Use Cases
- 24 Mar 2022
- 2 Minutes to read
- Print
- DarkLight
- PDF
Use Cases
- Updated on 24 Mar 2022
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Axonius strengthens asset management by supporting a wide range of use cases.
The table below describes some of the main use cases and examples for predefined Saved Queries that supports those use cases. To run a specific predefined Saved Query, search for the desired Saved Query and run it. For more details, see Saved Queries.
NOTE
A predefined Saved Query will be displayed in the Saved Queries page only if all the adapters comprising it are configured on your Axonius environment.
UC# | Entity Type | Use Case Name | Example Predefined Saved Queries | Comments |
---|---|---|---|---|
1 | Devices | Finding Endpoints Missing Agents | 1. AD devices missing agents 2. Windows Server 2016 devices managed by AD with missing agents 3. Windows devices missing CrowdStrike agent | Similar Saved Queries exist for other agents. For example: - VMware Carbon Black App Control (Carbon Black CB Protection) - VMware Carbon Black EDR (Carbon Black CB Response) - CrowdStrike - CylancePROTECT - McAfee ePolicy Orchestrator (ePO) - Tanium - Symantec Endpoint Protection |
2 | Devices | Finding Endpoint Agents Not Functioning Correctly | 1. Windows devices with an inactive CrowdStrike agent 2. Windows devices with CrowdStrike agent version not updated 3. Windows devices with a malfunctioning CrowdStrike agent | Similar Saved Queries exist for other agents. For example: - VMware Carbon Black App Control (Carbon Black CB Protection) - VMware Carbon Black EDR (Carbon Black CB Response) - CrowdStrike - CylancePROTECT - McAfee ePolicy Orchestrator (ePO) - Tanium - Symantec Endpoint Protection |
3 | Devices | Finding Devices Not Being Scanned For Vulnerabilities | AWS instances not scanned by a VA tool | |
4 | Devices | Discovering Cloud Instances Not Being Scanned For Vulnerabilities | 1. AWS instances not scanned by a VA tool 2. AWS instances that have not been recently scanned by Rapid7 Nexpose 3. AWS instances that have not been recently scanned by Qualys | |
5 | Devices | Finding Assets Not Recently Scanned For Vulnerabilities | 1. IPv4 public subnets 2. Linux devices not scanned by a VA tool | |
6 | Devices | Finding Unmanaged Devices | 1. Unmanaged Devices 2. Unmanaged devices not scanned by a VA tool 3. Unmanaged VMware machines | |
7 | Devices | Finding Rogue Devices On Privileged Networks | 1. Rogue devices on privileged networks 2. Rogue devices on Fortinet not managed by AD | |
8 | Devices and Users | Accelerate Incident Response Investigations | Search Axonius asset data to gain context into devices and users associated with security alerts | |
9 | Devices and Users | CMDB Reconciliation and Maintenance | Find discrepancies present in CMDB platforms and automatically maintain CMDBs using the Axonius correlated asset data. | |
10 | Devices | Find Ephemeral Devices | Find ephemeral devices, such as containers and virtual machines using the Axonius Cybersecurity Asset Management platform. | |
11 | Devices | Finding Assets With Improper Configuration Options | Devices with firewall rules allowing access from public IPs | |
12 | Devices | Finding Devices With Vulnerable Software | 1. Devices with critical vulnerabilities 2. Devices with vulnerable software 3. Devices with public IPs that are vulnerable to a specific CVE ID 4. Devices with open ports that are vulnerable to a specific CVE ID | |
13 | Devices | Finding Assets With Out-of-Policy Software Installed | 1. All installed software on devices 2. Devices with Apple software 3. Devices with "torrent" software | |
14 | Users | Finding Users with Compromised Credentials | 1. AD enabled users with bad configurations 2. Admin users with passwords that never expire 3.Users disabled in Okta but not in AD 4. Users found in HIBP with compromised passwords | |
15 | Users | Finding Users with Old Passwords | 1. Active admin users with passwords not changed in the last 30 days 2. Users with passwords not changed in the last 30 days |
Was this article helpful?