What's New in Axonius - Axonius 4.4
  • 05 Jul 2023
  • 19 Minutes to read
  • Dark
    Light
  • PDF

What's New in Axonius - Axonius 4.4

  • Dark
    Light
  • PDF

Article summary

Release Date: July-2021


Version 4.4 encompasses all functionality of version 4.3, the details of which can be found here.

Release Highlights

  • Adding List Type to Custom Data Fields

    • In Add Custom Fields on the Devices and Users page you can create a new Custom Field of the type 'List' to add multiple value in a field of the type list. This feature is available in the Add Custom Data Enforcement Set too.
  • Split by Asset Entities for CSV Export on the Users and Devices pages.

    • Added a Split by asset entities checkbox to the Export CSV dialog. This enables you to create a CSV file where each asset entity of a device is shown as a separate row.
  • Manage Users - Manage Users Search and Filter

    • Search and Filters have been added to the Manage Users page. You can search for and filter the display by user name, role, source and last login date or date range.
      ManageUserswithSearch.png

    • Filtering by Roles type was added to the Manage Roles page. You can find all users with a specific role type.

    • When you filter by roles, the number of users with a specific role is displayed. Click on the number of users with the required role. The Manage Users page opens and displays all the users with the role chosen.

      RolesPage.png

  • Identify Provider Settings - Smartcard Authentication - in the LDAP Login Settings added Smartcard Authentication.

    • Added a new Authentication type drop down box to support Login to Axonius using smartcards using CAC PIV cards (Common Card Access Personal Identity Verification).
      smartcardoptions.png


Adapters Updates

New Adapters

The following new adapters were added in this release:

  • Darktrace
    • Darktrace Immune System protects workforce and data from sophisticated attackers, by detecting, investigating and responding to cyber-threats.
    • This adapter fetches the following types of assets: Devices.
  • MongoDB
    • MongoDB is a document-oriented NoSQL database.
    • This adapter fetches the following types of assets: Devices, Users.
  • SentinelOne Ranger
    • SentinelOne Ranger creates visibility into your network by using distributed passive and active mapping techniques to discover running services, unmanaged endpoints, IoT devices, and mobiles.
    • This adapter fetches the following types of assets: Devices.
  • Trend Micro Worry-Free
    • Trend Micro Worry-Free is an endpoint and SaaS solution protecting against malware, scripts, injection, ransomware, memory and browser attacks, and exploits.
    • This adapter fetches the following types of assets: Devices.



For more details:

Adapters Interface Updates

The following updates were made to the common functionality across all adapters:

  • Adapters Fetch History New Parameters

    • Added 2 new parameters to the Adapters Fetch History page.
      • Ignored Devices - The number of devices that were not seen by the source in the last X hours (X is defined in Adapter Advanced Settings), and were therefore ignored.

      • Ignored Users - The number of users that were not seen by the source in the last X hours (X is defined in Adapter Advanced Settings) and were therefore ignored.

        FetchRN.png


Dashboard Updates

The following updates were made to the Axonius Dashboard:

EditSpaceMain.png


Reports Updates

The following updates were made to the Axonius Reports:

  • New Report Download Options

    • On the Report Configuration Page, the Download Report button now presents the following options:

      • Download PDF
      • Download CSV
      • Download CSV and PDF
  • Email attachments can now be sent as compressed attachments. When an email attachment is over 10MB a notification is sent.

    ReportEmailConfig.png


Device and User Tables Interface Updates

The following updates were made to the device and user tables related capabilities in Axonius:


Enforcement Center Updates

The following updates were made to the Axonius Security Policy Enforcement Center:

New Actions

The following Actions have been added:

  • Run Chef Command - Added a new enforcement action called Run Chef Command under the Deploy Files and Run Commands category.
    • This new action adds or remove recipes and attributes from chef nodes.

Updated Adapters

The following adapters were enhanced:

  • Amazon Web Services (AWS) - Multiple enhancements
    • If you are using the AWS Organizations service to manage your AWS accounts, then it is possible to setup a single AWS adapter connection and use that connection to discover and connect to all of the AWS Organization member accounts. Refer to Configuring the AWS Adapter using Organizations.
    • Associate role policies to user - Select this options fetch more information from Access Advisor so that you can can search for all services that a user has access to, but they did not use within a certain number of days.


  • Bitbucket - Multiple enhancements:

    • This adapter now fetches users as well as devices.
    • Added a new Max.audit log record pages to parse field to the Bitbucket Server tab in the Advanced Settings for this adapter.
      • This new field specifies the maximum number of pages to parse for the users visit log for all connections for this adapter.
      • This new field is required.
      • The default value for this field is 50.

  • Cisco Advanced Malware Protection (AMP) (Advanced Settings) - Multiple enhancements:

    • Added a new Parallel Requests Count field to the Cisco AMP tab in the Advanced Settings for this adapter.
      • This new field lets you set the maximum number of threads that execute API calls in parallel when fetching vulnerabilities.
      • This field is required.
      • The default value for this checkbox is 5.
    • Added a new Fetch vulnerabilities checkbox to the Cisco AMP tab in the Advanced Settings for this adapter.
      • This new checkbox lets you select whether to fetch vulnerabilities on devices.
      • When enabled, all connections for this adapter also fetch vulnerabilities.
      • When disabled, all connections for this adapter do not fetch vulnerabilities.
      • This checkbox is required.
      • The default value for this checkbox is False.

  • Cisco Unified Communications Manager (UCM) (Advanced Settings) - Added a new Use description as the asset name checkbox to the Cisco UCM Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you select whether to use the description as the asset name if the name field is not available.
    • When enabled, all connections for this adapter use the description as the asset name, when the name field is missing.
    • When disabled, all connections for this adapter do not use the description as the asset name when there is no name field.
    • This checkbox is required.
    • The default value for this checkbox is False.

  • FortiClient EMS (Advanced Settings) - Added a new Do not fetch devices without Last Seen checkbox to the FortiClient EMS Advanced Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you select whether to fetch devices that do not have the 'Last Seen' attribute.
    • When enabled, all connections for this adapter will not fetch devices that do not have the 'Last Seen' attribute.
    • When disabled, all connections for this adapter will fetch all devices.
    • This checkbox is required.
    • The default value for this checkbox is True.

  • Ivanti Security Controls (Advanced Settings) - Multiple enhancements:

    • Added a new Number of processes to open for installed software fetch field to the Ivanti SC tab in the Advanced Settings for this adapter.

      • This new field lets you set the number of threads to open when fetching the installed software.
      • This field is required.
      • The default value for this field is 15.
    • Added a new Fetch installed software checkbox to the to the Ivanti SC tab in the Advanced Settings for this adapter.

      • This new checkbox lets you select whether to fetch information about installed software.
      • When enabled, all connections for this adapter also fetch information about installed software for each device.
      • When disabled, all connections for this adapter do not fetch information about installed software for each device.
      • This field is required.
      • The default value for this field is False.
    • Added a new Fetch installed software from patches that in the past x days field to the to the Ivanti SC tab in the Advanced Settings for this adapter.

      • This new fields lets you set the number of days back to fetch information about software that was patched in the last X days. All connections for this adapter will fetch this information for each device.
      • This field is required.
      • The default value for this field is 90.

  • Ivanti Unified Endpoint Manager (Landesk) (Advanced Settings) - Added a new Comma separated custom fields field to the Iventi Landesk tab in the Advanced Settings for this adapter.

    • This new field lets you add a comma separated list of fields that will be queried from the Landesk instance and added as a list of values in the device.
    • This field is optional.
    • The default value for this checkbox is Empty.

  • Jamf Pro - Multiple enhancements:

    • The Jamf Pro adapter supports the Jamf Pro API as well as the Jamf Classic API.

    • As a result the following changes have been made to the Jamf Pro (Advanced Settings)

      The following settings were removed: Number of parallel requests to the server, Close connections immediately (no keep-alive), Seconds to sleep before sending HTTPS requests.

    • Added a new Use pro API checkbox to the Jamf Configuration tab in the Advanced Settings for this adapter.

      • This checkbox lets you choose whether to use the Jamf Pro API
      • When enabled, all connections for this adapter will use the Jamf Pro API.
      • When disabled, all connections for this adapter use the Jamf Classic API
      • This checkbox is required.
      • The default value for this checkbox is false.
    • Added an Async chunks in parallel field to the Jamf Configuration tab in the Advanced Settings for this adapter.

      • This field allows you to set the number of chunks to fetch in parallel when working with the classic API.
      • This field is required.
      • The default value for this field is 20.

  • Microsoft Azure (Advanced Settings) - Multiple enhancements:

    • Added a new Fetch SQL servers as devices checkbox to the Azure Configuration tab in the Advanced Settings for this adapter.

      • This new field lets you define whether to fetch SQL Servers and represent them as devices.
      • If enabled, all connections for this adapter will fetch SQL Servers and represent them as devices.
      • If disabled, all connections for this adapter will not fetch SQL Servers.
      • This field is optional.
      • The default value for this field is false.
    • Added a new Fetch Load Balancers as devices checkbox to the Azure Configuration tab in the Advanced Settings for this adapter.

      • This new field lets you define whether to fetch Load Balancers and represent them as devices.
      • If enabled, all connections for this adapter will fetch Load Balancers and represent them as devices.
      • If disabled, all connections for this adapter will not fetch Load Balancers.
      • This field is optional.
      • The default value for this field is false.


  • Microsoft Defender for Endpoint (Microsoft Defender ATP) - The name of the Microsoft Defender ATP adapter has been changed to Microsoft Defender for Endpoint (Microsoft Defender ATP).

  • Microsoft System Center Configuration Manager (SCCM) (Advanced Settings) - Multiple enhancements:

    • Added a new Fetch EP_AntimalwareHealthStatus Windows Defender AV definition table checkbox to the SCCM Configuration tab in the Advanced Settings for this adapter.

      • This new field lets you define whether to fetch Windows Defender Health Status from the EP_AntimalwareHealthStatus.
      • When enabled, all connections for this adapter will fetch Windows Defender Health Status from the EP_AntimalwareHealthStatus.
      • When disabled, all connections for this adapter will not fetch Windows Defender Health Status from the EP_AntimalwareHealthStatus.
      • This field is optional.
      • The default value for this field is false.
    • Added a new Fetch devices from the following additional tables field to the SCCM Configuration tab in the Advanced Settings for this adapter.

      • This new field lets you enter a comma separated list of SQL tables from which additional device information is fetched.
      • When supplied, all connections for this adapter will fetch additional device information from the SQL tables listed.
      • When not supplied, all connections for this adapter will not fetch additional device information.
      • This field is optional.
      • The default value for this field is false.

  • Nozomi Guardian and CMC - The name of the Nozomi Network Guardian adapter has been changed to Nozomi Guardian and CMC.

  • Qualys Cloud Platform (Advanced Settings) - Added a new Do not populate hostname when tracking method is IP checkbox to the Qualys Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you select whether to populate the device hostname field when the tracking method is IP.
    • When enabled, all connections for this adapter will not populate the device hostname field when the tracking method is IP.
    • When disabled, all connections for this adapter will populate the device hostname field.
    • This checkbox is required.
    • The default value for this checkbox is False.


  • Red Hat Satellite (Advanced Settings) - Added a new Fetch host errata checkbox to the Red Hat Satellite Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you select whether to fetch errata information for every device (including vulnerable_software and Red Hat Errata information).
    • When enabled, all connections for this adapter will fetch errata information for every device (including vulnerable_software and Red Hat Errata information).
    • When disabled, all connections for this adapter will not fetch any errata information.
    • This checkbox is required.
    • The default value for this checkbox is False.

  • SalesForce (Advanced Settings) - Added a new Fetch chatter user data checkbox to the SalesForce Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you select whether to fetch information about the chatter user platform.
    • When enabled, all connections for this adapter also fetch additional information about the chatter user platform (if the user has this platform).
    • When disabled, all connections for this adapter do not fetch information about the chatter user platform.
    • This checkbox is required.
    • The default value for this checkbox is False.


  • ServiceNow (Advanced Settings) - Multiple enhancements:

    • Added a new ServiceNow Fields are true field to the ServiceNow Configuration tab in the Advanced Settings for this adapter.

      • This new field lets you set one or more parameters, separated by commas, and filter only devices where these parameters are true.
      • When supplied, all connections for this adapter will fetch devices where these parameters are true, and will not fetch devices where these parameters are false. If the device does not have the field, the device is fetched.
      • When not supplied, all connections for this adapter will fetch all devices.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Additional device table names field to the ServiceNow Configuration tab in the Advanced Settings for this adapter.

      • This new field lets you enter one or more ServiceNow table names separated by commas from which Axonius will fetch entries and parse them into devices.
      • When supplied all connections for this adapter will fetch data from all of the additional tables listed, make them into devices, then proceed with fetching the default hardcoded subset of tables Axonius usually fetches from. The tables listed in this field take precedence over the default ServiceNow tables queried by Axonius, a Ci fetched from these tables will now be totally ignored as redundant in the later “default” fetching process.
      • When not supplied, all connections for this adapter will not fetch data from any additional tables.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Fetch from the following Read Replica category field to the ServiceNow Configuration tab in the Advanced Settings for this adapter.

      • This new field lets you specify the name of a 'Read Replica' of the 'Operational' database to remove the load from the main database. The value must be an existing 'Read Replica Category' within ServiceNow.
      • When supplied all connections for this adapter will fetch all data from the replica ServiceNow database instead of from the main database.
      • When not supplied, all connections for this adapter will fetch data from the main database.
      • This field is optional.
      • The default value for this field is empty.
    • Added a new Use the following field when filtering last updated field to the ServiceNow Configuration tab in the Advanced Settings for this adapter.

      • This new field lets you set a ServiceNow field name to be used as the field that Axonius filters by for the following configurations Fetch devices updated in ServiceNow in the last X hours and Fetch users updated in ServiceNow in the last X hours.
      • When supplied, all connections for this adapter will fetch devices or users with the set field that was updated in the time defined.
      • When not supplied, all connections for this adapter will fetch devices or users where any field was updated according to the ‘sys_updated_at’ ServiceNow field.
      • This field is optional.
      • The default value for this field is empty.

  • Splunk (Connection Configuration) - Enhanced the Splunk Macro settings in the Add Connection dialog for this adapter to support search for macros that exist in a different Splunk namespace

    • To execute macros that are defined outside of the default 'Search' Splunk application, specify the application namespace name before any applicable macro name followed by a colon.


  • Skybox Firewall Assurance (Advanced Settings) - Added a new Create NAT Rule Entities checkbox to the Skybox Configuration tab in the Advanced Settings for this adapter.

    • This new checkbox lets you select whether fetch NAT rule information from Skybox.
    • When enabled, all connections for this adapter fetch NAT rule information from Skybox and create new entities as required.
    • When disabled, all connections for this adapter will fetch NAT rule information but will treat them as ACL rules without creating a specific NAT rule object.
    • This checkbox is required.
    • The default value for this checkbox is False.

  • UKG Pro (Ultimate Software UltiPro (Advanced Settings) - multiple enhancements.

    • Added a new Fetch person details checkbox to the UKG Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you select whether to fetch information about person details as users.
      • When enabled, all connections for this adapter will also fetch information about person details for each user.
      • When disabled, all connections for this adapter will not fetch information about person details for each user.
      • This checkbox is optional.
      • The default value for this checkbox is True.
    • Added a new Fetch employee details checkbox to the UKG Configuration tab in the Advanced Settings for this adapter.
      • This new checkbox lets you select whether to fetch information about employee details for each user.
      • When enabled, all connections for this adapter will also fetch information about employee details for each user.
      • When disabled, all connections for this adapter will not fetch information about employee details for each user.
      • This checkbox is optional.
      • The default value for this checkbox is False.
    • Added a new Ignore employees with termination date greater than X days field to the UKG Configuration tab in the Advanced Settings for this adapter.
      • This new field allows you to set all connections for the adapter to ignore employees with a termination date greater than the number of days set. This only applies to employees fetched from Fetch employee details .
      • When enabled, all connections for this adapter will ignore employees with the termination date greater than the date set.
      • When disabled, all connections for this adapter will fetch all employee data.
      • This field is required.
      • The default value for this field is 90.


  • VMware Carbon Black App Control (Carbon Black CB Protection) (Advanced Settings) - Added a new Do not fetch instances that have been marked as deleted checkbox to the CB App Control Advanced Configuration tab in the Advanced Settings for this adapter.
    • This new checkbox lets you select whether to exclude instances marked 'deleted' by Carbon Black App Control.
    • When enabled, all connections for this adapter will not fetch instances marked 'deleted' by Carbon Black App Control
    • When disabled, all connections for this adapter will fetch all instances.
    • This checkbox is required.
    • The default value for this checkbox is False.

Administrator Settings Interface Updates

The following updates were made to the administrator settings in Axonius:

  • Global Settings - Multiple enhancements

    • Notification email enhancement - When there is a connection issue with any of the adapter connections the email sent now contains a table of affected adapters with relevant details. This is relevant when a node is disconnected.
    • Compress Email attachments
      • Added a new Compress attachments checkbox under the Email Settings section. Select this option to compress email attachments. This affects email attachments sent from reports, and email attachments sent as part of the Send Email Enforcement Set action.
        • When this feature is activated email attachments are sent as one compressed attachment.
        • If this feature is not activated all email attachments are not compressed, and are sent as separate files.
        • The default value for this checkbox is false.
    • Enterprise Password Management Settings
      • Enterprise Password Management settings support now support enforcement actions as well as adapters. It is possible to use one of the supported password managers to manage credentials for enforcement actions.
    • Support for Multiple Syslog Servers was added to Axonius to the Syslog Settings section on the Global Settings page. This adds a new Syslog settings section.
      • When more than one Syslog server is configured, any Syslog message is sent to all the Syslog servers.
    • HTTPS Log Settings
      • New Extra headers around message (JSON format) added. Use this setting to add a JSON formatted string that can be added to the HTTPS Log JSON thus enabling efficient integration with tools that accept input of JSON. This is also available for Syslog Servers and for the Send to HTTPS Log Server Enforcement Action.

  • GUI Settings - Added a new Default login page drop down to the GUI Settings under the Login Page Settings

    • This new section lets you select a default login page, Axonius Login or LDAP Login. 'Allow LDAP login' must be set in Identity Provider settings to enable this feature.
    • Added LDAP Login title and Axonius Login button text fields. These fields enable you to customize the title for LDAP login and the text for the Axonius button on the LDAP login page.
    • To set SAML-Based Login Settings as default, select Automatically redirect all logins to the identity provider in SAML-Based Login Settings.

  • Manage Users - Manage Users Search and Filter

    • Search and Filters have been added to the Manage Users page. You can search for and filter the display by user name, role, source and last login date or date range
      ManageUserswithSearch.png


  • Manage Roles - Filtering Roles on the Manage Roles page.

    • Filtering by Roles type was added to the Manage Roles page. You can find all users with a specific role type.
    • When you filter by roles, the number of users with a specific role is displayed. Click on the number of users with the required role. The Manage Users page opens and displays all the users with the role chosen.

    RolesPage.png


  • Identity Providers Settings - Smartcard Authentication - in the LDAP Login Settings added Smartcard Authentication.
    • Added a new Authentication type drop down box to support Login to Axonius using smartcards using CAC PIV cards (Common Card Access Personal Identity Verification).

      smartcardoptions.png



Was this article helpful?