-
How can I determine which host agents have fault conditions?
I need to identify any host agents that are experiencing faults. Can JupiterOne gather this type of data for my organization?
-
Can JupiterOne provide a query to obtain a fleet of my EC2 spot instances?
I need to obtain a list of all EC2 spot instances.
-
How can I track the mobile devices in my jamf integration per month?
I'm responsible for MDM and require monthly reporting to track mobile devices.
-
How do I publish logs for an Amazon RDS or Aurora MYSQL instance to Cloudwatch?
How do I publish logs for an Amazon RDS or Aurora MYSQL instance to Cloudwatch?
-
List out Status of Users
Hi! How can I find all the possible statuses that are being used for my Okta users?
-
How to check which cloudfront distributions are not serving HTTPS requests.
How can I determine which cloudfront distribution origin policies are not serving HTTPS requests?
-
How can check the memory size of my lambda functions?
Our development team uses lambda functions that interact with other lambda layers. Is there a J1QL query that extracts lambda functions by memorySize in order to reduce invocation duration times?
-
How can I find the largest snap shots?
Hi, is there a pre built query for finding the largest snap shot in my AWS env?
-
EBS Volumes
How can I know if EBS volumes are still attached to EC2 instances that are not in an active state?
-
Cloud Drift
Is there a way we can tell if a Cloud Formation stack drifted or drifted from the expected configuration?
-
Org managed AWS accounts
When Org managed AWS accounts are closed, do they fall off the integrations page after 30days like normal assets?
-
How do I see when a password was last used for the root user?
I have a question about the aws_iam_user. Is there any way to discover if a particular user is the root user for an aws account? I would like to see ‘passwordLastUsed’ for root users. I see that aws_iam_user has that field.
-
Is there a way to produce an integrations-like view from a query?
I would like this to include the account names and the number of entities. I'm trying to do that from the J1QL search; I'm unclear on how to do both return of the name as well as all related entities for the account; not sure how to do a count of all entities that relate to a type like asset since I'm not sure what…
-
Any queries that can help identify assets that haven't been accessed in a long time?
We'd like to clean up our environment of stale/inactive assets that we are paying for, especially those in our CSP.
-
AMA: How do I work with date comparisons?
Are 'WHERE' and 'WITH' clauses always supposed to be of the syntactic form (PROPERTY) (OP) (EXPRESSION)? Clearly find aws_iam_access_key as k where k.createdOn > date.now - 90 days return count(k) as value parses, but is find aws_iam_access_key as k where date.now - k.createdOn < 90 days return count(k) as value 'illegal'…
-
How to view historic data associated with an entity storing raw JSON data?
How to view historic data associated with an entity that has raw JSON data stored?
-
How to track macOS versions less than 10.16 using JupiterOne?
I am trying to understand the macOS versions for my endpoint assets. How do I use JupiterOne to track endpoint OS versions less than 10.16?
-
How to link multiple GitHub repos to a single GitHub user?
I want to understand the relationships between Github users and repos. How do I use JupiterOne to link multiple GitHub repos to a single GitHub user?
-
How do I search my asset inventory and filter by duration?
How do I search my asset inventory and filter by duration? More specifically, I am interested in a query that will return all assets created in the last 24 hours.
-
What makes a developer unvalidated in the context of pull requests (PRs) in JupiterOne?
What makes a developer unvalidated in the context of pull requests (PRs) in JupiterOne? I am trying to understand our results for the following query:
Find PR with validated=false
-
Image/Hosts utilization in AWS
How do I query to understand the images in our AWS environment?
-
Query for admins in Okta or other applications that don't clearly label
I am trying to understand how I can use JupiterOne as a tool for visibility into admin users of other, integrated applications. I noticed that [isAdmin] is an attribute attached to the user class, but doesn’t appear to map for every app user type, such as okta_user. And, I looked at the raw data coming into our JupiterOne…
-
How Do I Use J1QL to Understand When AWS Access Keys Were Created?
I would like to understand the age of my AWS access keys for AWS IAM users to understand key management practices. More specifically, I am trying to write a J1QL query to find AWS access keys created soon after the account was created. I tried FIND aws_iam_access_key AS k0 THAT RELATES TO aws_iam_user AS u0 WHERE…
-
How do I understand the relationships between AWS IAM users and buckets?
I am trying to understand the relationships between our users and a given AWS bucket. I was trying to write a JupiterOne query to look at all AWS IAM entities (roles, accounts, users, etc.) to understand which AWS IAM entities would have access to a specific bucket. If I were to phrase it in a question, it would be…
-
I am trying to understand the relationships between my security groups and assets.
Is there a way to limit the results from a query to only Security Groups that are attached to something? (like an EC2 instance). I see in the graph that there’s something called PROTECTS, can we use that here somehow?
-
When looking at the JupiterOne graph view, is there a way to get it to always show the relationship?
When looking at the JupiterOne graph view, is there a way to get it to always show the “HAS” “CONNECTS” and similar relationship classes between my assets? I tried highlighting multiple entities, but it doesn’t seem to work.
-
How to include “includeDeleted” option to the query?
I only want to see assets that are active and exclude all the deleted assets. I want to export the list of assets, not consuming the info on the console. I want to know how to include all the assets, including the deleted assets, to the search results. I’d like to export results via API, so I cannot do anything on the UI.
-
How do I identify all devices that are not assigned to a user?
One of my JupiterOne controls has this query assigned to it, to show devices not assigned to a user: FIND (user_endpoint|workstation|laptop|desktop|computer|smartphone|tablet) THAT !(owns|has|assigned) (Person|User) However, the data its reporting does not match its intended purpose. It reports a list of all my users…
-
How do I find all AWS access keys that were created within a certain date range?
I've noticed that the following query fails to parse:
find aws_iam_access_key as k where date.now - k.createdOn > 90 days return count(k) as value
-
Default account on assets?
Is there a query that would detect the default account on assets?
.png)