What's New in Axonius 3.7

Release Date: August-02-2020

Adapters

New Adapters

The following new adapters have been added in this release:

1. Auvik
   • Auvik is an IT asset and network monitoring solution for managing entire network infrastructures, including physical servers, data centers, workstations and more.
   • This adapter fetches the following types of assets: Devices.
2. FreeIPA
   • FreeIPA is a free and open source identity management system for Linux environments.
   • This adapter fetches the following types of assets: Devices, Users.
3. GitLab
   • GitLab is an open-source DevOps lifecycle tool that provides a wiki, issue-tracking, and continuous integration and deployment pipeline features.
   • This adapter fetches the following types of assets: Users.
4. Nexthink
   • Nexthink is an IT solution that provides insights into activity across devices, operating systems, and workplace locations to improve IT experiences for employees.
   • This adapter fetches the following types of assets: Users.
5. Microsoft Key Management Service (KMS)
   • Microsoft Key Management Service (KMS) enables organizations to activate systems within their own network, eliminating the need for individual computers to connect to Microsoft for product activation.
   • This adapter fetches the following types of assets: Devices.
6. PrivX
   • PrivX provides privileged access to on-prem and cloud environments, including control access to servers, network devices and other critical infrastructure according to user roles and privileges.
   • This adapter fetches the following types of assets: Devices, Users.
7. Slack
   • Slack is a chat and collaboration hub used to connect people, information, tools, and services.
   • This adapter fetches the following types of assets: Users.

For more details, explore the entire list of supported and integrated adapters.

Updated Adapters

The following adapters have been enhanced:

• Amazon Web Services (AWS) (Advanced Settings) - Added a new Fetch information about Cloudfront checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch Cloudfront information from AWS.
  • If enabled, all connections for this adapter will fetch Cloudfront information from AWS.
  • If disabled, all connections for this adapter will not fetch Cloudfront information from AWS.
  • This checkbox is required.
  • The default value for this checkbox is False.
    
    

• Okta (Advanced Settings) - Added a new Fetch logs checkbox to the Okta Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch information about user's log events, that include details such as: IP address, browser, OS type.
  • If enabled, all connections of this adapter will also fetch information on users' log events.
  • If disabled, all connections of this adapter will not fetch information on users' log events.
  • This checkbox is required.
  • The default value for this checkbox is False.
    
    

• Signal Sciences (Connection Configuration) - Added a new API Token field to the Add Connection dialog for this adapter.

  • This new field lets you specify API access token associated with a user account that has the permissions to fetch assets.
  • If supplied, Axonius will use the specified API Token to authenticate the request to the Signal Sciences server.
  • If not supplied, Axonius will use the specified Password to authenticate the request to the Signal Sciences server.
  • This field is optional, but it is recommended to use the API Token.
  • The default value for this field is empty.

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

• Trigger Configuration - Multiple enhancements:

  • Renamed the Add Scheduling section to Custom Scheduling.
  • Modified the Add Scheduling checkbox and replaced it with a new Enable custom scheduling toggle button.
    • If switched on, the Custom Schedule Settings section is displayed. This section lets you configure a custom scheduling for the Enforcement Set.
    • If switched off, the Enforcement Set will not include any scheduling and therefore can be run only when manually triggered.
    • The default value for this toggle button is Off.
  • Modified the scheduling options from radio buttons list to Repeat Scheduled Run field.
    • This field lets you select the schedule type:
      • Every discovery cycle - The Enforcement Set will run at the end of each discovery cycle.
      • Every x days - The Enforcement Set will run every number days defined in the Scheduled run every (days) field at the time specified in Scheduled run time field.
      • Days of week - The Enforcement Set will run in the selected days of week as specified in the Scheduled run day(s) field at the time specified in Scheduled run time field.
      • Days of month - The Enforcement Set will run in the selected days of month as specified in the Scheduled run day(s) field at the time specified in Scheduled run time field.
    • This field is required.
    • The default value for this field is Every discovery cycle.

  

New Actions

The following Actions have been added:

• Tag in Cybereason Deep Detect & Respond - Added a new enforcement action called Tag in Cybereason Deep Detect & Respond under the Execute Endpoint Security Agent Action category.
  • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and adds a specified tag to each device entity in Cybereason.
    
    

Updated Actions

The following Actions have been enhanced:

• Send Slack Message - Added a new HTTPS proxy field to the Add Action dialog for this action.

  • This new field lets you specify a proxy to use when connecting to the value supplied in Incoming webhook URL.
  • If supplied, Axonius will utilize the proxy when connecting to the value supplied in Incoming webhook URL.
  • If not supplied, Axonius will connect directly to the value supplied in Incoming webhook URL.
  • This new field is optional.
  • The default value for this field is empty.
    
    

• Create ServiceNow Incident - Multiple enhancements:

  • Added a new Send created issue link to webhook URL field to the Add Action dialog for this action.
    • This new field lets you specify the webhook URL the created ServiceNow Incident link will be sent.
    • If supplied, Axonius will send the message specified in the Webhook content field to the specified webhook URL.
    • If not supplied, Axonius will only create the Jira issue.
    • This new field is optional.
    • The default value for this field is empty.
  • Added a new Webhook content field to the Add Action dialog for this action.
    • This new field lets you specify the webhook content in a JSON format.
    • If supplied, Axonius will send the specified content to the specified webhook URL.
    • If not supplied, Axonius will only create the ServiceNow Incident.
    • This new field is optional.
    • The default value for this field is {"text": "Created incident link is:<<ISSUE_LINK>>"}.
      
      

• Create Jira Issue - Multiple enhancements:

  • Added a new Send created issue link to webhook URL field to the Add Action dialog for this action.
    • This new field lets you specify the webhook URL the created Jira issue link will be sent.
    • If supplied, Axonius will send the message specified in the Webhook content field to the specified webhook URL.
    • If not supplied, Axonius will only create the Jira issue.
    • This new field is optional.
    • The default value for this field is empty.
  • Added a new Webhook content field to the Add Action dialog for this action.
    • This new field lets you specify the webhook content in a JSON format.
    • If supplied, Axonius will send the specified content to the specified webhook URL.
    • If not supplied, Axonius will only create the Jira issue.
    • This new field is optional.
    • The default value for this field is {"text": "Created issue link is:<<ISSUE_LINK>>"}.

Device and User Tables Interface Updates

The following updates have been made to the device and user tables related capabilities in Axonius:

• Enforce Action - multiple enhancements:

  • Modified the Enforce action to a menu that lets you select one of the following options:
    • Create New Enforcement - To create a new Enforcement Set from the Devices/Users page with a Main Action that will run on the entities you have selected ('custom selection').
    • Use Existing Enforcement - To select and run one of the Enforcement Sets that have already been configured.

  

• Columns Filters - Added a new Exclude adapter connection filter to the Column filter dialog.

  • This new filter lets you specify adapters for which to exclude values. Only values from adapters which are not excluded will be displayed.
  • When multiple filters are specified, Axonius will display only values that match for all the filters.

  

Cloud Asset Compliance Updates

The following updates have been made to Cloud Asset Compliance:

• CIS Microsoft Azure Foundations Benchmark v1.1 - Added support for the CIS Microsoft Azure Foundations Benchmark v1.1.
  • The new supported benchmark helps compare your Azure cloud configuration against the CIS Microsoft Azure Foundations Benchmark v1.1 and report on any identified gaps.
  • This benchmark contains consensus best practices that can help safeguard systems against today’s evolving cyber threats and are important for evaluating your organization’s cloud security posture.
  • The benchmark consists of 76 recommendations rules in 10 distinct categories.
    

Axonius Instances Interface Updates

The following updates have been made to Axonius instances:

• Added a new Instances drawer. This drawer lets you perform the following actions:

  • View and edit instance details
  • View instance performance metric
    • Performance metrics include:
      • CPU Usage
      • Hard Drive: Free Size (GB)
      • Hard Drive: Size (GB)
      • Free RAM (MB)
      • Total RAM (GB)
      • Free Swap (GB)
      • Total Swap (GB)
      • Total Physical Processors
      • CPUs: Cores
      • CPUs: Threads in core
      • Last Historical Snapshot (GB)
      • Days Remaining for Historical Snapshots

  

Administrator Settings Interface Updates

The following updates have been made to administrator settings in Axonius:

• Lifecycle Settings - Modified the Discovery Settings section.

  • The Interval discovery schedule option has been renamed to Every x hours to make it clear it lets you configure that the discovery cycles will run every number of hours.
  • The Scheduled discovery schedule option has been renamed to Every x days to make it clear it lets you configure that the discovery cycles will run every number of days at the specified time.
  • Added a new Days of week option to the Discovery Schedule field.
    • This new option lets you select that discovery cycles will run in the selected days of week as specified in the Repeat scheduled discovery on field at the time specified in Scheduled discovery time field.
      
      

• Global Settings - Multiple enhancements:

  • Added a new Password Expiration Settings section with a new Enable password expiration checkbox.
    • Check this checkbox to enable and to configure the password expiration in days that will apply to all users in the system.
    • Expired users will be required to change their password when logging in.
  • Added multiple optional columns and headers (case sensitive) to the location mapping CSV file under the Data Enrichment Settings section:
    • The additional supported fields are:
      • Location ID
      • Facility Name
      • Facility ID
      • Region
      • Zone
      • Country
      • State
      • City
      • Postal Code
      • Street Address
      • Full Address
      • Latitude
      • Longitude
      • AD SiteName
      • AD SiteCode
      • Site Criticality
      • Site Function
      • Comments
    • These fields are optional.

• Certificate Settings - Added a new Certificate Settings tab to the system settings.

  • This new tab lets you configure and manage all certificate related settings.
  • Added a new SSL Certificate section
    • This section displays the current certificate that is presented when accessing the Axonius GUI.
  • Added a new Certificate Signing Request (CSR) section
    • This section will show the CSR details, if one is currently pending.
    • This section allows you to download the current CSR which is pending or to cancel the current CSR request.
  • Added a new Certificate Actions menu, located on the top right of this section. The Certificate Actions have the following options:
    • Generate CSR
      • This option generates a private key which is stored internally in Axonius and then opens the Create Certificate Signing Request modal where you need to specify Certificate Signing Request (CSR) details in order to create the CSR.
      • Once the CSR is created it will be in pending state and will be shown in the Certificate Signing Request (CSR) section where it can be downloaded. The CSR will be in pending state until you sign it with a Certificate Authority (CA) and then upload the signed CSR from the Import Signed Certificate (CSR) option.
    • Import Certificate and Private Key
      • This option opens the Import Certificate and Private Key modal which lets you import a public key and private key (with an optional passphrase) in order to replace the existing SSL certificate which will be presented when accessing the Axonius GUI. The certificate details will be displayed in the SSL Certificate section.
      • This configuration was moved from the previous GUI SSL Settings.
    • Import Signed Certificate (CSR)
      • This option opens the Installed Signed Certificate modal which lets you upload the signed CSR, by uploading it the existing certificate will be replaced and will be displayed in the SSL Certificate section.
    • Restore to System Default
      • This option restores the Axonius default self-signed SSL certificate which will be presented when accessing the Axonius GUI. The certificate details will be displayed in the SSL Certificate section.
  • GUI SSL Settings - This section has been moved from the Global Settings and placed as the Import Certificate and Private Key action as part of the Certificate Actions in the Certificate Settings tab.
  • SSL Trust & CA Settings - This section has been moved from the Global Settings tab to the Certificate Settings tab.
  • Mutual TLS Settings - This section has been moved from the GUI Settings tab to the Certificate Settings tab.