What's New in Axonius 3.6

Release Date: July-12-2020

Adapters

New Adapters

The following new adapters have been added in this release:

1. BeyondTrust Privileged Identity (Lieberman RED Identity Management)
   • BeyondTrust Privileged Identity (formerly Lieberman RED Identity Management) is a password management solution that helps companies secure, manage, and administer credentials for privileged users and IT vendors.
   • This adapter fetches the following types of assets: Users.
2. Digital Shadows SearchLight
   • Digital Shadows SearchLight is a digital risk protection solution that protects organizations against external risk exposure.
   • This adapter fetches the following types of assets: Devices.
3. Infinipoint
   • Infinipoint is a cloud-based automated cyber hygiene platform that enables continuous detection and remediation of risks across the organization’s IT assets
   • This adapter fetches the following types of assets: Devices, Users.
4. KnowBe4
   • KnowBe4 provides Security Awareness Training for anti-phising behavior, social engineering and ransomware attacks, and general security awareness.
   • This adapter fetches the following types of assets: Users.
5. phpIPAM
   • phpIPAM is an open-source web IP address management application (IPAM).
   • This adapter fetches the following types of assets: Devices, Users.
6. Rancher
   • Rancher is an open-source multi-cluster orchestration platform that enables operations teams to deploy, manage, and secure enterprise Kubernetes.
   • This adapter fetches the following types of assets: Devices.
7. Rapid7 Nexpose Warehouse
   • Rapid7 Nexpose Warehouse fetches device information directly from an external data warehouse.
   • This adapter fetches the following types of assets: Devices.
8. Sal
   • Sal is a open-source reporting solution for managed endpoints.
   • This adapter fetches the following types of assets: Devices.
9. SonicWall
   • SonicWall next-generation firewalls (NGFW) provide security, control, and visibility to maintain an effective cybersecurity posture.
   • This adapter fetches the following types of assets: Devices.
10. Windows Management Instrumentation (WMI)
    • Windows Management Instrumentation (WMI) is a set of specifications from Microsoft for consolidating the management of devices and applications in a Windows network. WMI provides users with information about the status of local or remote computer systems.
    • This adapter fetches the following types of assets: Devices.
      
      

For more details, explore the entire list of supported and integrated adapters.

Updated Adapters

The following adapters have been enhanced:

• Amazon Web Services (AWS) (Advanced Settings) - Added a new Fetch information about Elasticsearch checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch information on the existing Elasticsearch instances.
  • If enabled, all connections for this adapter will fetch all existing Elasticsearch instances data from AWS.
  • If disabled, all connections for this adapter will not fetch any Elasticsearch instances data from AWS.
  • This checkbox is required.
  • The default value for this checkbox is False.
    
    

• IBM BigFix (Advanced Settings) - Added a new Exclude IPv6 addresses checkbox to the BigFix Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch IPv6 addresses.
  • If enabled, all connections for this adapter will fetch only IPv4 addresses.
  • If disabled, all connections for this adapter will fetch both IPv4 and IPv6 addresses.
  • This checkbox is required.
  • The default value for this checkbox is False.
    
    

• Tenable.io (Advanced Settings) - Added a new Fetch agent data checkbox to the Tenable.io Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch Tenable.io agent data on each device.
  • If enabled, all connections for this adapter will fetch Tenable.io agent data on each device.
  • If disabled, all connections for this adapter will not fetch Tenable.io agent data on each device.
  • This checkbox is required.
  • The default value for this checkbox is True.

Dashboard Updates

The following updates have been made to the Axonius Dashboard:

• Dashboard Spaces - Multiple enhancements:
  • Added a new menu to each dashboard space tab with Delete and Edit options.
  • Added the option to edit space permissions. The Edit Space dialog now lets you to:
    • Rename the space.
    • Edit Space permissions.
      • By default, all custom spaces have Public access. It is possible to select only specific Roles which will have access to this space.
      • Users with the Admin role will always have access to all spaces.
        

• Query Timeline Chart - Added an Export to CSV action to the Query Timeline chart menu.
  • This action exports a matrix of date and values to a CSV file.

• Field Segmentation Chart - Added a new Include timeline checkbox to the Field segmentation chart configuration dialog.

  • This new checkbox lets you view the trend of the total of the segments and count of all segments in a timeline chart.
    • If enabled:
      • In the Show results in the last (days) field, specify the number of last days to be included in timeline chart.
      • The timeline is limited to the last 30 days.
      • A timeline chart button is added to the chart panel. Click it to display/hide the timeline.
      • An Export to CSV - Timeline action is added to the chart menu.
        • This action exports a matrix of date and values to a CSV file.
    • If disabled, the Field Segmentation chart will not include any additional timeline.
    • This checkbox is required.
    • The default value for this checkbox is False.

  

• Pie Charts - Added a Total indication to the pie charts of Query Intersection chart, Field Segmentation chart and the Query Comparison chart.Segmentation chart and the Query Comparison chart.
  

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

New Actions

The following Actions have been added:

• Add IPs to Tenable.io Scan - Added a new enforcement action called Add IPs to Tenable.io Scan under the Update VA Coverage category.

  • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table), and adds the IP addresses of those entities to an existing Tenable.io scan.
    
    

• Add Asset to Jira Assets Platform - Added a new enforcement action called Add Asset to Jira Assets Platform under the Manage CMDB Computer category.

  • The new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and creates a new asset or updates an existing asset in Jira Assets Platform for each of the query result entities.
  • Updating an asset will overwrite its properties with the properties defined in the request object from Axonius.
    
    

Updated Actions

The following Actions have been enhanced:

• Deploy Files and Run Commands - The Run Command has been renamed to Deploy Files and Run Commands to clarify the actions under this category allow deploy files and run commands.
  
  

• Deploy Files and Run Windows Shell Command - Multiple enhancements:

  • The Run Windows Shell Command has been renamed to Deploy Files and Run Windows Shell Command to clarify this action allows deploy files and run commands.
  • Added a new DNS servers field to the Add Action dialog for this action.
    • This new field lets you specify a comma-separated list of DNS servers to be used to resolve the hostnames in the saved query supplied as a trigger (or devices that have been selected in the asset table).
    • If supplied, Axonius will use the specified DNS server to resolve the devices' hostnames. For each asset, the first response will be the one to be used.
    • If not supplied or if no response has been received from any of the specified DNS servers, the default DNS server will be used.
    • This new field is optional.
    • The default value for this field is empty.
  • The Command line parameters field has been renamed to Command.
  • Added a new Command name field to the Add Action dialog for this action.
    • This new field lets you specify a field name to be added to the device.
    • If supplied, a new device field will be populated only if a condition has been added in the command field.
    • If not supplied, no additional field will be added to the device.
    • This new field is optional.
    • The default value for this field is empty.
      
      

• Deploy Files and Run Linux Shell Command - The Run Linux Shell Command has been renamed to Deploy Files and Run Linux Shell Command to clarify this action allows deploy files and run commands.
  
  

• Run WMI Scan - Added a new DNS servers field to the Add Action dialog for this action.

  • This new field lets you specify a comma-separated list of DNS servers to be used to resolve the hostnames in the saved query supplied as a trigger (or devices that have been selected in the asset table).
  • If supplied, Axonius will use the specified DNS server to resolve the devices' hostnames. For each asset, the first response will be the one to be used.
  • If not supplied or if no response has been received from any of the specified DNS servers, the default DNS server will be used.
  • This new field is optional.
  • The default value for this field is empty.
    
    

• Send CSV to Share - Multiple enhancements:

  • Added a new Append date and time to file name field to the Add Action dialog for this action.
    • This new field lets you append a timestamp to the generated CSV file name.
    • If enabled, the date and time (in UTC) of enforcement action execution will be added as a suffix to the generated CSV file name. For example, axonius_csv_2020-01-06-16:48:13.csv.
    • If disabled, the CSV file will be stored based on the specified share path.
    • This field is required.
    • The default value for this field is False.
  • Added a new Append extension .csv to file name field to the Add Action dialog for this action.
    • This new field lets you append extension .csv to file name.
    • If enabled, .csv will be added as the extension of the generated CSV file name.
    • If disabled, the CSV file will be stored based on the specified share path.
    • This field is required.
    • The default value for this field is False.
      
      

• Create ServiceNow Computer - Added a new Axonius to ServiceNow field mapping field to the Add Action dialog for this action.

  • This new field lets you specify additional fields to be added to the ServiceNow computer based on the device's Axonius fields. The input should be key/value pairs in a JSON format. For example: {"axoniusfield1":"servicenowfield1", "axoniusfield2":"servicenowfield2"}.
  • If supplied, Axonius will add the specified fields and values to the created computer in ServiceNow. If one of the specified fields is invalid, the request might fail.
  • If not supplied, Axonius will not add any fields to the created computer in ServiceNow, beyond the default field mapped from Axonius.
  • This field is optional.
  • The default value for this field is empty.
    
    

• Update ServiceNow Computer - Added a new Axonius to ServiceNow field mapping field to the Add Action dialog for this action.

  • This new field lets you specify additional fields to be added to the ServiceNow computer based on the device's Axonius fields. The input should be key/value pairs in a JSON format. For example: {"axoniusfield1":"servicenowfield1", "axoniusfield2":"servicenowfield2"}.
  • If supplied, Axonius will add the specified fields and values to the updated computer in ServiceNow. If one of the specified fields is invalid, the request might fail.
  • If not supplied, Axonius will not add any fields to the updated computer in ServiceNow, beyond the default field mapped from Axonius.
  • This field is optional.
  • The default value for this field is empty.

Device and User Tables Interface Updates

The following updates have been made to the device and user tables related capabilities in Axonius:

• Query Wizard - Added a new Has Notes field to the Aggregated option selected in the adapter drop-down.
  • This new field lets you query for Devices or Users with notes.
  • The valid values for this field are:
    • True - if the device has at least one note.
    • False - if the device does not have any notes.
      
      

Cloud Asset Compliance Updates

The following updates have been made to Cloud Asset Compliance:

• Aggregated View - Added a new Aggregated view that displays results for affected assets across all accounts currently filtered.
  

• Create Jira Issue Enforcement - Added a new enforcement action called Create Jira issue to the Enforce menu.
  • This new action lets you create a Jira issue with the CSV containing the compliance results.
    
    

Administrator Settings Interface Updates

The following updates have been made to administrator settings in Axonius:

• Global Settings - Multiple enhancements:

  • Renamed the CyberArk Settings to Enterprise Password Manager Settings to clarify that more than one enterprise password manager is supported.
  • Added a new Password Manager drop-down that lets you choose the password manager used for the integration.
  • Added support for Thycotic Secret Server integration.
    • The integration between Axonius and Thycotic enables Axonius to securely pull privileged credentials from Thycotic Secret Server. The integration helps ensuring that privileged credentials are secured in the Thycotic Secret Server, rotated to meet company guidelines and meet complexity requirements.
      
      

• Identity Providers Settings - Added a new Identity Providers Settings tab to the system settings.

  • This new tab lets you configure and manage the configuration of LDAP and SAML based identity access management providers.

  • LDAP Login Settings - Multiple enhancements:

    • This section has been moved from the GUI Settings tab to the Identity Providers Settings tab.
    • Added a new Role Assignment Settings section under the LDAP Login Settings section. This new section consists of the following settings:
      • The Evaluate role assignment on field lets you select whether to evaluate role assignment for new users or for new and existing users.
        • If New users only is selected, role assignment will be evaluated only for new users. The role for existing Axonius will not be re-evaluated and will remains as is.
        • If New and existing users is selected, role assignment will be evaluated for new users and also for existing users on every login.
        • This field is required.
        • The default value for this field is New users only.
      • The Default role for new LDAP user (if no matching assignment rule found) field lets you determine the default role that will be associated with new LDAP users.
        • This field is required.
        • The default value for this field is No Access.
      • The Role Assignment Rules (users will be assigned to the first matching role) sub-section lets you configure a ranked list of rules to determine the user's role.
        • Each role consists of category (email address, email domain or group), value (case sensitive exact match) and the role to be assigned.
        • To reorder the rules, hover over the rule to use the drag and drop functionality.
        • When a user logs in to Axonius with LDAP, the user's assigned role will be determined based on the Role Assignment Rules Logic.

  • SAML-Based Login Settings - Multiple enhancements:

    • This section has been moved from the GUI Settings tab to the Identity Providers Settings tab.
    • Added a new Role Assignment Settings section under the SAML-Based Login Settings section. This new section consists of the following settings:
      • The Evaluate role assignment on field lets you select whether to evaluate role assignment for new users or for new and existing users.
        • If New users only is selected, role assignment will be evaluated only for new users. The role for existing Axonius will not be re-evaluated and will remains as is.
        • If New and existing users is selected, role assignment will be evaluated for new users and also for existing users on every login.
        • This field is required.
        • The default value for this field is New users only.
      • The Default role for new SAML user (if no matching assignment rule found) field lets you determine the default role that will be associated with new SAML users.
        • This field is required.
        • The default value for this field is No Access.
      • The Role Assignment Rules (users will be assigned to the first matching role) sub-section lets you configure a ranked list of rules to determine the user's role.
        • Each role consists of key/value pairs (case sensitive exact match) and the role to be assigned.
        • To reorder the rules, hover over the rule to use the drag and drop functionality.
        • When a user logs in to Axonius with SAML, the user's assigned role will be determined based on the Role Assignment Rules Logic.
          
          

• Manage Users - Added a new Ignore role assignment rules checkbox to external users (SAML/LDAP).

  • This new checkbox lets you select whether to enforce the current user's role regardless of the Role Assignment Settings configuration under the Identity Providers Settings.
  • If enabled, the user's assigned role will remain as-is and will not be evaluated on future logins.
  • If disabled, the user's assigned role may be changed on future logins, depends on the Role Assignment Settings configuration under the Identity Providers Settings.
  • This new checkbox is required.
  • The default value for this checkbox is False.
    
    

• Manage Roles - Added a new 'No Access' default system role.

  • This new default system role does not grant any permissions to the system.
  • This role can be used in LDAP/SAML role assignment rules to prevent from users gain access to the system.