-
How can I include audit evidence in J1 export?
We're looking to utilize J1 to automate our user access review process, and I wanted to understand how we can include the query and evidence of the date/time run in the export of the listings generated rather than taking a screen shot for audit purposes?
-
How can I query the name of the Org each individual AWS account belongs to?
The org account is the primary account for an AWS organization that can have many sub accounts in it, so I'd like to understand where they each connect.
-
How to check the trust conditions of federated users in an AWS trust policy?
To ensure that SAML actions are obtained for record keeping.
-
How much personal data can be obtained when a customer creates a Zendesk ticket?
Concerned about data privacy for our customer base.
-
Is there an easy way to map the evidence to each standard via the CLI?
I am in the process of mapping evidence (e.g. policies / procedures) to multiple standards. Is there an easy wayto map the evidence to each standard via the CLI? I know there is a way to export and reimport the config just would like to avoid doing this manually for 3-4 frameworks.
-
Is it possible to add custom tags to saved queries?
I'm want to have certain tags on the queries so they are easily finable later on. Is it possible to add custom tags to saved queries?
-
How do I add a custom name to my columns?
Hi! Is there any way to add custom text for a column after the RETURN? For example, if I have a tag ingested as "Production". I'd like to alias it as "ProductionTag" in the returned column names.
-
How do I get an overall count of my Resource Groups?
I'd like to ensure that I'm ingesting all of my Resource Groups via the Azure integration? How do I get that value in numerical form without having to count the groups in the table view one-by-one?
-
How do you integrate with SQL Databases in Azure on Linux and Windows Servers?
Hi! We have our SQL Databases in Azure and they are on Linux and Windows Servers? Just curious - how do you integrate with those?
-
How do I use the JIRA integration as evidence for SOC 2?
Do you have a way of utilizing JIRA integration projects and issues as evidence for SOC2 requirements such as CC1.2?
-
How do I change the {{totalNotApplicable}} number in my Compliance Report?
When I click "Create Report" in my CIS AWS Foundations report I see a {{totalNotApplicable}} in the markdown. How do I mark a control as "not applicable" and change this number in my report?
-
Metadata
In the metadata what is the difference between _createdOn and _beginOn?
-
How are initial policies built or generated in the JupiterOne policies app?
After looking through the pre-built policies I don't see any references (other than SOC2) to a specific framework.
-
Is it possible to trend data from the JupiterOne Search Anything landing page?
Producing a Knowbe4 Phishing Campaign report each quarter.
-
What does 'cp' stand for in the Compliance app?
When I click into requirement CC1.2 in the SOC 2 Security Standard and look at the 'Linked Controls' I see 'cp-gov-bod'. What does 'cp' stand for?
-
How do I find all salesforce users who have api access enabled?
I need to limit API access in our salesforce environment, but first I need a list of all users who have it. How do I do that?
-
How do I find KnowBe4 users who have been assigned training and haven't completed it within 30 days?
Any idea how to find these users who are behind on their training?
-
How do I gather evidence for CIS GCP Control: 3.9?
I'd like to gather evidence for the following control. How would I do that? None of my "google_compute_ssl_policy" have a profile of "CUSTOM" if that makes it easier. Control: 3.9 Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites
-
Datetimes for manually uploaded fields
Hi, I know that the current date can be used in queries when interacting with asset metadata, such as _createdOn, e.g.:Find aws_instance that has orca_cve with ._createdOn > date.now-1hour Would this work for datetimes that we upload as fields ourselves?
-
What makes JupiterOne's SOC 2 automation different from other organizations?
Wanted to know the major differences in JupiterOne's Automation for Compliance.
-
Are there any current compliance frameworks that cannot integrate into JupiterOne?
Our organization might have an unsupported framework.
-
Does JupiterOne's SOC2 automation have any manual processes?
JupiterOne's compliance app is automated but might require initial configuration done manually?
-
Does JupiterOne perform its on internal auditing process?
When entering J1QL queries Jupiter One tracks each entry & result.
-
AMA: Find AWS Roles Not Used for 90 Days
How would you determine if an AWS role had not been used for more than 90 days?
-
Disable/Enable a Policy?
Inside the Policies component - how can I disable a policy? For example, there is a policy component around physical security that doesn't apply to my company, so I wanted to make it 'NA'. But I didn't want to delete it in case we need it in the future.
-
Usergroup risk report
Can I use JupiterOne to create a high-level overview risk report of my organization's usergroups based on my user's KnowBe4 risk assessment?
-
Webhook alerts with webhook info
Can you share with me something like a guide of the variables that we can use to create an alert for additional actions? Mainly interested in the webhook and have the information about the webhook (i.e. name, identifier, description, severity). Thanks!
-
SOC2 Audit: Need a lists of users from various OKTA applications to submit for evidence.
For the SOC2 audit, we need lists of users from various OKTA applications to submit for evidence. Can you help us obtain a list of OKTA application users via JupiterOne? Specifically, * Amazon Web Services * GCP * Github * Jira * Cloudflare * Jamf * Code42 * New Relic Thank you!
-
Can a company use JupiterOne's compliance functionality to demonstrate compliance?
Can a company use JupiterOne's compliance functionality to demonstrate compliance?
-
What is J1's Stance on the Accuracy of their Compliance Reporting?
When using the compliance feature, what is the validity of the reporting tools as these compliances seem to shift, change, and update fairly regularly? Also, in case of a breach and if a company needs to show proof of complacency, let's says PCI, can a client use the J1 report to show compliance, or is it just for the…