Enforcement Center Overview

The Enforcement Center allows you to actively control your asset environment. Use it to build and apply policies and create triage and remediation actions. Enforcements may be automated or run manually.

Enforcement actions execute based on a saved query, and can automatically perform one or more actions on the entities that match the query parameters (policy gaps). Enforcement actions can mitigate, notify, and/or create incidents on the identified gaps.

Enforcement actions help to:

• Focus your resources - Automate time-intensive tasks like filing helpdesk tickets, enriching asset data, or updating vulnerability scan coverage.
• Reduce mean time to compliance - Automatically close security control gaps as they’re discovered by isolating devices from the network, enabling or disabling users, and deploying software.
• Maintain IT hygiene - Continuously check against security policies and automate corrective action for devices, cloud assets, and users. Deploy software, run remote commands, isolate devices from a network, update vulnerability scans, enable or disable users, and much more.
• Automate policy enforcement - Create configurable enforcement sets to automatically correct noncompliance, notify the proper people of identified threats, enrich data, and respond to, mitigate, or remediate issues.
• Alert the right teams - From sending contextualized data to creating an incident response ticket, Axonius can automatically alert the right teams at the right time, via your platform of choice. Set up custom emails or get notifications via Jira, Slack, ServiceNow, Zendesk, and more.
• Enrich asset data - Augment device and user data with information from third-party data sources such as Shodan, Censys, HaveIBeenPwned, Portnox, and more. Axonius also makes it easy to add or update device data into a Configuration Management Database (CMDB).

You can also view the enforcement set run history, test the enforcement set before running it, and organize enforcement sets in folders.

Enforcement Center Tools

The Enforcement Center includes the following tools:

• Enforcement actions
• Enforcement sets
• Enforcement set management
• Enforcement set scheduling
• Test run of an enforcement set
• Test adapter connections
• Run history

Enforcement Actions

Enforcement actions allow you to take direct steps to mitigate vulnerabilities and policy violations on assets returned by the query.
Enforcement Actions can also:

• Create incidents
• Enrich the data in Axonius
• Add and remove tags
• Delete devices or users
• Manage CMDB assets
• Update VA coverage
• Manage AWS services
• Deploy files and run commands
• and much more.

Enforcement actions can be grouped into sets and run together.

Enforcement Sets

Enforcement sets execute actions on a saved query (which can represent a security policy) to mitigate, notify, or create incidents on the identified gaps. Actions can be automated or executed manually, depending on your comfort level. You can also use enforcement sets to send notifications about events in the system, for instance, activity log events or fetch history events.

An enforcement set can include the following:

• Main action - A main action is executed on all assets returned by the query. The action may or may not run successfully on each asset. Only one main action can be configured.
• Success actions - One or more enforcement actions that run on each asset for which the main enforcement action completes successfully.
• Failure actions - One or more enforcement actions that run on each asset for which the main enforcement action does not complete successfully.
• Post actions - One or more post actions that run on all assets matching the query after the main action has completed.

An execution of an enforcement set is called a “run.”

And more...