What's New in Axonius 3.1

Release Date: Mar-08-2020

Adapters

New Adapters

The following new adapters have been added in this release:

1. Cloud Health - Cloud Health is a cloud management platform to analyze and manage cloud cost, usage, security, and governance.
2. Contrast Security - Contrast Security protects software applications against cyberattacks.
3. DigiCert PKI Platform (Symantec Managed PKI) - DigiCert PKI Platform (formerly Symantec Managed PKI) provides a cloud-based enterprise solution for issuing and managing digital certificates used to enable strong authentication and encryption.
4. Micro Focus Server Automation (HP Server Automation, Opsware) - Micro Focus Server Automation (formerly known as HP Server Automation or Opsware) provides operating system provisioning, automated patch management, and compliance control.
5. OpenVAS - OpenVAS is a software framework including several services and tools for vulnerability scanning and vulnerability management.
6. Spiceworks - Spiceworks is a Network Monitoring software to capture, analyze, and monitor network traffic.
7. SQLite - SQLite imports device information from a SQLite database.
8. Torii - Torii is a SaaS Management Platform letting IT professionals discover, optimize, and control SaaS usage and costs.
9. Windows Server Update Services (WSUS) - WSUS, previously Software Update Services (SUS), enables administrators to manage the distribution of updates and hotfixes released for Microsoft products.

For more details, explore the entire list of supported and integrated adapters.

Updated Adapters

The following Adapters have been enhanced:

• CSV Serials (Connection Configuration) - Added a new Suppress NetBIOS name lookup checkbox to the Add Connection dialog for all 'file-based' adapters.

  • This new checkbox is applicable only for files fetched from SMB share.
    • If enabled and if the file is fetched from SMB share, Axonius will not verify the server's name via NetBios for this connection.
    • If disabled and if the file is fetched from SMB share, Axonius will verify the server's name via NetBios for this connection.
    • The default value for this checkbox is False
  • This field has been added for all 'File-based' Adapters:
    • CSV Serials - imports .csv files.
    • Forcepoint Web Security Endpoint - imports .csv files.
    • JSON - imports .json files.
    • Masscan - imports .json files.
    • Nmap Security Scanner - imports .xml files.
    • Tenable Nessus CSV File - imports .csv files.
      
      

• ServiceNow - Multiple enhancements:

  • Added a new Users Email Whitelist field to the ServiceNow Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you specify a comma-separated list of user emails.
    • If supplied, all connections for this adapter will only fetch users whose emails matches any of the comma-separated list of user emails that have been defined in this field. (Note that the emails defined don't have to be full email addresses since Contains is used).
    • If not supplied, all connections for this adapter will fetch users with any email.
    • This field is optional.
    • The default value for this field is empty.
  • Added a new Fetch Only Active Users checkbox to the ServiceNow Configuration tab in the Advanced Settings for this adapter.
    • If enabled, all connections for this adapter will fetch only active users.
    • If disabled, all connections for this adapter will fetch all users regardless if they are active or not.
    • The default value for this checkbox is False.
      
      

• Splunk - Multiple enhancements:

  • Added a new Protocol field to the Add Connection dialog for this adapter.
    • This new field lets you select between HTTP and HTTPS protocols when using to the specific adapter connection.
    • This field is required.
    • The default value for this field is HTTPS.
  • Added a new Splunk installed software search macros list field to the Splunk Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you specify a comma-separated list of Splunk search macro names that provide installed software information. For details on Splunk search macros, see Splunk Knowledge Manager Manual - Define search macros in Settings.
    • Axonius will run the Splunk search macros names and will consider the results as if those were received from a CSV file with installed software information. This means the search macros must include at least one column of required data as specified in the Which fields will be imported with a software applications file?.
    • If supplied, all connections for this adapter will run the specified search macros and will fetch installed software from the results and associate them to device entities.
    • If not supplied, all connections for this adapter will not include any search macros results in the fetched data.
    • This field is optional.
    • The default value for this field is empty.
      
      

• Tanium - The Tanium adapter has been split into four different adapters:

  • Tanium System Status - Tanium System Status provides an inventory of all clients that have registered with the Tanium platform.
  • Tanium Asset - Tanium Asset provides a complete inventory of hardware and software assets including servers, laptops, and desktops for thorough insight.
  • Tanium Discover - Tanium Discover scans for unmanaged assets with almost no impact on the network.
  • Tanium Interact - Tanium Interact lets you ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.
    
    

Dashboard Updates

The following updates have been made to the Axonius Dashboard:

• Pie Charts - Modified the pie chart color palette.
  

  
  

• Query Comparison Chart - Enhanced the Query Comparison Chart configuration.

  • This chart now lets you compare any number of devices/user queries.
  • In a bar chart format, the top 5 results are displayed. Use the paginations button to view the rest of the results.
    

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

• Update VA Coverage - The Add Device to VA Scan category has been renamed Update VA Coverage to make it clear it is not limited just for adding devices to the scanning scope of various VA tools.

New Actions

The following Actions have been added:

• Send CSV to SCP - Added a new enforcement action called Send CSV to SCP under the Notify category.

  • This new action takes the saved query supplied as a trigger (or entities that have been selected in the asset table), creates a CSV file and sends it to a specific path on an SSH server using SCP.
    
    

• Add Tag to Host Asset in Qualys Cloud Platform - Added a new enforcement action called Add Tag to Host Asset in Qualys Cloud Platform under the Update VA Coverage category.

  • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and adds a specified list of tags to each device entity, that is a host asset in Qualys.
    
    

• Remove Tag From Host Asset in Qualys Cloud Platform - Added a new enforcement action called Remove Tag From Host Asset in Qualys Cloud Platform under the Update VA Coverage category.

  • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and removes a specified list of tags from each device entity, that is a host asset in Qualys.
    
    

• Start/Stop AWS EC2 Instances - Added new enforcement actions called Start Amazon EC2 Instance and Stop Amazon EC2 Instance under the Manage AWS Services category.

  • These new actions take the saved query supplied as a trigger (or devices that have been selected in the asset table) and starts or stops the Amazon EC2 Instance.
    
    

Device and User Tables Interface Updates

The following updates have been made to the device and user tables related capabilities in Axonius:

• Devices and Users pages - Multiple enhancements:
  • Added the ability to save a column view as user default in the Device/User Tables.
    • Can be set from the Edit Columns modal and clicking on the Save as User Default.
      
  • Moved the Export CSV to a new menu that can be accessed on the right side of the page just above the table.
  • Added to the menu Reset Columns to User Default - Resets the view to the user saved view.
  • Added to the menu Reset Columns to System Default - Resets the view to the default system view.
    

• Query Wizard - Field Drop-Down - Multiple enhancements.
  • Added a new Adapter Connection Label field to the Aggregated option selected in the adapter drop-down.
    • This new field lets you query for adapters' Connection Labels in the Query Wizard.

Axonius Instances Interface Updates

The following updates have been made to Axonius instances:

• Added new Instance Indication checkbox in the Rename Instance dialog.

  • This new checkbox lets you select whether to enable the instance indication.
  • If enabled, the Axonius instance will show an indication throughout the entire system.
  • If disabled, the Axonius instance will not show an indication throughout the entire system.
  • The default value for this checkbox is False.

  

Administrator Settings Interface Updates

The following updates have been made to administrator settings in Axonius:

• Global Settings - Multiple enhancements:

  • Modified the Correlate CSV adapter only if full hostnames are equal checkbox in the Correlation Settings section.
    • This checkbox has been renamed to Correlate devices by exact hostnames when no MAC and no IPs.
    • This checkbox lets you select whether to correlate devices by the exact hostnames only when a device entity does not have any MAC or IP address.
    • If enabled, Axonius only correlates devices based on the exact hostnames, if the device entity does not have any MAC or IP address.
    • If disabled, the Axonius does not correlate devices, if the device entity does not have any MAC or IP address.
    • The default value for this checkbox is False.
  • Added a new Correlation Schedule section with a new Enable Correlation Schedule checkbox.
    • This checkbox lets you select whether to enable a scheduled correlation.
    • If enabled, only one correlation can be run at once. Once enabled, define the hour gap between each correlation run.
    • If disabled, correlation will continue to be a part of the discovery cycle.
      
      

• GUI Settings - Multiple enhancements:

  • Added a new Disable 'Remember me' checkbox in the Timeout Settings section.
    • This new checkbox lets you select whether to disable the Remember me option on the login page.
    • If enabled, the Remember me checkbox will not be displayed on the login page.
    • If disabled, the Remember me checkbox will be displayed on the login page.
    • The default value for this checkbox is False.
  • Added a new Require Connection Label on each adapter connection checkbox in the System Settings section.
    • This new checkbox lets the configure whether the Connection Label field will be mandatory for each adapter connection.
    • If enabled, the Connection Label field will be mandatory on each adapter connection.
    • If disabled, the Connection Label field will be optional on each adapter connection.
    • The default value for this checkbox is False.
      
      

• Lifecycle Settings - Modified the Discovery schedule setting in the Discovery Setting section.

  • The Daily option has been renamed to Scheduled, to clarify that it now allows to schedule the discovery every number of days at the desired time.
  • Renamed the Daily discovery time to Scheduled discovery time to clarify that the scheduled discovery time is not necessarily daily.
  • Added a new Repeat scheduled discovery every (days) field when selecting the Scheduled option.
    • This field lets you define how many days between scheduled discovery times.
    • The default for this field is 1.
      
      

General Enhancements

• CSV Export - Various enhancements to the CSV export mechanism.