What's New in Axonius 3.13
  • 24 Mar 2022
  • 15 Minutes to read
  • Dark
    Light
  • PDF

What's New in Axonius 3.13

  • Dark
    Light
  • PDF

Article summary

Release Date: January-11-2021



Adapters

New Adapters

The following new adapters have been added in this release:

  1. Aternity
    • Aternity is a device performance monitoring solution that provides insights into performance and health of laptops, desktops, VDI, and mobile devices, along with self-healing capabilities to automatically resolve issues.
    • This adapter fetches the following types of assets: Devices.
  2. Barracuda CloudGen Access (Fyde)
    • Barracuda CloudGen Access (formerly Fyde) provides granular access for enterprise apps and workloads, and continuously monitors access requests to enforce policy controls.
    • This adapter fetches the following types of assets: Devices, Users.
  3. Bitbucket
    • Bitbucket is a web-based version control repository hosting service for source code and development projects that use either Mercurial or Git revision control systems.
    • This adapter fetches the following types of assets: Devices.
  4. Cofense PhishMe
    • Cofense PhishMe provides phishing awareness training and threat simulations for employees.
    • This adapter fetches the following types of assets: Users.
  5. Commvault
    • Commvault enables data protection, backup and recovery, and information management solutions.
    • This adapter fetches the following types of assets: Devices, Users.
  6. Dell OpenManage Enterprise
    • Dell OpenManage Enterprise is a one-to-many systems management console. It facilitates lifecycle management for Dell EMC PowerEdge servers in one console.
    • This adapter fetches the following types of assets: Devices, Users.
  7. Gigamon ThreatINSIGHT
    • Gigamon ThreatINSIGHT is a cloud-native network detection and response (NDR) platform that provides threat activity detection and the data and context needed for cybersecurity response and investigation.
    • This adapter fetches the following types of assets: Devices.
  8. Illumio Adaptive Security Platform (ASP)
    • Illumio Adaptive Security Platform (ASP) secures computing platforms in cloud, on-prem, or hybrid environments without any dependency on the underlying network.
    • This adapter fetches the following types of assets: Devices.
  9. Jamf Protect
    • Jamf Protect is an endpoint protection solution that prevents macOS malware, detects and remediates Mac-specific threats, and monitors endpoints for compliance.
    • This adapter fetches the following types of assets: Devices.
  10. L0phtCrack 7
    • L0phtCrack 7 is a password auditing and recovery application.
    • This adapter fetches the following types of assets: Users.
  11. PDQ Inventory
    • PDQ Inventory is a systems management tool that scans Windows computers to collect hardware, software, and Windows configuration data.
    • This adapter fetches the following types of assets: Devices, Users.
  12. Secureworks Red Cloak Threat Detection and Response (TDR)
    • Secureworks Red Cloak Threat Detection and Response (TDR).
    • This adapter fetches the following types of assets: Devices.
  13. Venafi
    • Venafi secures and protects cryptographic keys and digital certificates.
    • This adapter fetches the following types of assets: Devices.
  14. VMware Horizon
    • VMware Horizon is a platform for secure delivery of virtual desktops and apps across the hybrid cloud.
    • This adapter fetches the following types of assets: Devices.



For more details, explore the entire list of supported and integrated adapters.

Updated Adapters

The following adapters have been enhanced:

  • Adapters Fetch History - Added a new Adapters Fetch History page.
    • This new page lets you view and filter the fetch summary details of the various adapter connections' data fetches.
    NOTE

    The displayed data in this page refers to any data gathered starting Axonius 3.13.

image.png


  • Amazon Web Services (AWS) (Advanced Settings) - Multiple enhancements:

    • Added a new List of tags to parse as fields field under the AWS Configuration tab in the Advanced Settings for this adapter.
      • This new field lets you specify a comma-separated list of tag keys to be parsed as devices fields. Each tag is a key-value pair that is part of the Adapter Tags complex field.
      • If supplied, all connections for this adapter will parse any of the listed tags that are associated with the fetched device as :
        • Values of the Adapter Tags field.
        • Designated field with the name of the tag key and the value of the tag value.
      • If not supplied, all connections for this adapter will only parse all tags as values of the Adapter Tags field.
      • This new field is optional.
      • The default value for this field is empty.
    • Added a new Fetch Organizations as devices checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you select whether to fetch Organizations data as device assets.
      • If enabled, all connections for this adapter will fetch Organizations data from AWS. Each Organization will be added as a unique device.
      • If disabled, all connections for this adapter will not fetch Organizations data from AWS.
      • This checkbox is required.
      • The default value for this checkbox is False.
    • Added a new remote_roles_to_assume option to the Advanced Configuration File field to the Add Connection dialog for this adapter.
      • This new option is part of the key/value pairs that can be specified in the Advanced Configuration File.
      • This option lets you get the roles-to-assume file from an s3 bucket instead of an uploaded file.

  • ForeScout CounterACT (Advanced Settings) - Added a new Do not fetch devices with no MAC address and no hostname checkbox under the ForeScout CounterACT Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you select whether to exclude fetching devices without MAC address and without hostname.
    • If enabled, all connections for this adapter will only fetch devices having MAC address or hostname.
    • If disabled, all connections for this adapter will fetch devices even if those do not have MAC address and no hostname.
    • This new checkbox is required.
    • The default value for this checkbox is False.

  • Google Cloud Platform (GCP) (Advanced Settings) - Added a new List of tags to parse as fields field under the GCP Configuration tab in the Advanced Settings for this adapter.

    • This new field lets you specify a comma-separated list of tag keys to be parsed as devices fields. Each tag is a key-value pair that is part of the Adapter Tags complex field.
    • If supplied, all connections for this adapter will parse any of the listed tags that are associated with the fetched device as :
      • Values of the Adapter Tags field.
      • Designated field with the name of the tag key and the value of the tag value.
    • If not supplied, all connections for this adapter will only parse all tags as values of the Adapter Tags field.
    • This new field is optional.
    • The default value for this field is empty.

  • McAfee ePolicy Orchestrator (ePO) (Advanced Settings) - Added a new ePO tags whitelist checkbox under the McAfee ePO Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you specify a comma-separated list of McAfee ePO tags.
    • If supplied, all connections for this adapter will only fetch devices tagged in McAfee ePO with the tags provided in this list.
    • If not supplied, the connection for this adapter will fetch all devices from McAfee ePO.
    • This new checkbox is required.
    • The default value for this checkbox is False.


  • Microsoft Azure (Advanced Settings) - Added a new List of tags to parse as fields field under the Azure Configuration tab in the Advanced Settings for this adapter.

    • This new field lets you specify a comma-separated list of tag keys to be parsed as devices fields. Each tag is a key-value pair that is part of the Adapter Tags complex field.
    • If supplied, all connections for this adapter will parse any of the listed tags that are associated with the fetched device as :
      • Values of the Adapter Tags field.
      • Designated field with the name of the tag key and the value of the tag value.
    • If not supplied, all connections for this adapter will only parse all tags as values of the Adapter Tags field.
    • This new field is optional.
    • The default value for this field is empty.

  • Microsoft Azure (Advanced Settings) - Added a new Fetch "Guest" user checkbox under the Azure AD Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you select whether to fetch external users.
    • If enabled, all connections for this adapter will fetch external users from Azure AD.
    • If disabled, all connections for this adapter will not fetch external users from Azure AD.
    • This new checkbox is required.
    • The default value for this checkbox is True.

  • NetApp (Advanced Settings) - Added a new Async chunks in parallel field under the NetApp Configuration tab in the Advanced Settings for this adapter.

    • This new field lets you specify the number of parallel requests all connections for this adapter will send to the NetApp server in parallel at any given point.
    • This field is required.
    • The default value for this field is 50.

  • Qualys Cloud Platform (Advanced Settings) - Multiple enhancements:

    • Added a new Fetch policy control checkbox under the Qualys Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you select whether to fetch policy controls.
      • If enabled, all connections for this adapter will also fetch policy controls associated with policy compliance.
      NOTE

      Policy controls will be fetched only if Fetch policy compliance is enabled.

      • If disabled, all connections for this adapter will not fetch policy controls.
      • This new checkbox is required.
      • The default value for this checkbox is False.
    • Added a new Fetch policy posture information checkbox under the Qualys Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you select whether to fetch the posture information of every policy compliance.
      • If enabled, all connections for this adapter will also fetch policy posture information associated with policy compliance.
      NOTE

      Policy controls will be fetched only if Fetch policy compliance is enabled.

      • If disabled, all connections for this adapter will not fetch policy posture information.
      • This new checkbox is required.
      • The default value for this checkbox is False.

  • Zoom (Advanced Settings) - Added a new Days of meetings data field under the Zoom Configuration tab in the Advanced Settings for this adapter.

    • This new field lets you specify the number of days of meeting data that all connections for this adapter will fetch.
    • This new field is required.
    • The default value for this field is 7.

Dashboard Updates

The following updates have been made to the Axonius Dashboard:

  • Dashboard Spaces - Multiple enhancements:
    • Added a new Manage Spaces option to the Add Space button.
      • This new option opens the Manage Spaces page.
      • This new option requires an Admin default system role permissions.
    • Added a new Manage Spaces page.
      • This new page lets you add, view, edit, delete and re-order all of the dashboard spaces from a single page.
      • This new page requires an Admin default system role permissions.

image.png


Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

New Actions

The following Actions have been added:

  • Send CSV to Microsoft OneDrive - Added a new enforcement action called Send CSV to Microsoft OneDrive under the Notify category.

    • This new action takes the saved query supplied as a trigger (or entities that have been selected in the asset table), creates a CSV file, and sends it to a specific path on Microsoft OneDrive.

  • Send CSV to SharePoint - Added a new enforcement action called Send CSV to SharePoint under the Notify category.

    • This new action takes the saved query supplied as a trigger (or entities that have been selected in the asset table), creates a CSV file, and sends it to a specific path on SharePoint.

  • Send CSV to Azure Storage - Added a new enforcement action called Send CSV to Azure Storage under the Notify category.

    • This new action takes the saved query supplied as a trigger (or entities that have been selected in the asset table), creates a CSV file, and sends it to a specific path on Azure Storage.

  • Send CSV to Box - Added a new enforcement action called Send CSV to Box under the Notify category.

    • This new action takes the saved query supplied as a trigger (or entities that have been selected in the asset table), creates a CSV file, and sends it to a specific path on Box.

  • Remove Custom Data - Added a new enforcement action called Remove Custom Data under the Axonius Utilities category.

    • This new action removes the value from a single custom field from each of the query results entities.

  • Delete Devices or Users - Added a new enforcement action called Delete Devices or Users under the Axonius Utilities category.

    • This new action takes the saved query supplied as a trigger (or devices/users that have been selected in the asset table) and delete those selected devices/users.

  • Tag Rapid7 InsightVM Assets - Added a new enforcement action called Tag Rapid7 InsightVM Assets under the Update VA Coverage category.

    • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table), and adds the supplied tag name to the Rapid7 InsightVM assets.

Updated Actions

The following Actions have been enhanced:

  • Send Email - Added a new Email to include top results section checkbox to the Add Action dialog for this action.

    • This new checkbox lets you select whether to include the top results section in the sent email.
    • If enabled, the email being sent will include the top results section.
    • If disabled, the email being sent will not include the top results section. It will only include the results summary.
    • This new checkbox is required.
    • The default value for this checkbox is True.

  • Send CSV to Amazon S3 and Send JSON to Amazon S3 - Multiple enhancements:

    • Added a new AWS region field to the Add Action dialog for this action.
      • This new field lets you specify the region name the Amazon S3 located.
      • If supplied, PutObject operation will be done on the supplied Amazon S3 details in the supplied region.
      • If not supplied, PutObject operation will be done on the supplied Amazon S3 details in 'us-east-1'.
      • This new field is optional.
      • The default value for this field is 'us-east-1'.
    • Added a new HTTPS proxy field to the Add Action dialog for this action.
      • This new field lets you specify a proxy to use when connecting to the Amazon S3 bucket.
      • If supplied, Axonius will utilize the proxy when connecting to the Amazon S3 bucket.
      • If not supplied, Axonius will connect directly to the Amazon S3 bucket.
      • This new field is optional.
      • The default value for this field is empty.

  • Send to Google BigQuery Table - Multiple enhancements:

    • Added a new Append or override the table field to the Add Action dialog for this action.

      • This new field lets you select whether to override the table data or to append the table, if already exists, and add new records to it.
      • This new field is required.
      • The default value for this field is Override.
    • Added a new Axonius to Google BigQuery field mapping field to the Add Action dialog for this action.

      • This new field lets you specify the mapping between the Axonius fields and the Google BigQuery table columns. The input should be key/value pairs in a JSON format. For example: {"axonius_field1":"bigquery_column1", "axonius_field2":"bigquery_column2"}.
      • If supplied, Axonius will map the specified fields and values to the configured Google BigQuery table column.
        • Axonius field that is part of the query data but is not supplied in the JSON, will be mapped to a BigQuery table column with the same name as the Axonius field.
        • If one of the specified fields is invalid or does not part of the query data, the request might fail.
      • If not supplied, Axonius will not add any fields to the created asset in ServiceNow, beyond the default field mapped from Axonius.
      NOTE

      For more details about the supported syntax for Axonius fields, see Axonius to CMDB Field Mapping.

    • Added a new Partitioning field to the Add Action dialog for this action.

      • This new field lets select whether to create partitioned table for the inserted data:
      • If No partitioning is selected, the table won't be partitioned.
      • If Partition by ingestion time is selected:
        • The table will be partitioned by calendar days.
        • Select whether a partition filter is required. Requiring a partition filter means users must include a WHERE clause that specifies the partitions to query. Using a partition filter may reduce cost and improve performance.

  • Manage CMDB Assets - Multiple enhancements:

    • The Manage CMDB Computer category has been renamed to Manage CMDB Assets to emphasize the actions under this category are not limited to CMDB computer but to additional CMDB assets, such as servers.
    • The following actions have been renamed accordingly:
      • The Create ServiceNow Computer action has been renamed to Create ServiceNow Asset.
      • The Update ServiceNow Computer action has been renamed to Update ServiceNow Asset.
      • The Create Cherwell Computer action has been renamed to Create Cherwell Asset.
      • The Update Cherwell Computer action has been renamed to Update Cherwell Asset.
      • The Create Ivanti Service Manager Computer action has been renamed to Create Ivanti Service Manager Asset.
      • The Update Ivanti Service Manager Computer action has been renamed to Update Ivanti Service Manager Asset.

  • Add or Update LDAP Attributes of Users or Devices - Multiple enhancements:

    • The Update LDAP Attributes of Users or Devices action has been renamed to Add or Update LDAP Attributes of Users or Devices to emphasize this action lets you update existing LDAP attributes, but also to add new attributes.
    • Added a new Action type field to the Add Action dialog for this action.
      • This new field lets you select whether to add new or to update existing LDAP attributes.
      • This new field is required.
      • The default value for this field is Update Attributes.

Device and User Tables Interface Updates

The following updates have been made to the device and user tables related capabilities in Axonius:

  • Devices Profile and User Profile Pages - Added URL routing to each tab and sub-tab in the Device Profile page and in the User Profile page.
  • Saved Queries - Multiple enhancements:
    • Added a unique URL to each saved query in the Devices page or in the Users page.
    • Added new Keep always cached checkbox to the Save Query dialog and to the Saved Query drawer in the Saved Queries page.
      • If enabled, the saved query will be always be cached. The saved query will be executed and cached each TTL interval defined in Cache Settings.
      • If disabled, the saved query will not be always cached.
      • This checkbox is only visible when Caching is enabled in the system.

Administrator Settings Interface Updates

The following updates have been made to administrator settings in Axonius:

  • Global Settings – Added a new Data Synchronization Settings section.

    • This new section consolidates the data synchronization settings for central core architecture.
    • This new section replaces the following sections:
      • Amazon S3 Settings
      • SMB Settings
      • Azure Storage Settings

  • Permission List - Added a new API Access category with an API access enabed permission.

    • The new permission lets you select whether the role allows API access.
    • If enabled, the users assigned to that role will have API access.
    • If disabled, the users assigned to that role will not have API access.
    • This new permission is required.
    • The default value for this permission is True.

General Enhancements

  • Session Timeout Modal - Added a new session timeout dialog that warns the user 1 minute before his session is about to timeout.

Was this article helpful?