Release Notes - Axonius 4.5

Axonius version 4.5 includes major enhancements and additional features. Read the release notes to learn what's new and prepare to upgrade your instance.

Read about:

• Updates across the Platform
• Updates in the area of User Experience Manageability, Supportability, Performance
• Updates to the Updates to the Axonius Security Policy Enforcement Center and Cloud Asset Compliance

Release Highlights

• Improved Dashboard Creation Experience
• New PDF Reports
• New Query Management Capabilities
• Cloud Compliance: Updated CIS Benchmarks

Platform

The following changes were made across the platform:

Improved Dashboard Creation

Improved Dashboard Creation, this includes:

• New Chart Wizard
• Stand-alone Query Wizard to create new queries directly from the Dashboard.
• A wide range of enhancements to the dashboards

Chart Wizard

• Added a new Chart Wizard to add new charts instead of the previous Create Chart.
• Added Chart Preview - as you add metrics to the chart, a preview is displayed in the left preview pane.

• Field Summary Chart - multiple enhancements:

  • Added 'Chart description field' – with a chart description radio button to select the chart description type. If you choose custom, you can enter a title of up to 250 characters
  • Added 'Chart color field' – the chart color field enables you to set a color for the text displayed on the chart
  • Added a 'Number format' drop down box – this enables you to set a number format: float, ceiling, floor or round.

• Matrix Chart - added a new Matrix table view chart.

  • The queries defined represent the columns and rows in the table. Results can be exported to a CSV file (if the user has relevant permissions).

  

• Stand-alone Query Wizard

  • Added the capability to open the Query Wizard directly from the Chart Configuration Wizard. You can now review or edit an existing query and create new queries directly from the Chart Configuration Wizard. You can now:

    • Preview an existing query definition
    • Define new query fields (without presenting the data)
    • Edit and save changes to an existing query
    • Create a new query.

Export and Import Dashboards Using API

It is now possible to import and export Dashboards and Queries using API. Refer to Import/Export Dashboards and Queries via API

Device and User Page Updates

• Enforcement Task Start and End Time - Enforcement Task Start and End Time was added to Enforcement Tasks tab on the Device Profile page.

• The Connection Label field is now available as a column in the tables.

• Enhanced Free Text Search in Tables to enable Searching for Device Manufacturer Serial - The system searches for Device Manufacturer Serial on the Devices page when users use free text search even if this column is not defined as part of the view.

• JSON File view - You can view the device information as a JSON file from the advanced information of adapter data in device or user profile, and copy it to the clipboard.

• Additional Asset Entity Information has been added for some adapters on the Adapter Connection tab on the Asset Profile page. It is concatenated to the adapter name and the adapter connection label to better help distinguish between the asset entities. It was also added to the tooltip on the Adapter Connections column.

Expiration Date for Tags

• Added the ability to add tags with expiration dates to devices or users based on specific criteria. Information about tags with expiration dates is displayed on the Devices and Users page and on the Device Details and User Details pages Tag tab. In this way you can add a tag to an asset for a defined period of time. Once the defined time ends, the tag is automatically removed.
• Three new columns were added:

  • Auto-Expiring Tags - complex field with all auto expiring tag names and their expiration date.

  • Auto-Expiring Tags: Name - the names of the auto-expiring tags

  • Auto-Expiring Tags: Expiration Date - the expiration dates of the auto-expiring tags.

Query Wizard Enhancements

The following enhancements were made to the Query Wizard:

• Add NOT before Query Expressions
  • An option was added to use NOT before the first parenthesis of Query Expressions to add further flexibility in creating complex expressions. This applies NOT to the complete expression.
  • In addition, an additional OR NOT/AND NOT can be added before each row.

• Query Wizard added 'Previous Month' and ‘Current Month’ functions

  • You can now choose ‘previous month’ and ‘current month’ as date functions to compare to in the operator drop-down box. These compare the values to the previous and current calendar month.
    

• Query Wizard added 'equals' function

  • You can now query for a specific date.

• Column Filter in Query Wizard
  A 'Column Filter' was added to the Query Wizard. This means that you can create a filter for columns at the same time as you create the Query. When you click the 'Column Filter', the Device or User page show only the values listed in the column which is filtered.
  

• Field Comparison for Hours on Date Fields You can now compare by hours on date fields in 'Field Comparison' queries.

• Enhancement to OS: Distribution field to support comparison of MacOS distribution with the < and > operators - this adds the capability to query on devices with a macOS older/newer than a specific major release.

• Exclude Adapter Connections

  • In the 'Column Filter' you can configure the system to not show values from a specific adapter in a selected column, or from connections from a defined adapter. Only values from adapters which are not excluded will be displayed in that column.
    

New Query History Page

• A new Query History page was added.
  • Query History shows a centralized summary of information about queries that were run on the system.
  • It records all the historical queries run including who ran the query, the query name, its duration and where in the system the query was run from.
  • Query History also provides an option to run the query.

Saved Query Updates

Saved Queries Enhancements

• Enhancements to Saved Queries added:

  • The Saved Query page includes various enhancements and a link to the new Query History page. The enhancements include showing where the query is in use and the last time the query was used to help manage use of queries in the system.
  • Filters were added to the Saved Queries page to enable search for queries by a wide range of criteria.

• Saved Queries Tagging Enhancements

  • You can now add tags to saved queries when you create the query.
  • In addition, you can add tags to queries in bulk from the Actions menu on the Saved Queries page.

  

  • Display of saved queries not supported by the Query Wizard was optimized.

Report Enhancements

• Improved PDF format for Reports

  • A wide range of changes were made to the format of the PDF file created for Reports. These changes enhance the readability of the report and include:

    • Display of dashboards and queries was optimized, displaying the charts in the same way as they appear on the Dashboard and includes all chart types.
    • The Pie chart’s legend is always visible.
    • Chart names support longer texts.
    • The table of contents was improved and is now can be used to navigate to the relevant page/s.
      

• Custom Scheduling and Disabling of Report Email Scheduling

  • Added scheduling for report emails capabilities, enabling you to set specific days of the week, or dates of the month to send the latest report aligning the scheduling of reports capabilities to the rest of the system. In addition, you can set a number of times to send reports at set hours on the days that you chose. In this way you can send emails at defined hours, for instance to fit in with specific events during the working day.

  • It is possible to disable report email scheduling while keeping the configuration.

    

Instance Page Updates

• New Instance Management Settings

  • Added capability to restart an instance and shut down a node.

  • You can now perform the following actions directly from the Instance drawer using a new Actions menu:

    • Deactivate a node
    • Reactivate a node
    • Restart an Instance
    • Shut Down a node

    

Activity Log Updates

• Filtering Activity Logs - Filters have been added to the Activity Logs page. You can filter by User, Category, Action and Date, as well as by free text search on text fields.

Adapter Updates

Adapters Interface Updates

The following updates were made to the common functionality across all adapters:

• Adapter Categories Added to the Adapters Page - Added the capability to find adapters by category to easily find adapters that are relevant for you,

• Improved UI and Performance of the platform tables (Devices and Users pages) - The look and feel of the tables on the platform pages was changed as part of performance optimization. This provides the following benefits:

  • Smoother navigation between pages
  • Shorter load times of data (changes do not include query optimization)
  • Reduction of data overload and increase of the data visibility

• Adapters Connections - Added a new Adapters Connection page.

  • This new page lets you see a centralized summary of information about all adapters and their connections. You can see the discovery schedule of each adapter and any adapter connections that have custom discovery schedules. In addition, you can see the polling schedule for each adapter.
  • You can also add new connections and perform actions on a single connection or in bulk on a number of selected connections.
  • You can also fetch in bulk from a number of selected connections.

• Advanced Adapters Configuration

  • Added a new advanced Set as inactive after X failed attempts to connect setting on the Advanced Adapters Configuration tab.
    • Use this setting to configure a number of connection attempts after which all connections for this adapter will be set to inactive. When you leave this field empty then connections for this adapter will not be automatically set as inactive after consecutive failed connection attempts. This is useful when connected to systems which change their credentials from time to time.

• Adapter Custom Scheduling

  • Scheduled discovery time was added to the Adapter Custom Cycle on the Discovery Configuration page. You can schedule discovery time at fixed hours during a day for all connections on an adapter, or for specific connections on an adapter.
    

Administrator Settings

The following updates were made to various Administrator settings.

• Custom Enrichment Settings - Configuration of Custom Enrichment settings was added. Custom Enrichment enriches the asset (device or user) data received from adapters, and adds columns containing additional useful information. This enables adding a large number of custom or proprietary fields.

• NVD Proxy Settings - Added the capability to set a proxy to download the NVD database used for NVD enrichment under Data Enrichment in the Global Settings tab.

• Data Enrichment Settings - Added the capability to set the data enrichment process to not create new uses from WMI devices under Data Enrichment in the Global Settings tab.

• Added Department and Title to the User Management page. SAML users can set this in SAML User Parameters.

New Permissions

• New Global Actions permissions section was added, containing Export to CSV permission.

  Global Actions permissions control permissions for a specific action across the system. Export to CSV enables export of the relevant data to a CSV file.

New Adapters

The following new adapters were added in this release:

• BinaryEdge
  • BinaryEdge scans the public internet to create real-time threat intelligence streams and reporting. (Fetches: Devices)
• Dell TechDirect
  • Dell TechDirect is a centralized portal for managing the deployment and configuration of Dell EMC products. (Fetches: Devices)
• Devo
  • Devo is a cloud-native logging and security analytics solution that delivers real-time visibility for security and operations teams. (Fetches: Devices, Users)
• Dragos Platform
  • The Dragos Platform identifies ICS network assets, malicious activity, and provides guidance to investigate incidents. (Fetches: Devices)
• Elasticsearch
  • The Elasticsearch adapter imports device information from an Elasticsearch database. (Fetches: Devices)
• Hemidal Security
  • Heimdal Security protects organizations and home users against malware attacks. (Fetches: Devices)
• Hibob
  • Hibob HR is a human resources management platform that provides onboarding, employee management, engagement tools, and more. (Fetches: Users)
• HP Web Jetadmin
  • HP Web Jetadmin is a fleet management software solution for the remote configuration, maintenance, and monitoring of HP and standard MIB-compliant 3rd party printers and MFPs. (Fetches: Devices)
• Lacework
  • Lacework provides cloud security automation for AWS, Azure, and GCP with a comprehensive view of risks across cloud workloads and containers. (Fetches: Devices)
• McAfee MVision Cloud
  • McAfee MVision Cloud is a CASB solution that protects data and stops threats in the cloud across SaaS, PaaS, IaaS, and on-premise environments. (Fetches: Devices)
• Microsoft Cloud App Security
  • Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. (Fetches: Users)
• Mosyle
  • Mosyle is an Apple Endpoint Management & Security platform with solutions for education providers and enterprises. (Fetches: Devices, Users)
• Nagios XI
  • Nagios XI provides enterprise server and network monitoring. (Fetches: Devices)
• OpsRamp
  • OpsRamp is an AIOps-powered IT operations management (ITOM) solution. (Fetches: Devices)
• Palo Alto Networks iOT Security (Zingbox)
  * Palo Alto Networks iOT Security prevents threats, block vulnerabilities, and automatically enforce policies for IoT, IoMT, and OT devices. (Fetches: Devices)
• SAP Concur
  • SAP Concur provides travel, expense and invoice management. (Fetches: Users)
• SecureW2 JoinNow
  • A suite of network security software that helps organizations deploy WPA2-Enterprise Wi-Fi security and utilize X. 509 certificates beyond Wi-Fi for VPN, Web/Browser authentication and SSL (DPI) Inspection. (Fetches: Devices)
• Smokescreen IllusionBlack
  • Smokescreen uses planted decoys to actively lure and capture attacks on endpoints, networks, and web applications. (Fetches: Devices)
• TCPWave (IPAM)
  • TCPWave IPAM allows administrators to manage their DNS and DHCP infrastructure for on-premise and cloud environments. (Fetches: Devices)
• Tufin SecureTrack
  • Tufin SecureTrack is a firewall management solution that delivers security, compliance, and connectivity across physical networks and hybrid cloud. (Fetches: Devices)
• Wiz
  • Wiz analyzes all layers of the cloud stack to identify high-risk attack vectors to be prioritized and fixed. (Fetches: Devices)

For more details:

• Explore the entire list of supported and integrated adapters.
• View Axonius 4.5 Adapter and Enforcement Actions Enhancements in this release.

Updates to the Axonius Security Policy Enforcement Center and Cloud Asset Compliance

This sections lists, new and updated Cloud Compliance features, and new actions.

Cloud Asset Compliance Updates

The following updates were made to the Axonius Cloud Asset Compliance:

• Added support of multiple benchmark versions so that the user can set the version with which they want to comply.
  

• Settings dialog updated to set which benchmark version to use.

• Last update indication added to the CIS score widget.
  

• Added support for CIS Benchmark for Amazon Web Services Foundations v1.4.0, Level 1 Profile

• Added support for CIS Benchmark for Amazon Web Services Foundations v1.4.0, Level 2 Profile

• Added support for CIS Benchmark for Amazon Web Services Foundations v1.3.0, Level 1 Profile

• Added support for CIS Benchmark for Amazon Web Services Foundations v1.3.0, Level 2 Profile

• Made the following CIS Benchmarks generally available:

  • CIS Benchmark for Google Cloud Platform Foundation v1.1.0, Level 1
  • CIS Benchmark for Google Cloud Platform Foundation v1.1.0, Level 2
  • CIS Benchmark for Oracle Cloud Infrastructure Foundations v1.0.0, Level 1

Enforcement Center Updates

• Running Multiple Enforcement Sets

  • Added the capability to run multiple Enforcement Sets which have automation or a trigger (a query) configured, from the Enforcement Center.
  • Run was added to Actions menu on the Enforcement Center page.

  

• External Field Mapping Wizard

  • A new wizard to map Axonius fields to external fields was added.

  • The field mapping wizard is used to map Axonius fields to fields in external systems. In this way you can transfer data found in Axonius into the external system as part of the configuration of relevant enforcement actions; for example, Axonius to ServiceNow field mapping.

  • This feature enables:

    • Mapping fields easily using the user interface.
    • Loading a table of mapped files from a CSV file
    • Setting precedence for adapters for mapping fields
    • JSON View

  • The following Enforcement Actions are supported by the Wizard:

    • Create ServiceNow Asset
    • Update ServiceNow Asset
    • Create Cherwell Asset
    • Update Cherwell Asset
    • Create Ivanti Service Manager Asset
    • Update Ivanti Service Manager Asset
    • Send to Google BigQuery Table

New Enforcement Actions

The following Enforcement Actions were added:

• Add Users or Devices to Group and Remove Users or Devices from Group - Added 2 new enforcement actions under the Manage Microsoft Active Directory (AD) Services category.

  • These new actions add or remove the assets retrieved from the saved query supplied as a trigger (or assets selected in the asset table) to the Microsoft Active Directory group supplied.

• Add Devices to Jamf Pro Computer Group - added a new enforcement action under the Manage CMDB Assets category.

  • This new action adds devices to a Jamf Pro Computer group.

• Add Tenable.io Agent to Agent Group - added a new enforcement action under the Update VA Coverage category.

  • This new action adds Tenable agents to an existing Tenable.io agent group or creates a new Tenable.io agent group.

• Create Cherwell Incident per Entity - Added a new enforcement action under the Create Incident category.

  • This new action takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and creates an incident in Cherwell for each of the relevant entities.

• Enrich Data with Dell TechDirect - Added a new enrichment action Enrich Data with Dell TechDirect under the Enrich Device or User Data category.

  • This new action collects serial numbers from the entities retrieved from the saved query supplied as a trigger (or to devices selected in the asset table) and enriches the serviceTags in the Dell TechDirect adapter with them.

• Isolate/Unisolate in Microsoft Defender ATP - Added 2 new enrichment actions Isolate/Unisolate in Microsoft Defender ATP under the Execute Endpoint Security Agent Action category.

  • The new actions quarantines each of the query results entities (endpoints) from the network that are the result of the saved query supplied as a trigger (or devices selected in the asset table), or restores full network connectivity to each of the query results entities (endpoints) accordingly.

• Isolate/Unisolate in Palo Alto Networks Cortex XDR - Added 2 new enrichment actions Isolate/Unisolate in Palo Alto Networks Cortex XDR under the Execute Endpoint Security Agent Action category.

  • The new actions quarantines each of the query results entities (endpoints) from the network that are the result of the saved query supplied as a trigger (or devices selected in the asset table), or restores full network connectivity to each of the query results entities (endpoints) accordingly.

• Run KACE Scripts - Added a new enrichment action Run KACE Scripts under the Deploy Files and Run Commands category.

  • This new action runs a KACE script on each of the entities that are the result of the saved query supplied as a trigger (or devices selected in the asset table).

• Send Data to Microsoft Power BI - Added a new enforcement action called Send Data to Microsoft Power BI under the Notify category.

  • This new action inserts the entities retrieved from the saved query supplied as a trigger (or entities selected in the asset table) to the Microsoft Power BI table supplied. When used with a saved query as a trigger, only the fields configured in the saved query are inserted to the supplied table.

• Send Microsoft Teams Message - Added a new enforcement action called Send Microsoft Teams Message under the Notify category.

  • This new action sends a Microsoft Teams message with the results of the query to predefined Microsoft Teams users.
  • When used with a saved query as a trigger, only the fields configured in the saved query are sent in the Microsoft Teams message.

View Axonius 4.5 Adapter and Enforcement Actions Enhancements in this release.