What's New in Axonius 3.5

Release Date: June-21-2020

Adapters

New Adapters

The following new adapters have been added in this release:

1. Alcide
   • Alcide provides cloud and Kubernetes discovery, K8s audit and compliance scanner, microservices anomaly detection and security policies management and enforcement.
   • This adapter fetches the following types of assets: Devices.
2. Centrify Identity Services
   • Centrify Identity Services manages application access, endpoints, and network infrastructure.
   • This adapter fetches the following types of assets: Users.
3. FireMon Security Manager
   • FireMon Security Manager is a network security solution that provides real-time visibility, control, and management for network security devices across hybrid cloud environments.
   • This adapter fetches the following types of assets: Devices.
4. iboss cloud
   • iboss cloud is a cloud-based platform that secures user Internet access in the cloud.
   • This adapter fetches the following types of assets: Devices.
5. Sensu
   • Sensu is a cloud monitoring solution that provides monitoring workflows automation and visibility into multi-cloud environments.
   • This adapter fetches the following types of assets: Devices.
6. UpGuard CyberRisk
   • UpGuard CyberRisk provides third-party vendor risk and external cyber risk monitoring. The platform has two main modules: UpGuard BreachSight which monitors an organization's external risk posture and Vendor Risk which monitors and helps manages the risk posture of third party vendors.
   • This adapter fetches the following types of assets: Users.
     
     

For more details, explore the entire list of supported and integrated adapters.

Updated Adapters

The following adapters have been enhanced:

• All Adapter Connections - Discovery Configuration - Added a new Discovery Configuration tab under the adapters Advanced Settings.

  • The Enable custom discovery schedule checkbox lets you configure a custom discovery cycle for each adapter.
    • If enabled, Axonius will fetch data from the adapter per the custom schedule - not the global discovery cycle.
    • If disabled, Axonius will fetch data from the adapter during global discovery cycles.
    • This checkbox is required.
    • The default value for this checkbox is False.
  • If the Enable custom discovery schedule checkbox is enabled, the Repeat scheduled discovery field lets you select the repeat option for the scheduled discovery:
    • Every x days - The adapter custom discovery cycle will run at the time specified in Scheduled discovery time field every number days defined in the Repeat scheduled discovery every (days) field.
    • Days of week - The adapter custom discovery cycle will run at the time specified in Scheduled discovery time field in the selected days of week.
    • This field is required.
    • The default value for this field is Every x days.

  

• Amazon Web Services (AWS) (Advanced Settings) - Multiple enhancements:

  • Added a new Fetch internet gateways as devices checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to fetch internet gateways as device assets.
    • If enabled, all connections for this adapter will fetch all available internet gateways data from AWS. Each internet gateway will be added as a unique device.
    • If disabled, all connections for this adapter will not fetch any internet gateways data from AWS.
    • This checkbox is required.
    • The default value for this checkbox is False.
  • Added a new Fetch route tables as devices checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to fetch route tables as device assets.
    • If enabled, all connections for this adapter will fetch all available route tables data from AWS. Each route table will be added as a unique device.
    • If disabled, all connections for this adapter will not fetch any route tables data from AWS.
    • This checkbox is required.
    • The default value for this checkbox is False.
  • Added a new Add route tables to devices checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to fetch information about route tables and add it to the appropriate devices.
    • If enabled, all connections for this adapter will fetch all route tables data from AWS for the following services and will add it to the appropriate devices:
      • EC2
      • ELB
      • IGW
      • NAT
      • RDS
      • Workspaces
      • ECS - only if Correlate ECS Containers with their EC2 Instance checkbox is enabled.
      • EKS - only if Correlate EKS Containers with their EC2 Instance checkbox is enabled.
    • If disabled, all connections for this adapter will not fetch any route tables data from AWS.
    • This checkbox is required.
    • The default value for this checkbox is False.
  • Added a new Parse IAM policies checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to fetch information about the privileges that are granted to each AWS IAM user by group, inline and attached IAM policies.
    • If enabled, all connections for this adapter will query each AWS IAM user to determine the privileges that are granted to it by group, inline and attached IAM policies.
    • If disabled, all connections for this adapter will not fetch information about the privileges that are granted to each AWS IAM user.
    • This checkbox is required.
    • The default value for this checkbox is False.
      
      

• Code42 (Advanced Settings) - Added a new Use osHostname field as hostname checkbox to the Code42 Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to use the osHostname field fetched form Code42 as the device's hostname.
  • If enabled, all connections for this adapter will use the osHostname field fetched from Code42 as the device's hostname.
  • If enabled, all connections for this adapter will use the name field fetched from Code42 as the device's hostname.
  • This checkbox is required.
  • The default value for this checkbox is False.
    
    

• CrowdStrike Falcon (Connection Configuration) - Added a new Member CID field to the Add Connection dialog for this adapter.

  • This new field lets you specify a CrowdStrike CID in order to fetch data from specific tenants.
  • If supplied, Axonius will fetch data from all tenants associated with the Member CID (customer identification).
  • If not supplied, Axonius will only fetch data from the main tenancy.
  • This field is optional.
  • The default value for this field is empty.
    
    

• Flexera IT Asset Management (Connection Configuration) - Added a new Database Type field to the Add Connection dialog for this adapter.

  • This new field lets you select the database server as the source for data: IM or FNMP.
  • This field is required.
  • The default value for this field is empty.
    
    

• Microsoft Azure (Connection Configuration) - Multiple enhancements:

  • Added a new Fetch All Subscriptions checkbox to the Add Connection dialog for this adapter.
    • This new checkbox lets you select whether to fetch all subscriptions from the same Microsoft Azure tenant ID or a single account as specified in the Azure Subscription ID field.
    • If enabled, Axonius will fetch data from all subscriptions associated with the specified Tenant ID.
    • If disabled, Azure Subscription ID field must be specified. Axonius will fetch data from the specified subscription in the Azure Subscription ID field.
    • This field is required.
    • The default value for this field is False.
  • Modified the Azure Subscription ID field in the Add Connection dialog for this adapter.
    • If supplied, Axonius will fetch data from the specified subscription.
      • If the Fetch All Subscriptions checkbox is disabled, Azure Subscription ID field must be specified.
    • If not supplied, If the Fetch All Subscriptions checkbox is enabled, Axonius will fetch data from all subscriptions associated with the specified Tenant ID. Otherwise, Axonius will fail to fetch data.
    • This field is now optional.
    • The default value for this field is empty.
      
      

• Qualys Cloud Platform (Advanced Settings) - Multiple enhancements:

  • Added a new Fetch authentication report checkbox to the Qualys Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to fetch authentication report information from Qualys Cloud Platform. The authentication report includes the authentication status for the scanned hosts: Passed, Failed, Passed with insufficient privileges or Not Attempted.
    • If enabled, all connections for this adapter will also fetch authentication report information from Qualys Cloud Platform.
    • If disabled, all connections for this adapter will not fetch authentication report information from Qualys Cloud Platform.
    • This checkbox is required.
    • The default value for this checkbox is False.
  • Added a new Fetch tickets checkbox to the Qualys Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to fetch tickets associated with devices from information Qualys Cloud Platform.
    • If enabled, all connections for this adapter will also fetch tickets information for tickets associated with devices from Qualys Cloud Platform.
    • If disabled, all connections for this adapter will not fetch tickets associated with devices from Qualys Cloud Platform.
    • This checkbox is required.
    • The default value for this checkbox is False.
  • Added a new Use DNS name as hostname even if NetBIOS name exists checkbox to the Qualys Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to use DNS name or NetBIOS name as the device hostname if both exists.
    • If enabled, all connections for this adapter use the DNS name as the device hostname even if NetBIOS name also exists.
    • If disabled, all connections for this adapter use the NetBIOS name as the device hostname, when exists.
    • This checkbox is required.
    • The default value for this checkbox is False.
  • Added a new Fetch unscanned IP addresses checkbox to the Qualys Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to fetch yet-to-be-scanned hosts. Such devices' data will contain only an IP address (also as ID).
    • If enabled, all connections for this adapter will also fetch unscanned IP addresses from Qualys Cloud Platform.
    • If disabled, all connections for this adapter will not fetch unscanned IP addresses from Qualys Cloud Platform.
    • This checkbox is required.
    • The default value for this checkbox is False.
      
      

• Rapid7 Nexpose (Connection Configuration) - Multiple enhancements:

  • Moved all the fields under the Rapid7 Nexpose Configuration tab in the Advanced Settings for this adapter to the Add Connection dialog for this adapter.
  • Added a new Fetch installed software checkbox to the Add Connection dialog for this adapter.
    • This new checkbox lets you select whether to fetch installed software from Rapid7 Nexpose.
    • If enabled, Axonius will fetch installed software data from Rapid7 Nexpose.
    • If disabled, Axonius will not fetch installed software data from Rapid7 Nexpose.
    • This checkbox is required.
    • The default value for this checkbox is False.
  • Added a new Fetch open ports checkbox to the Add Connection dialog for this adapter.
    • This new checkbox lets you select whether to fetch open ports from Rapid7 Nexpose.
    • If enabled, Axonius will fetch open ports data from Rapid7 Nexpose.
    • If disabled, Axonius will not fetch open ports data from Rapid7 Nexpose.
    • This checkbox is required.
    • The default value for this checkbox is False.
  • Added a new Fetch policies checkbox to the Add Connection dialog for this adapter.
    • This new checkbox lets you select whether to fetch policies associated with devices from Rapid7 Nexpose.
    • If enabled, Axonius will fetch policies associated with devices from Rapid7 Nexpose.
    • If disabled, Axonius will not fetch policies associated with devices from Rapid7 Nexpose.
    • This checkbox is required.
    • The default value for this checkbox is False.
      
      

• SolarWinds Network Performance Monitor (Connection Configuration) - Added a new Custom Properties List field to the Add Connection dialog for this adapter.

  • This new field lets you Specify a comma-separated list of SolarWinds properties.
  • If supplied, the adapter connection will add a device field for each of the comma-separated list properties that have been defined in this field.
  • If not supplied, the adapter connection will not fetch any additional SolarWinds properties.
  • This field is now optional.
  • The default value for this field is empty.
    
    

• SQL Server (Connection Configuration) - Added a new Is Users Table checkbox to the Add Connection dialog for this adapter.

  • This new checkbox lets you select that the SQL Server table is a users table (and not a devices table).
  • If enabled, Axonius will consider the data fetched from the specified table as user data.
  • If disabled, Axonius will consider the data fetched from the specified table as device data.
  • This checkbox is required.
  • The default value for this checkbox is False.
    
    

• Sumo Logic (Connection Configuration) - Added a new Data Contains Users Information checkbox to the Add Connection dialog for this adapter.

  • This new checkbox lets you select whether the query data contains devices or user information.
  • If enabled, Axonius will consider the data from Sumo Logic query results as users data.
  • If disabled, Axonius will consider the data from Sumo Logic query results as devices data.
  • This checkbox is required.
  • The default value for this checkbox is False.
    
    

• Tenable.io (Advanced Settings) - Added a new Scan UUIDs whitelist field to the Tenable.io Configuration tab in the Advanced Settings for this adapter.

  • This new field lets you specify a comma-separated list of assets' universally unique identifiers (UUID) in Tenable.io.
  • If supplied, all connections for this adapter will only fetch devices from Tenable.io scans with the UUIDs provided in this list.
  • If not supplied, all connections for this adapter will fetch all devices from Tenable.io scans.
  • This field is optional.
  • The default value for this field is empty.
    
    

• VMWare Workspace ONE (AirWatch) (Advanced Settings) - Multiple enhancements:

  • Added a new Async chunks field to the AirWatch Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you specify the number of parallel requests all connections for this adapter will send to the VMWare Workspace ONE server in parallel at any given point.
    • This field is required.
    • The default value for this field is 50.
  • Added a new Page Size field to the AirWatch Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you set the number of results per page received for a given query to the VMWare Workspace ONE server, to gain better control on the performance of all connections of for this adapter.
    • This field is required.
    • The default value for this field is 500.
  • Added a new Socket recv session timeout field to the AirWatch Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you specify how many seconds all connections for this adapter will wait for a response before considering the request as timed out.
    • This field is required.
    • The default value for this field is 300.
      
      

Dashboard Updates

The following updates have been made to the Axonius Dashboard:

• Adapter Connections Status Chart - Added a new default chart: Adapter Connections Status.

  • This new chart provides you with the following information:
    • The status of all the adapter connections:
      • Number of connections with errors
      • Number of adapter connections successfully connected
    • The number of configured adapters
    • The number of adapters with errors

  

• Adapter Segmentation Chart - Added a new chart type: Adapter Segmentation Chart.

  • This new chart lets you visualize gaps by showing a segmentation of number of assets fetched from each adapter, across the data-set given by the query.
  • The value of each bar chart is the number of devices or users assets fetched from this adapter for this query.
  • The total unique devices returned from the query is displayed in the bottom of the chart.
  • Data labels provides the following details on each segment:
    • Adapter name.
    • Number of assets fetched from this adapter.
    • Percentage of the segment size out of the total unique devices.
  • By default, the top 5 results are displayed. Use the paginations button to view the rest of the results.

  

• Bar Charts - Added a Total indication to the bar charts of Field Segmentation chart and the Query Comparison chart.
  • The total of all the segments is displayed in the bottom of the chart below the orange separator.
    

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

New Actions

The following Actions have been added:

• Create Cherwell Computer - Added a new enforcement action called Create Cherwell Computer under the Manage CMDB Computer category.
  • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and creates a computer in Cherwell for each of the query result entities.
    
    

Updated Actions

The following Actions have been enhanced:

• Create ServiceNow Computer - Added a new Additional fields field to the Add Action dialog for this action.

  • This new field lets you specify additional fields to be added as part of the ServiceNow computer as key/value pairs in a JSON format. For example: {"field1": "value1", "field2": "value2"}.
  • If supplied, Axonius will add the specified fields and values to the created computer in ServiceNow. If one of the specified fields is invalid, the request might fail.
  • If not supplied, Axonius will not any additional fields to the created computer in ServiceNow.
  • This field is optional.
  • The default value for this field is empty.
    
    

• Update ServiceNow Computer - Added a new Additional fields field to the Add Action dialog for this action.

  • This new field lets you specify additional fields to be added as part of the ServiceNow computer as key/value pairs in a JSON format. For example: {"field1": "value1", "field2": "value2"}.
  • If supplied, Axonius will add the specified fields and values to the updated computer in ServiceNow. If one of the specified fields is invalid, the request might fail.
  • If not supplied, Axonius will not any additional fields to the updated computer in ServiceNow.
  • This field is optional.
  • The default value for this field is empty.

Device and User Tables Interface Updates

The following updates have been made to the device and user tables related capabilities in Axonius:

• Export CSV - Added an Export Data dialog to the Export CSV button in the Devices page and in the Users page.

  • This new dialog lets you configure the exported data:
    • The Delimiter to use for multi-value fields field lets you specify a delimiter to separate between values within the same field of an exported CSV file.
      • If supplied, values within the same field will be separated by the specified delimiter once the CSV file has been generated.
      • If not supplied, values within the same field will be separated by the value defined in the Export CSV delimiter to use for multi-value fields field under the System Settings section in the GUI Settings. The default value is "\n" (new line).
      • This field is optional.
      • The default value for this field is the value of the Export CSV delimiter to use for multi-value fields field under the System Settings section in the GUI Settings.
    • The Maximum rows field lets you specify the maximum rows to be included in the CSV.
      • If supplied, the generated CSV file will include the top x rows, based on the specified values. This option can be useful to export only the top results and to improve the CSV file generation time.
      • If not supplied, the generated CSV file will include the default maximum rows, set as 1048500.
      • This field is optional.
      • The default value for this field is 1048500.

  

• Private Saved Queries - Saved queries can now be created with private access. Private saved queries are only visible for the current user and can only be used in Saved Queries page and in My Dashboard space. Public saved queries can be viewed by all users and can be accessed everywhere in the system (Dashboards, Enforcement Center, Reports, Query Wizard).
  • Added new private query checkbox to the Save Query dialog
    • If enabled, the saved query will be created with private access
    • If disabled, the saved query will be created with public access.
  • The permissions: Create saved query, Edit saved queries, Run saved queries and Delete saved query - All apply on public saved queries only. Private saved queries can always be created, edited, run and deleted.
  • Added a new Access column to the Saved Queries table to reflect the access of the Saved Query.

• Query Wizard - Multiple enhancements:
  • Added a two new options last hours and next hours to the Date function in the Operator drop-down.
  • These options lets you check for dates which are before/after the relative number of hours (integer).

• Saved Queries - Modified the default save option to be Save As.
  
  

Cloud Asset Compliance Updates

The following updates have been made to Cloud Asset Compliance:

• CIS Benchmark scoring - Added a new CIS Benchmark score which presents the benchmark score cross all organization or for single/multiple accounts.
  • The CIS Benchmark score is calculated as the percentage of passed rules out of all checked rules. The score is calculated and aggregated on all accounts currently filtered. Other filters will not affect the CIS benchmark score.
  • The score component also has an option to exclude rules from the benchmark score. These rules will not be shown in the table and will not be taken into account when calculating the benchmark score.
    
• Rule and Category filters
  • Added two new filters: Rule filter and Category filter
  • You can filter on the values to be displayed in the table. All filters apply on the CSV when exporting or when sending compliance result by Email.
• Send Email enforcement
  • Added an option to send the CSV with the compliance results by email.
  • The send email includes the following configuration:
    1. Email subject (required, default: empty) - Specify the email subject.
    2. Custom message (up to 500 characters) (optional, default: empty) - Specify the body of the email message.
       • If supplied, the generated email body will be the specified custom message.
       • If not supplied, the email message will be generated with no body.
    3. Send to AWS account admins (required, default: False)
       • Adds to the list of recipients, emails of IAM users which have the AdministratorAccess role and that these users are part of the AWS Account.
       • Relevant only for CIS Amazon Web Services Foundations Benchmark
    4. Recipients (required, default: empty) - Add list of recipients.
    5. Recipients CC (optional, default: empty) - Add list of recipients CC.
       • If supplied, the email will be sent as CC to the specified email list.
       • If not supplied, the email will be sent only to the defined Recipients specified email list.

Administrator Settings Interface Updates

The following updates have been made to administrator settings in Axonius:

• Global Settings
  • Added a new Enable device location mapping checkbox under the Data Enrichment Settings section.
    • This new checkbox lets you upload a CSV file that maps between subnets and location.
      • If enabled, use the Device location mapping CSV file file upload control to upload a CSV file with a list of subnets and the respective location.
        • The CSV file must include:
          • Two columns: subnet and location.
          • Headers for the columns, that are case insensitive.
      • If disabled, Axonius will not enrich IP addresses with location information.
      • This checkbox is required.
      • The default value for this checkbox is False.