTP proxy to use when connecting to a HTTP(S) URL specified in Path to Resource (SMB/URL)
      • If supplied, Axonius will utilize the HTTP proxy when connecting to the host defined for this connection.
      • If not supplied, Axonius will connect directly to the host defined for this connection.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new HTTPs proxy field to the Add Connection dialog for all adapters.
      • This new field lets you specify a HTTPs proxy to use when connecting to a HTTP(S) URL specified in Path to Resource (SMB/URL)
      • If supplied, Axonius will utilize the HTTPs proxy when connecting to the host defined for this connection.
      • If not supplied, Axonius will connect directly to the host defined for this connection.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Additional HTTP headers field to the Add Connection dialog for all adapters.
      • If supplied Axonius will pass additional information with the HTTP request (for example, {"Accept": "text/csv"}) for this connection.
      • If not supplied, Axonius will not pass additional information with the HTTP request for this connection.
      • The default value for this field is empty.

  • Endgame (Advanced Settings) - Added a new Endgame status exclude list field to the Endgame Configuration tab in the Advanced Settings for this adapter.

    • This new field lets you specify a comma-separated list of Endgame statuses.
    • If supplied, all connections for this adapter will not fetch devices whose Endgame status is any of the comma-separated list of Endgame statuses that have been defined in this field.
    • If not supplied, all connections for this adapter will fetch devices with any Endgame status.
    • This field is optional.
    • The default value for this field is empty.

  • Google Cloud Platform (GCP) (Advanced Configuration) - Multiple enhancements:

    • Added a new Fetch all Google Cloud Storage buckets checkbox to the Google Cloud Storage Configuration tab in the Advanced Settings for this adapter.
      • If enabled, all connections for this adapter will fetch the Google Cloud Storage buckets.
      • If disabled, all connections for this adapter will not fetch the Google Cloud Storage buckets.
      • The default value for this checkbox is False.
    • Added a new Fetch Object metadata in Google Cloud Storage buckets checkbox to the Google Cloud Storage Configuration tab in the Advanced Settings for this adapter.
      • If enabled, all connections for this adapter will fetch Object metadata in Google Cloud Storage buckets.
      • If disabled, all connections for this adapter will not fetch Object metadata in Google Cloud Storage buckets.
      • This settings, even if checked, is only applicable when Fetch all Google Cloud Storage buckets is enabled, otherwise this setting is ignored.
      • The default value for this checkbox is False.

  • Splunk (Advanced Settings) - Multiple enhancements:

    • Added a new Splunk search macros list field to the Splunk Configuration tab in the Advanced Settings for this adapter.
      • This new field lets you specify a comma-separated list of Splunk search macro names. For details on Splunk search macros, see Splunk Knowledge Manager Manual - Define search macros in Settings.
      • Axonius will run the Splunk search macros names and will consider the results as if those were received from a CSV file. This means the search macros must include at least one column of required data as specified in the CSV Serials adapter - Which fields will be imported with a devices file?.
      • If supplied, all connections for this adapter will run the specified search macros and will fetch devices from the results.
      • If not supplied, all connections for this adapter will not include any search macros results in the fetched data.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Fetch devices from Cisco checkbox to the Splunk Configuration tab in the Advanced Settings for this adapter.
      • If enabled, all connections for this adapter will fetch the devices data from Cisco data in Splunk.
      • If disabled, all connections for this adapter will not fetch the devices data from Cisco data in Splunk.
      • The default value for this checkbox is True.

  • SQL Server (Connection Settings) - Modified the Database Type field in the Add Connection dialog for this adapter.

    • This field now lets you choose Oracle DB as the SQL server database type.

  • Tanium (Connection Settings) - Multiple enhancements:

    • Added a new Fetch devices from Tanium System Status checkbox to the Add Connection dialog for this adapter.
      • If enabled, Axonius will fetch all assets from the Administration > System Status page.
      • If disabled, Axonius will fetch not fetch assets from the Administration > System Status page.
      • The default value for this field is False.
    • Modified the Saved Question Name field in the Add Connection dialog for this adapter.
      • Renamed the field to Saved Question Names (comma separated)
      • This field now takes a comma separated list of Tanium Saved Questions to fetch assets from.
    • Modified the logic of the Add Connection dialog for this adapter.
      • An error will be returned if at least one of the following parameters are not supplied:
        • Fetch devices from Tanium System Status
        • Fetch devices from Tanium Discover Module
        • Saved Question Names (comma separated)
        • Tanium Asset Module Report Name

  • Tenable.io (Advanced Settings) - Added a new Do not fetch devices with no 'Last Scan' checkbox to the Tenable.io Configuration tab in the Advanced Settings for this adapter.

    • If enabled, all connections for this adapter will not fetch devices if they do not have a last scan indication.
    • If disabled, all connections for this adapter will fetch devices even if they do not have a last scan indication.
    • The default value for this checkbox is False.

  • VMware ESXi (Advanced Settings) - Added a new Fetch only turned on machines checkbox to the VMware ESXi Configuration tab in the Advanced Settings for this adapter.

    • If enabled, all connections for this adapter will only fetch ESXi devices in which their power state is turned on.
    • If disabled, all connections for this adapter will fetch all ESXi devices, regardless of their power state.
    • The default value for this checkbox is False.

Dashboard Updates

The following updates have been made to the Axonius Dashboard:

  • Field Segmentation Charts - Added the option to search for specific segments within the Field Segmentation chart displayed results.
    • Hover over the chart panel to display the search box.
    • The search behaves as 'contains' and it is case-insensitive.

image.png

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

New Actions

The following Actions have been added:

  • Add IPs to Qualys Cloud Platform - Added a new enforcement action called Add IPs to Qualys Cloud Platform to the Add Device to VA Scan category.

    • This new action adds IP addresses as host assets to an existing asset group or creates a new one.

    image.png


Device and User Tables Interface Updates

The following updates have been made to the device and user tables related capabilities in Axonius:

  • Query Wizard - Added the ability to drag and drop expressions.
    image.png


Administrator Settings Interface Updates

The following updates have been made to administrator settings in Axonius:

  • Lifecycle Settings - Modified the Schedule Rate (hours) setting in the Discovery Settings section.

    • This setting has been renamed to Discovery schedule, to clarify it also allows to schedule the daily discovery time.
    • This setting lets you select from two values:
      • Interval (Default) - When this option is selected, Discovery cycles will run in intervals according to the value defined in the Hours between discovery cycles field.
      • Daily - When this option is selected, Discovery cycles will run daily at the time specified in Daily discovery time field.

    image.png


  • Global Settings - Multiple enhancements:
    • Modified the Adapters errors email address setting in the Notifications Settings section to also send emails when a node hasn't communicated for over 3 hours.
    • Added a new Correlate users by AD display name setting in the Correlation Settings section.
      • If enabled, Axonius correlates users also by Microsoft Active Directory (AD) display name.
      • If disabled, Axonius users correlation logic ignores Microsoft Active Directory (AD) display name.
      • The default value for this setting is True.
    • Added a new Correlate users by user name and domain only setting in the Correlation Settings section.
      • If enabled, Axonius correlates users by user name and domain only.
      • If disabled, Axonius use its default correlation logic to correlate users.
      • The default value for this setting is False.


Was this article helpful?