Use Cases
  • 24 Mar 2022
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Use Cases

  • Dark
    Light
  • PDF

Article summary

Axonius strengthens asset management by supporting a wide range of use cases.

The table below describes some of the main use cases and examples for predefined Saved Queries that supports those use cases. To run a specific predefined Saved Query, search for the desired Saved Query and run it. For more details, see Saved Queries.

NOTE
A predefined Saved Query will be displayed in the Saved Queries page only if all the adapters comprising it are configured on your Axonius environment.

image.png


UC#Entity TypeUse Case NameExample Predefined Saved QueriesComments
1DevicesFinding Endpoints Missing Agents1. AD devices missing agents
2. Windows Server 2016 devices managed by AD with missing agents
3. Windows devices missing CrowdStrike agent
Similar Saved Queries exist for other agents.
For example:
- VMware Carbon Black App Control (Carbon Black CB Protection)
- VMware Carbon Black EDR (Carbon Black CB Response)
- CrowdStrike
- CylancePROTECT
- McAfee ePolicy Orchestrator (ePO)
- Tanium
- Symantec Endpoint Protection
2DevicesFinding Endpoint Agents Not Functioning Correctly1. Windows devices with an inactive CrowdStrike agent
2. Windows devices with CrowdStrike agent version not updated
3. Windows devices with a malfunctioning CrowdStrike agent
Similar Saved Queries exist for other agents.
For example:
- VMware Carbon Black App Control (Carbon Black CB Protection)
- VMware Carbon Black EDR (Carbon Black CB Response)
- CrowdStrike
- CylancePROTECT
- McAfee ePolicy Orchestrator (ePO)
- Tanium
- Symantec Endpoint Protection
3DevicesFinding Devices Not Being Scanned For VulnerabilitiesAWS instances not scanned by a VA tool
4DevicesDiscovering Cloud Instances Not Being Scanned For Vulnerabilities1. AWS instances not scanned by a VA tool
2. AWS instances that have not been recently scanned by Rapid7 Nexpose
3. AWS instances that have not been recently scanned by Qualys
5DevicesFinding Assets Not Recently Scanned For Vulnerabilities1. IPv4 public subnets
2. Linux devices not scanned by a VA tool
6DevicesFinding Unmanaged Devices1. Unmanaged Devices
2. Unmanaged devices not scanned by a VA tool
3. Unmanaged VMware machines
7DevicesFinding Rogue Devices On Privileged Networks1. Rogue devices on privileged networks
2. Rogue devices on Fortinet not managed by AD
8Devices and UsersAccelerate Incident Response InvestigationsSearch Axonius asset data to gain context into devices and users associated with security alerts
9Devices and UsersCMDB Reconciliation and MaintenanceFind discrepancies present in CMDB platforms and automatically maintain CMDBs using the Axonius correlated asset data.
10DevicesFind Ephemeral DevicesFind ephemeral devices, such as containers and virtual machines using the Axonius Cybersecurity Asset Management platform.
11DevicesFinding Assets With Improper Configuration OptionsDevices with firewall rules allowing access from public IPs
12DevicesFinding Devices With Vulnerable Software1. Devices with critical vulnerabilities
2. Devices with vulnerable software
3. Devices with public IPs that are vulnerable to a specific CVE ID
4. Devices with open ports that are vulnerable to a specific CVE ID
13DevicesFinding Assets With Out-of-Policy Software Installed1. All installed software on devices
2. Devices with Apple software
3. Devices with "torrent" software
14UsersFinding Users with Compromised Credentials1. AD enabled users with bad configurations
2. Admin users with passwords that never expire
3.Users disabled in Okta but not in AD
4. Users found in HIBP with compromised passwords
15UsersFinding Users with Old Passwords1. Active admin users with passwords not changed in the last 30 days
2. Users with passwords not changed in the last 30 days

Was this article helpful?