What's New in Axonius 4.1

Release Date: March-15-2021

Release Highlights

• Field Segmentation Chart - Added advanced filtering capability.
  • The enhanced filtering capability lets you refine the segmentation filters by using the AND / OR, NOT, parentheses and different operators on the values of the selected field.
    

• Enforcement Center - Trigger / Query and Automation - Added a new "Every x hours" option to the Repeat scheduled run field under the Custom Schedule Settings.

  • The "Every x hours" option lets you set an enforcement set to run every number of hours as defined in the Scheduled run every (hours) field.
    • The enforcement task start time will be determined based on the specified value, starting midnight. For example, if the specified value is 6, the custom discovery times will be: 12am, 6am, 12pm, 6pm, 12am, etc.
    • The start time for the next enforcement task will be the closest interval. For example, If the specified value is 6, and the configuration has been saved at 10am, the next enforcement task will start at 12pm.
    • The maximum possible value is 24.
      
      

• CIS Google Cloud Platform Foundations Benchmark v1.1 - Added support for the CIS Google Cloud Platform Foundations Benchmark v1.1.

  • The new supported benchmark helps compare your Google Cloud Platform configuration against the CIS Google Cloud Platform Foundations Benchmark v1.1 and report on any identified gaps.
  • This benchmark contains consensus best practices that can help safeguard systems against today’s evolving cyber threats and are important for evaluating your organization’s cloud security posture.
  • The benchmark consists of 50 recommendation rules in 10 distinct categories.
  • Added support for Affected Assets for relevant rules in all categories.

  

New Adapters

The following new adapters have been added in this release:

1. Cisco DNA Center
   • Cisco DNA Center is a software-based network automation and assurance solution.
   • This adapter fetches the following types of assets: Devices.
2. Salesforce
   • Salesforce is a customer relationship management solution that gives a single, shared view of every customer.
   • This adapter fetches the following types of assets: Users.

For more details:

• Explore the entire list of supported and integrated adapters.
• View the adapter enhancements in this release, under the Updated Adapters section in this article.
  
  

Dashboard Updates

The following updates have been made to the Axonius Dashboard:

• Field Segmentation Chart - Added advanced filtering capability.
  • The enhanced filtering capability lets you refine the segmentation filters by using the AND / OR, NOT, parentheses and different operators on the values of the selected field.
    

• Field Summary Chart - Added three new functions:

  • Sum - calculates the sum of the selected field values across all results of the supplied query.
  • Count True - counts the number of True values across all results of the supplied query.
    • This function is applicable only for Boolean fields.
  • Count False - counts the number of False values across all results of the supplied query.
    • This function is applicable only for Boolean fields.

  

• Chart Last Updated Indication - Added a Last Updated indication to each chart.
  

• Query Timeline Chart - The Comparison mode has been enhanced to support the comparison of up 6 devices/user queries.

Device and User Tables Interface Updates

The following updates have been made to the device and user table related capabilities in Axonius:

• Device Profile Page - Aggregated Tab - Added a new Rapid7 Vulnerabilities under the Aggregated tab of the Device Profile page.

  • This new table lists vulnerabilities fetched from Rapid7 Nexpose and InsightVM adapter connections.
    
    

• Query Wizard - Multiple enhancements:

  • Added a new next days from now option to the Date function in the Operator drop-down.
    • This option lets you check for dates which are between NOW and X days from now.
  • Added a new next hours from now option to the Date function in the Operator drop-down.
    • This option lets you check for dates which are between NOW and X hours from now.

Enforcement Center Updates

The following updates have been made to the Axonius Security Policy Enforcement Center:

• Trigger / Query and Automation - Added a new "Every x hours" option to the Repeat scheduled run field under the Custom Schedule Settings.
  • The "Every x hours" option lets you set an enforcement set to run every number of hours as defined in the Scheduled run every (hours) field.
    • The enforcement task start time will be determined based on the specified value, starting midnight. For example, if the specified value is 6, the custom discovery times will be: 12am, 6am, 12pm, 6pm, 12am, etc.
    • The start time for the next enforcement task will be the closest interval. For example, If the specified value is 6, and the configuration has been saved at 10am, the next enforcement task will start at 12pm.
    • The maximum possible value is 24.

New Actions

The following Actions have been added:

• Send to SQL Table - Added a new enforcement action called Send to SQL Table under the Notify category.

  • This new action takes the entities found in the saved query supplied as a trigger (or entities that have been selected in the asset table) and inserts those entities to the supplied MSSQL table. When used with a saved query as a trigger, only the fields configured in the saved query are inserted into the supplied table.
    
    

• Create Azure DevOps Task - Added a new enforcement action called Create Azure DevOps Task under the Create Incident category.

  • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and creates a task in Azure DevOps.
    
    

• Isolate in CrowdStrike Falcon - Added a new enforcement action called Isolate in CrowdStrike Falcon under the Execute Endpoint Security Agent Action category.

  • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and quarantines each of the query results entities (endpoints) from the network.
    
    

• Unisolate in CrowdStrike Falcon - Added a new enforcement action called Unisolate in CrowdStrike Falcon under the Execute Endpoint Security Agent Action category.

  • This new action restores full network connectivity to each of the query results entities (endpoints).

Updated Actions

The following Actions have been enhanced:

• Send CSV to SCP - Added a new CSV delimiter to use for multi-value fields field to the Add Action dialog for this action.
  • This new field lets you specify a delimiter to separate between values within the same field of an exported CSV file.
  • If supplied, values within the same field will be separated by the specified delimiter once the CSV file has been generated.
  • If not supplied, values within the same field will be separated by "\n" (new line) once the CSV file has been generated.
  • This new field is optional.
  • The default value for this field is empty.

Cloud Asset Compliance Updates

The following updates have been made to the Axonius Cloud Asset Compliance:

• CIS Google Cloud Platform Foundations Benchmark v1.1 - Added support for the CIS Google Cloud Platform Foundations Benchmark v1.1.
  • The new supported benchmark helps compare your Google Cloud Platform configuration against the CIS Google Cloud Platform Foundations Benchmark v1.1 and report on any identified gaps.
  • This benchmark contains consensus best practices that can help safeguard systems against today’s evolving cyber threats and are important for evaluating your organization’s cloud security posture.
  • The benchmark consists of 50 recommendation rules in 10 distinct categories.
  • Added support for Affected Assets for relevant rules in all categories.

General Enhancements

The following general enhancements have been made in Axonius:

• Time Picker Control - The time picker control used across the system has been replaced.
  

Updated Adapters

The following adapters have been enhanced:

• Amazon Web Services (AWS) (Advanced Settings) - Added a new Fetch information about DynamoDB (NoSQL Database Service) checkbox to the AWS Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch the information on DynamoDB from AWS.
  • If enabled, all connections for this adapter will fetch information on DynamoDB from AWS.
  • If disabled, all connections for this adapter will not fetch information on DynamoDB from AWS.
  • This checkbox is required.
  • The default value for this checkbox is False.
    
    

• Cisco Meraki (Connection Configuration) - Added a new SSID Exclude List field in the Add Connection dialog for this adapter.

  • This new field lets you specify a comma-separated list of SSIDs.
  • If supplied, Axonius will not fetch connected devices from specific SSIDs.
  • If not supplied, Axonius will fetch connected devices from any SSID.
  • This new field is optional.
  • The default value for this field is empty.
    
    

• Cofense PhishMe (Connection Configuration) - Multiple enhancements:

  • Added a new Email Whitelist field in the Add Connection dialog for this adapter.
    • This new field lets you specify a comma-separated list of email addresses.
    • If enabled, the connection for this adapter will only fetch users whose email address is in the specified list.
    • If disabled, the connection for this adapter will fetch all users.
    • This new field is optional.
    • The default value for this field is empty.
  • Added a new Campaign Whitelist field in the Add Connection dialog for this adapter.
    • This new field lets you specify a comma-separated list of full or partial names of campaigns.
    • If enabled, the connection for this adapter will only fetch users who participated in a campaign whose name contains at least one value in the specified list.
    • If disabled, the connection for this adapter will fetch all users.
    • This new field is optional.
    • The default value for this field is empty.
      
      

• CrowdStrike Falcon (Connection Configuration) - Multiple enhancements:

  • Added new Threat Graph API User and Threat Graph API Key fields in the Add Connection dialog for this adapter.
    • These new fields let you fetch data from CrowdStrike Threat Graph API.
    • If supplied, the connection for this adapter will fetch data from CrowdStrike Threat Graph API.
    NOTE

    It is required to contact CrowdStrike support for access and credentials for the Threat Graph API.

    • If not supplied, the connection for this adapter will not fetch data from CrowdStrike Threat Graph API.
    • These new fields are optional.
    • The default value for these fields is empty.
  • Moved the Machine Domain Whitelist field under the CrowdStrike Falcon Configuration tab in the Advanced Settings for this adapter to the Add Connection dialog for this adapter.
  • Moved the Group Name Whitelist field under the CrowdStrike Falcon Configuration tab in the Advanced Settings for this adapter to the Add Connection dialog for this adapter.
    
    

• CSV (Connection Configuration) - Multiple enhancements:

  • Added a new Ignore illegal characters checkbox in the Add Connection dialog for this adapter.
    • This new checkbox lets you select whether illegal characters will be ignored during the data import. An illegal character is any character that cannot be translated in the specified file encoding.
    • If enabled, Axonius will ignore illegal characters and will omit those from the imported data.
    • If disabled, if an illegal character is found, the entire data import will fail.
    • This new checkbox is required.
    • The default value for this checkbox is False.
      • This field has been enhanced to support FTP URL for all 'File-based' Adapters.
  • Added a new Multi-value fields delimiter field in the Add Connection dialog for this adapter.
    • This new field lets you specify a delimiter to separate values within the same field in the imported CSV file.
    • If supplied, Axonius will consider fields that contain the specified delimiter as multi-value fields. For example, ';'.
    • If not supplied, Axonius will consider all imported fields as single-value fields.
    • This new field is optional.
    • The default value for this field is empty.
      
      

• CyberArk Privileged Account Security (Advanced Settings) - Added a new Fetch accounts checkbox under the CyberArk PAS Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch CyberArk PAS accounts.
  • If enabled, all connections for this adapter will fetch CyberArk PAS accounts in addition to user information.
  • If disabled, all connections for this adapter will only fetch user information.
  • This new checkbox is required.
  • The default value for this checkbox is False.
    
    

• CylancePROTECT (Connection Configuration) - Added a new Cylance Zones Whitelist field in the Add Connection dialog for this adapter.

  • This new field lets you specify a comma-separated list of Cylance zones.
  • If supplied, the connection for this adapter will only fetch devices associated with at least one of the zones provided in this list.
  • If not supplied, the connection for this adapter will fetch all devices from Cylance.
  • This new field is optional.
  • The default value for this field is empty.
    
    

• GitHub (Advanced Settings) - Added a new Fetch public organizations for users checkbox under the GitHub Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch the public organizations each user is a member of.
  • If enabled, all connections for this adapter will fetch the public organizations each user is a member of.
  • If disabled, all connections for this adapter will not fetch the public organizations each user is a member of. As a result, the fetch time will be shorter.
  • This new checkbox is required.
  • The default value for this checkbox is False.
    
    

• Google Workspace (G Suite) (Connection Configuration) - Multiple enhancements:

  • Added a new Fetch Cloud Identity Devices checkbox in the Add Connection dialog for this adapter.
    • This new checkbox lets you select whether to fetch Cloud Identity devices.
    • If enabled, the connection for this adapter will also fetch Cloud Identity devices.
    • If disabled, the connection for this adapter will not fetch Cloud Identity devices.
    • This new checkbox is required.
    • The default value for this checkbox is False.
    NOTE

    Fetching Cloud Identity devices requires:

    • Cloud Identity API enabled.
    • Additional privilege to your Google Workspace (G Suite) admin account: https://www.googleapis.com/auth/cloud-identity.devices.readonly
  • Added a new Fetch Chrome Browsers checkbox in the Add Connection dialog for this adapter.
    • This new checkbox lets you select whether to fetch Chrome browsers information.
    • If enabled, the connection for this adapter will fetch information about Chrome browsers.
    • If disabled, the connection for this adapter will not fetch information about Chrome browsers.
    • This new checkbox is required.
    • The default value for this checkbox is False.
  NOTE

  Fetching Chrome browsers information requires an additional privilege to your Google Workspace (G Suite) admin account: https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly

• ManageEngine Desktop Central (Connection Configuration) - Added a new MFA QR Code field in the Add Connection dialog for this adapter.

  • If MFA is enabled using Google Authenticator, save the QR code received as a PNG file. This new field lets you upload a PNG file of that QR code.
  • If supplied, the connection for this adapter will use the uploaded file to authenticate the specified User Name and Password.
  • If not supplied, the connection for this adapter will not add any additional authentication to the specified User Name and Password.
  • This new field is optional.
  • The default value for this field is empty.
    
    

• Microsoft Azure AD (Advanced Settings) - Multiple enhancements:

  • Added a new Fetch user groups checkbox under the Azure AD Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to fetch information on every group a user is a member of.
    • If enabled, all connections for this adapter will fetch user group information.
    • If disabled, all connections for this adapter will not fetch user group information.
    • This new checkbox is required.
    • The default value for this checkbox is True.
  • Added a new Fetch software information from Intune checkbox under the Azure AD Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to fetch installed software from Intune.
    • If enabled, all connections for this adapter will fetch installed software from Intune.
    • If disabled, all connections for this adapter will not fetch installed software from Intune.
    • This new checkbox is required.
    • The default value for this checkbox is True.
      
      

• Puppet (Advanced Settings) - Added a new Exclude IPv6 addresses checkbox under the Puppet Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch IPv6 addresses.
  • If enabled, all connections for this adapter will fetch only IPv4 addresses.
  • If disabled, all connections for this adapter will fetch both IPv4 and IPv6 addresses.
  • This new checkbox is required.
  • The default value for this checkbox is False.
    
    

• Qualys Cloud Platform - Multiple enhancements:

  • Added a API Rate Limit (Requests per Hour) field in the Add Connection dialog for this adapter.
    • This new field lets you specify a rate limit for the number of requests per hour to be sent to Qualys.
    • This setting is applicable only for the Global IT Asset Inventory API.
    • If supplied, the number of requests initiated per hour by the connection for this adapter will be limited to the specified value. During data fetch from this connection, if the API rate limit is reached, the connection will be paused for an hour, and then will resume the data fetch.
    • If not supplied, the number of requests initiated by the connection for this adapter will not be limited.
    • This new field is optional.
    • The default value for this field is empty.
  • Modified the Fetch Policy Control checkbox under the Qualys Configuration tab in the Advanced Settings for this adapter.
    • The Fetch Policy Control checkbox has been renamed to Add STIG rules to policy posture.
    • This checkbox lets you select whether to fetch STIG rule IDs and add that information to the fetched posture information.
    • If enabled, all connections for this adapter will also fetch STIG rule IDs associated with policy compliance.
    NOTE

    STIG rules will be fetched only if Fetch policy posture information is enabled.

    • If disabled, all connections for this adapter will not fetch STIG rule IDs associated with policy compliance.
    • This checkbox is required.
    • The default value for this checkbox is False.
  • Added a new Fetch VM detection field under the Qualys Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to fetch additional VM information for AWS, Azure and GCP cloud appliance.
    • If enabled, all connections for this adapter will also fetch additional VM information for cloud appliances.
    • If disabled, all connections for this adapter will not fetch additional VM information for cloud appliances.
    • This checkbox is required.
    • The default value for this checkbox is False.
      
      

• ServiceNow (Advanced Settings) - Multiple enhancements:

  • Added a new Install status number include list field under the ServiceNow Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you specify a comma-separated list of one or more numbers that represent install status to include in the fetched data.
    • If supplied, all connections for this adapter will only fetch devices from ServiceNow if their install status is in the specified list.
      • The values supplied in this field are applicable only if the Install status number exclude list field value is empty.
    • If not supplied, all connections for this adapter will fetch all devices from ServiceNow, regardless of their install status.
    • This new field is optional.
    • The default value for this field is empty.
  • Added a new Entries fetched per page field under the ServiceNow Configuration tab in the Advanced Settings for this adapter.
    • This new field lets you specify the maximum number of entries all connections for this adapter fetch per page when connecting the ServiceNow server.
    • The supplied value lets you control the performance of all the connections for this adapter. To reduce the number of requests sent to ServiceNow, but to avoid impact on overall performance, you can reduce the Number of requests to perform in parallel value and increase the Entries fetched per page value.
    • This new field is required.
    • The default value for this field is 200.
      
      

• Splunk (Advanced Settings) - Multiple enhancements:

  • Updated the Splunk search macros list field under the Splunk Configuration tab in the Advanced Settings for this adapter.
    • This field now supports macros that start with a generating command.
    • To execute macros that start with a generating command, add "|" (pipe) as a prefix to the supplied macro name.
  • Updated the Splunk installed software search macros list field under the Splunk Configuration tab in the Advanced Settings for this adapter.
    • This field now supports macros that start with a generating command.
    • To execute macros that start with a generating command, add "|" (pipe) as a prefix to the supplied macro name.
      
      

• Tenable.sc (SecurityCenter) (Advanced Settings) - Added a new Fetch scan results checkbox under the Tenable.sc Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch scan results for each repository.
  • If enabled, all connections for this adapter will fetch scan results for each repository.
  • If disabled, all connections for this adapter will not fetch any scan results
  • This new checkbox is required.
  • The default value for this checkbox is False.
    
    

• VMware ESXi (Advanced Settings) - Added a new Exclude IPv6 addresses checkbox under the ESX Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch IPv6 addresses.
  • If enabled, all connections for this adapter will fetch only IPv4 addresses.
  • If disabled, all connections for this adapter will fetch both IPv4 and IPv6 addresses.
  • This new checkbox is required.
  • The default value for this checkbox is False.
    
    

• Zoom (Advanced Settings) - Added a new Fetch devices only with hostname and MAC address checkbox under the Zoom Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch devices that have both hostname and MAC address details.
  • If enabled, all connections for this adapter will only fetch devices that have both hostname and MAC address details.
  • If disabled, all connections for this adapter will fetch any device, even if it doesn't have hostname or MAC address details.
  • This new checkbox is required.
  • The default value for this checkbox is True.
    
    

• Zscaler Web Security (Advanced Settings) - Added a new Fetch users checkbox under the Zscaler Configuration tab in the Advanced Settings for this adapter.

  • This new checkbox lets you select whether to fetch users' data.
  • If enabled, all connections for this adapter will fetch users' data. Each user will be added as a user asset in Axonius.
  • If disabled, all connections for this adapter will not fetch users' data.
  • This new checkbox is required.
  • The default value for this checkbox is True.
    
    

Administrator Settings Interface Updates

The following updates have been made to the administrator settings in Axonius:

• Global Settings - Multiple enhancements:

  • Modified the Notifications Settings section.
    • Added a new Enable notifications for low disk space (percentage %) toggle switch.
      • If switched on, the system will monitor the available free disk space percentage for all nodes and will create critical or warning notifications based on the limits defined in the section.
      • If switched off, no system notification will be created for a low disk space.
      • The default value for this toggle switch is switched off.
    • Added a new Enable notifications for low disk space (GB) toggle switch.
      • If switched on, the system will monitor the available free disk space in GB for all nodes and will create critical or warning notifications based on the limits defined in the section.
      • If switched off, no system notification will be created for a low disk space.
      • The default value for this toggle switch is switched off.
    • Renamed the Adapters error email address to Notifications email address and the Adapters error webhook address to Notifications webhook address to clarify that system notifications are not limited to adapter connection errors.
  • Added a new Reports Generation Schedule section with a Enable reports generation schedule toggle switch under the Global Settings tab.
    • This new section lets you select whether to enable custom scheduling for the generation of reports PDF files.
    • If switched on, specify the number of hours between reports PDF files generation. The reports PDF files will be also generated at the end of each discovery cycle.
    • If switched off, reports PDF files will be at the end of the discovery cycle.
    • The default value for this toggle switch is switched off.
      
      

• Permission List - Added two new permissions:

  • Export devices to CSV permission in the Device Assets permission category
    • The new permission lets you select whether the role allows exporting device information to CSV.
    • If enabled, the users assigned to that role can export device information.
    • If disabled, the users assigned to that role will not be able to export device information.
    • This permissions is required.
    • The default value for this permission is True.
  • Export users to CSV permission in the User Assets permission category
    • The new permission lets you select whether the role allows exporting user information to CSV.
    • If enabled, the users assigned to that role can export user information.
    • If disabled, the users assigned to that role will not be able to export user information.
    • This permissions is required.
    • The default value for this permission is True.
      
      

Axonius-as-a-Service Updates

The following updates have been made to the Axonius-as-a-Service:

• Multiple Tunnels Support - Added support in working with multiple Tunnels:

  • This new capability lets you secure data fetching from several internal networks.
  • If you have a connected Tunnel, it will remain intact. However, before adding an additional Tunnel, you will be requested to download and reinstall your existing Tunnel version.

• System Settings - Manage Tunnels Tab - Multiple enhancements:

  • The Tunnel Settings tab has been renamed to Manage Tunnels to make it clear that multiple Tunnels are supported.
  • This tab lets you manage and monitor the various Tunnels.
    

• Configure and Connect Adapters to Use the Axonius Tunnel - Modified the configuration required to use an Axonius Tunnel for adapter connection:

  • Added a new Tunnel Name field in the Add Connection dialog for all adapters.

    • This new field lets you select the Tunnel to be used to pull data from the configured source.
    • If supplied, the adapter connection will use the selected Tunnel to pull data from adapter connection. Using a Tunnel is only required if the source for the adapter is only accessible by an internal network.
    • If not supplied, the adapter connection will contact the configured source directly to pull data from the adapter connection. Keep this field empty if the source for the adapter is accessible from the internet.
    • This new field is optional.
    • The default value for this field is empty.
      

  • Removed the Use tunnel to connect to source checkbox under the Adapter Configuration tab in the Advanced Settings for all adapters.