Use Cases
  • 2 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Use Cases

  • Print
  • Share
  • Dark
    Light

Axonius supports the various of asset management aspects by offering a wide range of use cases.

The table below describes some of the main use cases and examples for predefined Saved Queries that supports those use cases. To run a specific predefined Saved Query, search for the desired Saved Query and run it. For more details, see Saved Queries.

NOTE
A predefined Saved Query will be displayed in the Saved Queries screen only if all the adapters consist it are configured on your Axonius environment.

image.png


UC# Entity Type Use Case Name Example Predefined Saved Queries Comments
1 Devices Finding Endpoints Missing Agents 1. AD devices missing agents
2. Windows Server 2016 devices managed by AD with missing agents
3. Windows devices missing CrowdStrike agent
Similar Saved Queries exist for other agents.
For example:
- VMware Carbon Black App Control (Carbon Black CB Protection)
- VMware Carbon Black EDR (Carbon Black CB Response)
- CrowdStrike
- CylancePROTECT
- McAfee ePolicy Orchestrator (ePO)
- Tanium
- Symantec Endpoint Protection
2 Devices Finding Endpoint Agents Not Functioning Correctly 1. Windows devices with an inactive CrowdStrike agent
2. Windows devices with CrowdStrike agent version not updated
3. Windows devices with a malfunctioning CrowdStrike agent
Similar Saved Queries exist for other agents.
For example:
- VMware Carbon Black App Control (Carbon Black CB Protection)
- VMware Carbon Black EDR (Carbon Black CB Response)
- CrowdStrike
- CylancePROTECT
- McAfee ePolicy Orchestrator (ePO)
- Tanium
- Symantec Endpoint Protection
3 Devices Finding Devices Not Being Scanned For Vulnerabilities AWS instances not scanned by a VA tool
4 Devices Discovering Cloud Instances Not Being Scanned For Vulnerabilities 1. AWS instances not scanned by a VA tool
2. AWS instances that have not been recently scanned by Rapid7 Nexpose
3. AWS instances that have not been recently scanned by Qualys
5 Devices Finding Assets Not Recently Scanned For Vulnerabilities 1. IPv4 public subnets
2. Linux devices not scanned by a VA tool
6 Devices Finding Unmanaged Devices 1. Unmanaged Devices
2. Unmanaged devices not scanned by a VA tool
3. Unmanaged VMware machines
7 Devices Finding Rogue Devices On Privileged Networks 1. Rogue devices on privileged networks
2. Rogue devices on Fortinet not managed by AD
8 Devices and Users Accelerate Invident Response Investigations Search Axonius asset data to gain context into devices and users associated with security alerts
9 Devices and Users CMDB Reconciliation and Maintenance Find discrepancies present in CMDB platforms and automatically maintain CMDBs using the Axonius correlated asset data.
10 Devices Find Ephemeral Devices Find ephemeral devices, such as containers and virtual machines using the Axonius Cybersecurity Asset Management platform.
11 Devices Finding Assets With Improper Configuration Options Devices with firewall rules allowing access from public IPs
12 Devices Finding Devices With Vulnerable Software 1. Devices with critical vulnerabilities
2. Devices with vulnerable software
3. Devices with public IPs that are vulnerable to a specific CVE ID
4. Devices with open ports that are vulnerable to a specific CVE ID
13 Devices Finding Assets With Out-of-Policy Software Installed 1. All installed software on devices
2. Devices with Apple software
3. Devices with "torrent" software
14 Users Finding Users with Compromised Credentials 1. AD enabled users with bad configurations
2. Admin users with passwords that never expire
3.Users disabled in Okta but not in AD
4. Users found in HIBP with compromised passwords
15 Users Finding Users with Old Passwords 1. Active admin users with passwords not changed in the last 30 days
2. Users with passwords not changed in the last 30 days
Was This Article Helpful?