Lots of features added to JupiterOne Query Language (J1QL)
Query now supports aggregations
Example: FIND User as u return COUNT(u) to get a count of all users
Query now supports date comparison
Example: FIND * with _beginOn > date.now-24hrs to find all resources
that changed in the last 24 hours.
Query now supports simplified selection of multiple entities (OR)
Example: Find (Host|Device) with ipAddress='10.50.2.17' is equivalent to
Find * with _class='Host' or _class='Device' with ipAddress='10.50.2.17'
You can now manually add entities via the Asset Inventory app
You can see detailed properties in a side panel by selecting an entity in
the Asset Inventory app
New Users and Access, My Profile and Invitations experience
JupiterOne now ingests AWS networking data and maps out detailed
relationships to enable deep analysis of network traffic access permissions.
This allows security teams to gain accurate insight into which host(s) or
network(s) are truly accessible from an external network or host (e.g. the
Internet).
JupiterOne now analysis AWS assume role policy to determine trust
relationships between an IAM role and a service or another IAM principal
either within the same account or from an external account.
Users can now sign on to JupiterOne via Google Sign On.
New packaged questions and queries added/updated by operational domain:
- [general] Who are the new hires within the last 12 months?
- [general] What business applications are we using?
- [general] Which are my documented risks?
- [general] Who are my vendors? Do I have a BAA/DPA/NDA/MSA with them?
- [general] What changed in my environment in the last 24 hours?
[general] What was added to my environment in the last 24 hours?
[access] Are there external users with access to our systems?
[appdev] What are the code repos for a particular application or project?
[data] Which data stores do not have proper classification tags?
- [data] Which production data stores do not have proper classification tags?
- [data] Is there any known critical data outside of production?
- [data] Show me evidence of data-at-rest encryption for production servers.
- [data] Is my critical data in production encrypted?
- [data] Is my production or PHI/PII data stores encrypted?
- [data] Which production data stores do not have proper classification tags?
- [data] Is there any known critical data outside of production?
[data] Is there unencrypted ePHI or PII?
[infra] Is there proper segmentation/segregation of internal networks?
- [infra] Show listing of network layer firewall protection across all my environments.
- [infra] Show listing of active firewall protection across all my environments.
[infra] Are there any active systems without host firewall protection?
[aws] Which IAM roles are assigned which IAM policies?
- [aws] Who has access to my AWS accounts?
- [aws] Who has access to my production AWS accounts?
- [aws] Who has direct user access to my AWS accounts?
- [aws] Who has direct user access to my production AWS accounts?
- [aws] Who has access to my AWS accounts vis SSO?
- [aws] Who has access to my production AWS accounts via SSO?
- [aws] Who has access to my AWS accounts via SSO in a multi-account environment?
- [aws] Who can assume which role across my AWS environment?
- [aws] Are there assume role trusts to external entities?
- [aws] Are there any EBS volumes not in use?
- [aws] What Lambda functions are in my environment?
- [aws] How are my Lambda functions invoked?
- [aws] Which security group rules allow inbound traffic from a public network or host on the Internet?
- [aws] Which security group rules allow outbound traffic to a public network or host on the Internet?
- [aws] Which security group rules allow inbound traffic from the Internet?
- [aws] Which security group rules allow outbound traffic to the Internet?
.png)