What's New in Axonius 3.3
  • 24 Mar 2022
  • 21 Minutes to read
  • Dark
    Light
  • PDF

What's New in Axonius 3.3

  • Dark
    Light
  • PDF

Article summary

Release Date: May-07-2020


Adapters

New Adapters

The following new adapters have been added in this release:

  1. Axonius Users - The Axonius Users adapter fetches users with Axonius credentials and their permissions using our API client.
  2. Box Platform - Box Platform provides data security, file sharing, collaboration, and content management tools. Box Platform provides access to Box APIs.
  3. CyberArk Privileged Account Security - CyberArk Privileged Account Security provides privileged password management, session recording, least privilege enforcement, and privileged data analytics.
  4. ExtraHop Reveal(x) - ExtraHop Reveal(x) is a network detection and response (NDR) solution that provides visibility, real-time threat detection, and response.
  5. Flexera IT Asset Management - Flexera lets enterprises gain visibility and control of IT assets, reduce ongoing software costs, and maintain continuous license compliance.
  6. Forcepoint Web Security Endpoint - Forcepoint Web Security Endpoint enables end-users to authenticate and receive policy enforcement via the Forcepoint Web Security Cloud infrastructure.
    NOTE

    The existing Forcepoint Web Security Endpoint adapter has been renamed to Forcepoint Web Security Endpoint CSV File to clarify that it supports importing CSV files

  7. HyperSQL - The HyperSQL adapter imports device information from an HyperSQL database.
  8. Keycloak - Keycloak is an open source identity and access management solution.
  9. Malwarebytes Endpoint Protection (Cloud Platform) - Malwarebytes Endpoint Protection is a cloud-based security platform that combines detection and remediation technologies into a single cloud-managed agent.
    NOTE

    The existing Malwarebytes adapter has been renamed to Malwarebytes Endpoint Security (On-Prem Platform) to clarify that it supports Malwarebytes on-premise solution.

  10. Nozomi Networks Guardian - Nozomi Networks Guardian monitors network communications and device behavior for physical and virtual appliances.
  11. Panorays - Panorays is a SaaS-based platform that enables companies to view, manage and engage on the security posture of their third-parties, vendors, suppliers, and business partners.
  12. Prisma Cloud - Prisma Cloud is a native cloud security platform that provides visibility, threat prevention, compliance assurance, and data protection across multi-cloud environments.
  13. Red Hat Satellite - Red Hat Satellite is a system management solution used to deploy, configure, and maintain systems across physical, virtual, and cloud environments.
  14. Remediant SecureONE (JITA) - Remediant SecureONE is a Just-In-Time Privileged Access Management (JITA) solution that enables control and insight over the distribution, usage, and protection of privileged access across enterprise environments.
  15. Sophos Cloud Optix - Sophos Cloud Optix is a public cloud visibility and threat response solution that detects, responds, and prevents cloud security and compliance gaps.
  16. Sumo Logic - Sumo Logic is a cloud-based service for logs & metrics management for modern apps.
  17. Zoom - Zoom is a remote conferencing service that provides video conferencing, online meetings, chat, and mobile collaboration.

For more details, explore the entire list of supported and integrated adapters.

Updated Adapters

The following adapters have been enhanced:

  • Amazon Web Services (AWS) (Advanced Settings) - Added a new Fetch IAM Users' AWS Services checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.

    • When enabled, all connections for this adapter will fetch the AWS Services accessed by an IAM User.
    • When disabled, all connections for this adapter will not fetch the AWS Services accessed by an IAM User.
    • This checkbox is required.
    • The default value for this checkbox is False.

  • Cherwell IT Service Management (Advanced Settings) - Added a new CI type name whitelist field to the Cherwell Configuration tab in the Advanced Settings for this adapter.

    • This new field lets you specify a comma-separated list of CI types (Configuration Items, such as: computer or mobile device.) in Cherwell.
    • If supplied, all connections for this adapter will only collect devices of the CI types provided in this list.
    • If not supplied, all connections for this adapter will not collect any devices of any CI type.
    • This field is now optional.
    • The default value for this field is empty.

  • Claroty (Advanced Settings) - Added a new Exclude IPv6 addresses checkbox to the Claroty Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you select whether to fetch IPv6 addresses.
    • If enabled, all connections for this adapter will fetch only IPv4 addresses.
    • If disabled, all connections for this adapter will fetch both IPv4 and IPv6 addresses.
    • This checkbox is required.
    • The default value for this checkbox is False.

  • CrowdStrike Falcon (Advanced Settings) - Added a new Group name whitelist field to the CrowdStrike Configuration tab in the Advanced Settings for this adapter.

    • This new field lets you specify a comma-separated list of groups of systems in CrowdStrike.
    • If supplied, all connections for this adapter will only collect devices associated with the groups provided in this list.
    • If not supplied, all connections for this adapter will collect devices associated with any group.
    • This field is now optional.
    • The default value for this field is empty.

  • Google Cloud Platform (Advanced Settings) - Multiple enhancements:

    • Added a new Fetch Google Cloud SQL database instances checkbox to the Google Cloud Platform Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you fetch all Google Cloud SQL instances.
      • If enabled, all connections for this adapter will fetch Google Cloud SQL database instances.
      • If disabled, all connections for this adapter will not fetch Google Cloud SQL database instances.
      • This checkbox is required.
      • The default value for this checkbox is False.
    • Added a new Fetch IAM permissions for users checkbox to the Google Cloud Platform Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you fetch IAM permissions and associate those to the users roles.
      • If enabled, all connections for this adapter will fetch IAM permissions and will associate those to the users roles.
        • These permissions will be represented as the Role Details complex field.
        • Fetch IAM permissions and associate those to the users roles requires IAM: Organization Role Viewer role.
      • If disabled, all connections for this adapter will not fetch IAM permissions.
      • This checkbox is required.
      • The default value for this checkbox is False.

  • McAfee ePolicy Orchestrator (ePO) (Advanced Settings) - Added a new Exclude IPv6 addresses checkbox to the McAfee ePO Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you select whether to fetch IPv6 addresses.
    • If enabled, all connections for this adapter will fetch only IPv4 addresses.
    • If disabled, all connections for this adapter will fetch both IPv4 and IPv6 addresses.
    • This checkbox is required.
    • The default value for this checkbox is False.

  • Microsoft Defender ATP (Advanced Settings) - Multiple enhancements:

    • Added a new Fetch users checkbox to the Defender ATP Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you select whether to fetch information about the users associated with the fetched devices from Microsoft Defender ATP.
      • If enabled, all connections for this adapter will fetch information about the users associated with the fetched devices from Microsoft Defender ATP.
      • If disabled, all connections for this adapter will not fetch any user data.
      • This checkbox is required.
      • The default value for this checkbox is False.
    • Added a new Fetch applications checkbox to the Defender ATP Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you select whether to fetch installed application from Microsoft Defender ATP.
      • If enabled, all connections for this adapter will fetch the installed application on devices.
      • If disabled, all connections for this adapter will not fetch the installed application on devices.
      • This checkbox is required.
      • The default value for this checkbox is False.
    • Added a new Fetch vulnerabilities checkbox to the Defender ATP Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you select whether to fetch device vulnerabilities from Microsoft Defender ATP.
      • If enabled, all connections for this adapter will fetch vulnerabilities data from Microsoft Defender ATP.
      • If disabled, all connections for this adapter will not fetch any vulnerabilities data from Microsoft Defender ATP.
      • This checkbox is required.
      • The default value for this checkbox is False.

  • Rapid7 Nexpose - This adapter has been enhanced to fetch data for open ports.

  • ServiceNow - Multiple enhancements:

    • Added a new Install Status ENUM CSV File field to the Add Connection dialog for this adapter.
      • This new field lets you upload a CSV file with your ServiceNow Install Status values and labels.
      • If supplied, Axonius will map the Install statuses value fetched from this connection to the corresponding label derived from the uploaded CSV file.
        • The CSV file must include the following columns: Value, Label.
      • If not supplied, Axonius will not map the Install statuses value fetched from this connection.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Install status number exclude list field to the ServiceNow Configuration tab in the Advanced Settings for this adapter.
      • This new field lets you specify a comma-separated list one or more numbers that represent install status to exclude from the data.
      • If supplied, all connections for this adapter will not fetch devices from ServiceNow if their install status is in the specified list
      • If not supplied, all connections for this adapter will fetch all devices from ServiceNow, regardless of their install status.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Fetch only virtual devices checkbox to the ServiceNow Configuration tab in the Advanced Settings for this adapter.
      • If enabled, all connections for this adapter will fetch only virtual device assets from ServiceNow.
      • If disabled, all connections for this adapter will fetch device asset from ServiceNow.
      • This field is required.
      • The default value for this field is False.
    • Added a new Fetch operational status checkbox to the ServiceNow Configuration tab in the Advanced Settings for this adapter.
      • If enabled, all connections for this adapter will fetch also the operational status of device assets from ServiceNow.
      • If disabled, all connections for this adapter will not fetch the operational status of device assets from ServiceNow.
      • This field is required.
      • The default value for this field is True.

  • Tenable.sc (Advanced Settings) - Multiple enhancements:

    • Added a new Do not fetch devices with unauthenticated scans only checkbox to the Tenable.sc Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you choose whether to fetch devices with unauthenticated scans only from Tenable.sc.
      • If enabled, all connections for this adapter will only fetch devices with authenticated scans from Tenable.sc.
      • If disabled, all connections for this adapter will fetch devices with authenticated and unauthenticated scans from Tenable.sc.
      • This checkbox is required.
      • The default value for this checkbox is False.
    • Added a new Fetch info level vulnerabilities only for listed plugin IDs field to the Tenable.sc Configuration tab in the Advanced Settings for this adapter.
      • This new field lets you specify a comma-separated list of Tenable.sc plugin IDs.
      • If supplied, all connections for this adapter will only collect info level vulnerabilities from Tenable.sc for the plugin IDs provided in this list.
      • If not supplied, all connections for this adapter will not collect any info level vulnerabilities from Tenable.sc.
      • This field is optional.
      • The default value for this field is empty.

  • Tenable Nessus (Advanced Settings) - Added a new Scan IDs whitelist field to the Tenable Nessus Configuration tab in the Advanced Settings for this adapter.

    • This new field lets you specify a comma-separated list of Tenable Nessus scan IDs.
    • If supplied, all connections for this adapter will only collect devices discovered by Tenable Nessus scan IDs provided in this list.
    • If not supplied, all connections for this adapter will collect devices discovered by any Tenable Nessus scan.
    • This field is optional.
    • The default value for this field is empty.


Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

New Actions

The following Actions have been added:

  • Create Cherwell Incident - Added a new enforcement action called Create Cherwell Incident under the Create Incident category.

    • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and creates an incident in Cherwell.

  • Update Cherwell Computer - Added a new enforcement action called Update Cherwell Computer under the Create CMDB Computer category.

    • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) with devices fetched by Cherwell and updates device details in Cherwell.

  • Remove Tag from Amazon EC2 Instance - Added a new enforcement action called Remove Tag from Amazon EC2 Instance under the Manage AWS Services category.

    • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and removes tags from those Amazon EC2 instances.

Updated Actions

The following Actions have been enhanced:

  • Send CSV to Share - Added a new Use NBNS checkbox to the Add Action dialog for this action.

    • This new checkbox lets you choose whether to verify the server's name via NetBios for this connection.
    • If enabled, Axonius will verify the server's name via NetBios for this connection.
    • If disabled, Axonius will not verify the server's name via NetBios for this connection.
    • This checkbox is required.
    • The default value for this checkbox is True.

  • Create ServiceNow Incident - Multiple enhancements:

    • Added a new Additional fields field to the Add Action dialog for this action.
      • This new field lets you specify additional fields to be added as part of the incident as key/value pairs in a JSON format. For example: {"field1": "value1", "field2": "value2"}.
      • If supplied, Axonius will add the specified fields and values to the created incident. If one of the specified fields is invalid, the request might fail.
      • If not supplied, Axonius will not any additional fields to the created incident.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Send CSV as attachment field to the Add Action dialog for this action.
      • If enabled, the created incident will include an attached CSV file with the query results.
      • If disabled, the created incident will not include an attached CSV file with the query results.
      • This field is required.
      • The default value for this field is False.

  • Create ServiceNow Incident per Entity - Added a new Additional fields field to the Add Action dialog for this action.

    • This new field lets you specify additional fields to be added as part of the incident as key/value pairs in a JSON format. For example: {"field1": "value1", "field2": "value2"}.
    • If supplied, Axonius will add the specified fields and values to the created incident. If one of the specified fields is invalid, the request might fail.
    • If not supplied, Axonius will not any additional fields to the created incident.
    • This field is optional.
    • The default value for this field is empty.

  • Create Jira Issue - Added a new Additional fields field to the Add Action dialog for this action.

    • This new field lets you specify additional fields to be added as part of the issue as key/value pairs in a JSON format. For example: {"field1": "value1", "field2": "value2"}.
    • If supplied, Axonius will add the specified fields and values to the created Jira issue. If one of the specified fields is invalid, the request might fail.
    • If not supplied, Axonius will not any additional fields to the created Jira issue.
    • This field is optional.
    • The default value for this field is empty.

  • Create Jira Issue per Entity - Added a new Additional fields field to the Add Action dialog for this action.

    • This new field lets you specify additional fields to be added as part of the issue as key/value pairs in a JSON format. For example: {"field1": "value1", "field2": "value2"}.
    • If supplied, Axonius will add the specified fields and values to the created Jira issue. If one of the specified fields is invalid, the request might fail.
    • If not supplied, Axonius will not any additional fields to the created Jira issue.
    • This field is optional.
    • The default value for this field is empty.

  • Add Tag to Amazon EC2 Instance - Multiple enhancements:

    • Modified the Tag key field in the Add Action dialog for this action.
      • This field has been renamed to Tag keys to make it clear it supports multiple tag keys.
      • This field lets you specify a semicolon (;) separated list of tag keys to be added to the Amazon EC2 instance.
      • A tag key must not begin with "aws:"
      • This field is required.
    • Modified the Tag value field in the Add Action dialog for this action.
      • This field has been renamed to Tag values to make it clear it supports multiple tag values.
      • This field lets you specify a semicolon (;) separated list of tag values to be associated with the specified Tag keys added to the Amazon EC2 instance.
      • If supplied, the number of the specified tag values must match the number of specified tag keys. The first tag value will be associated with the first tag key, the second tag value will be associated with the second tag key, so on so forth.
      • If not supplied, the specified tag key will be added to the Amazon EC2 instance with no value.
      • This field is optional.
      • The default value for this field is empty.

Device and User Tables Interface Updates

The following updates have been made to the device and user tables related capabilities in Axonius:


  • Devices and Users Pages - Reverted the menu on the right side of the page just above the table into three separate menus:

    • Actions - To perform various actions on the selected assets. If the user does not have the right permissions, this menu will be disabled.
    • Edit Columns - To select between the following menu options:
      • Edit Columns - Opens the Edit Columns dialog.
      • Reset Columns to User Default - Resets the view to the user saved view.
      • Reset Columns to System Default - Resets the view to the default system view.
    • Export CSV - To export the displayed view to a CSV file.

    image.png

New Activity Logs page

The Activity Logs page can be used to track all activity in the Axonius system.

image.png

The Activity Logs page displays the list of all activities, always sorted by Date. It provides the following details:

  • Type - the type of the activity. There are two types:
    • User Activity image.png - Activity done by a user (e.g. Delete Report, Add Role).
    • System Activity image.png - Activity done by the system (e.g. Fetch devices, Discovery Cycle Ended)
  • Date - The timestamp of the activity in UTC time
  • User - The user which performed the activity. The user name is displayed with a prefix:
    • Internal - If the user has been defined internally in Axonius by one of the system admins.
    • SAML or LDAP - If the user has logged in using LDAP or SAML based login option.
  • Action - The action of the activity.
  • Category - The category of the activity.
  • Message - A message with additional details on the activity.

The Activity Logs page also includes a search for filtering activities and the option to export all activities to CSV.

Administrator Settings Interface Updates

The following updates have been made to administrator settings in Axonius:

  • Global Settings - Multiple enhancements:

    • Added a new Password Policy Settings section with a new Enforce password complexity checkbox.
      • Check this checkbox to configure and to enforce password complexity for new/changed Axonius user defined passwords.
    • Added a new Password Reset Settings section with a new Reset password link expiration (hours) field.
      • This field lets you define the number of hours which the reset password link will be valid until it expires.
    • Added a new Password Brute Force Settings section with a new Enable Brute force protection checkbox.
      • Check this checkbox to enable and to configure the rate limit on user login and on Changing user account password.

  • Lifecycle Settings - Added a new Historical Data Setting section with a new Historical data retention period (days) field.

    • This field lets you specify the number of days for which the historical data will be kept. Any historical data which is older than the number of days specified, will be deleted.

  • GUI Settings - Multiple enhancements:

    • Added a new Export CSV delimiter to use for multi-value fields field under the System Settings section.
      • This new field lets you specify a delimiter to separate between values within the same field of an exported CSV file.
      • If supplied, when Axonius will generate a CSV file, values within the same field will be separated by the specified delimiter.
      • If not supplied, when Axonius will generate a CSV file, values within the same field will be separated by "\n" (new line).
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Date format field under the System Settings section.
      • This new field lets you select the date format to be displayed in all Axonius pages.
      • The supported date formats are:
        • YYYY-MM-DD (for example: 2020-12-31)
        • DD-MM-YYYY (for example: 31-12-2020)
        • MM-DD-YYYY (for example: 12-31-2020)
      • This field is required.
      • The default value for this field is YYYY-MM-DD.
    • Added a new Default role for LDAP login field under the LDAP Login Settings section.
      • This new field lets you select the default role that will be associated with LDAP users.
      • This field replaces the new external identity provider user default role by default field that used to be in the Manage Roles dialog.
      • This field is required.
      • The default value for this field is Restricted.
    • Added a new Default role for SAML login field under the SAML Login Settings section.
      • This new field lets you select the default role that will be associated with SAML users.
      • This field replaces the new external identity provider user default role by default field that used to be in the Manage Roles dialog.
      • This field is required.
      • The default value for this field is Restricted.

  • Manage Roles - Multiple enhancements:

    • Replaced the Manage Roles dialog with a new Manage Roles tab.
    • Added a new Roles table that consists of:
      • Role name - The role name.
      • Roles categories and permissions levels - A role consists of nine categories. Each category consists of predefined set of permissions for working with Axonius pages and capabilities.
        • The table in the Permissions List section describes the permission and behavior for each category and permission set.
        • Each category is summarized to one of the following levels:
          • No Access - If none of permissions within the category are enabled.
          • Partial Access - If some of permissions within the category are enabled.
          • Full Access - If all of permissions within the category are enabled.
    • System Roles - Axonius has three default system roles:
      • Admin - User with maximum permissions to all Axonius pages and capabilities.
      • Viewer - User with 'View' permissions to all pages and has no access to the System Settings (including user management).
      • Restricted - User can view only the Dashboards page and has no access to all other pages and capabilities.
      NOTE
      System roles can not be edited. A system role can be duplicated and configured with the required permission set.
    • Added a new Role drawer. This drawer lets you perform the following actions:
      • View - system roles and custom roles.
      • Duplicate - system roles and custom roles.
      • Create - custom roles.
      • Edit - custom roles. Any changes on the role permissions will affect all the users for whom the role is assigned.
      • Delete - custom roles.

image.png

image.png


  • Manage Users - Multiple enhancements:
    • Replaced the user list with a new Users table that consists the following fields:
      • User Name - The given user name. Once created, it cannot be changed.
      • First Name - The user's first name, if provided.
      • Last Name - The user's last name, if provided.
      • Email - Added a new user's email address field. If supplied, Axonius can send the user an email to create or to reset his password on his own.
      • Role - The user assigned role.
      • Source - Internal / SAML / LDAP.
      • Last Login - Added a new field with user's last login timestamp.
      • Last Updated - Added a new field with the user's last change timestamp.
    • Added a new User drawer. This drawer lets you perform the following actions:
      • Create, view and edit an Axonius user.
        • Only internal Axonius users can be edited.
        • New users can now be created with an invite where the user will set his own password.
      • Reset a password - using one of the following methods:
        • Setting a new password manually.
        • Creating a reset password link for the user to reset his own password.
      • Removing Single or Multiple Users.
      • Re-assign role to a single or to multiple users.

image.png

image.png

  • Users and Roles - Users can no longer have ad-hoc defined permissions, each user must be assigned a specific role with the desired permissions.
    As part of the upgrade to 3.3, each user's role will be re-assigned as follows:
    • If the user is assigned the pre 3.3 role "Admin" - The user will be assigned the new 3.3 role "Admin".
    • If the user is assigned the pre 3.3 role "Read Only User" - The user will be assigned the new 3.3 role "Viewer".
    • If the user is assigned the pre 3.3 role "Restricted User" - The user will be assigned the new 3.3 role "Restricted".
    • If the user is assigned an ad-hoc set of permissions:
      • A new role will be create with the ad-hoc permissions named "Custom Role #", where # is an number that will be incremented for each new role created for an ad-hoc permission set.
      • The user will be assigned the newly created 3.3 role "Custom Role #".

Was this article helpful?