Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2019.15 Release - AskJ1 Community
<main> <article class="userContent"> <p>2019-01-07</p> <h2 data-id="new-features">New Features</h2> <ul><li><p><strong>Graph</strong> mode for the search/query results in Landing Zone is now available!<br> You can switch to Graph mode for any search or query to get a focused visual<br> or the entities and relationships from the results. The graph is interactive<br> so that you can further expand for deeper analysis.</p></li> <li><p>Much improved <strong>Search in Landing Zone</strong> that allows all of the following<br> modes in one place:</p> <ol><li><strong>Keywords search</strong> to ask saved/packaged questions</li> <li><strong>Full text search</strong> across all entities based on their property values</li> <li><strong>JupiterOne query language (J1QL)</strong> for precise querying of entities and relationships</li> <li><strong>Combining</strong> full text search with J1QL</li> </ol></li> <li><p>New ingestion and analysis from <strong>AWS</strong>:</p> <ul><li>S3 Bucket ACL processing and access mapping</li> <li>S3 Bucket public access block configuration</li> <li>Account password policy</li> <li>IAM User MFA devices and access keys</li> </ul></li> <li><p>Added <strong>OR</strong> operator support on relationship keywords in <strong>J1QL</strong>. For example:<br><code class="code codeInline" spellcheck="false" tabindex="0">Find HostAgent that (PROTECTS|MANAGES|MONITORS) Host</code></p></li> <li><p>Condensed <strong>quick filter by entity class icons</strong> in Asset Inventory app.</p></li> <li><p>You can <strong>edit or delete</strong> an entity manually from the Asset Inventory app.</p></li> <li><p><strong>Web links</strong> are added to most entities ingested, allowing you to directly<br> open in a new tab to view the resource in the source web console.</p></li> <li><p>Added linking to <strong>Geolocation lookup of IP Address and CIDR</strong> of a Host or<br> Network.</p></li> <li><p>New packaged questions and queries added:</p> <ul><li>[general] <em>What are my information assets?</em></li> <li>[general] <em>What are my production data stores and databases?</em></li> <li>[general] <em>What are my production resources?</em></li> <li>[general] <em>What are my production applications?</em></li> <li><p>[general] <em>Which devices have been disposed in the last 12 months?</em></p></li> <li><p>[access] <em>Who has been assigned permissions with 'Admin' access?</em></p></li> <li>[access] <em>Who owns which user accounts?</em></li> <li>[access] <em>What are the shared/generic/service accounts? (user accounts that are not individually owned)</em></li> <li>[access] <em>Show me the current password policy and compliance status.</em></li> <li><p>[access] <em>Find anything that allows public access to everyone.</em></p></li> <li><p>[appdev] <em>Were there any Code Repos added in the last 24 hours?</em></p></li> <li><p>[data] <em>Is my production or PHI/PII data stores encrypted?</em></p></li> <li><p>[data] <em>Are there any non-public data stores incorrectly configured with public access to everyone?</em></p></li> <li><p>[endpoint] <em>What is the configuration and compliance status of my endpoint devices?</em></p></li> <li>[endpoint] <em>Whose endpoint is out of compliance?</em></li> <li>[endpoint] <em>Is there malware protection for all endpoints?</em></li> <li>[endpoint] <em>Are there security agents monitoring and protecting my endpoint hosts/devices?</em></li> <li><p>[endpoint] <em>Are my servers and systems protected by hosted-based firewall?</em></p></li> <li><p>[infra] <em>Are there potential IP collisions among the networks/subnets in my environment?</em></p></li> <li>[infra] <em>What are directly connected to the Internet?</em></li> <li>[infra] <em>What network traffic is allowed between internal and external networks?</em></li> <li>[infra] <em>Is there proper segmentation/segregation of internal networks?</em></li> <li>[infra] <em>Are wireless networks segmented and protected by firewalls?</em></li> <li>[infra] <em>Are there VPN configured for remote access?</em></li> <li>[infra] <em>Show all inbound SSH firewall rules across my network environments.</em></li> <li><p>[infra] <em>Is inbound SSH allowed directly from an external host or network?</em></p></li> <li><p>[aws] <em>Is MFA enabled for the Account Root User for all my AWS accounts?</em></p></li> <li>[aws] <em>Are there root user access keys in use for any of my AWS accounts?</em></li> <li>[aws] <em>Is public access block configured for non-public S3 Buckets?</em></li> <li>[aws] <em>Is public read access enabled for any S3 Bucket?</em></li> <li>[aws] <em>Is public write access enabled for any S3 Bucket?</em></li> <li>[aws] <em>Is S3 bucket access granted to anybody outside of the account?</em></li> <li>[aws] <em>Is there any S3 bucket that grants full control access to anybody other than the owner?</em></li> <li>[aws] <em>What are the service roles in my AWS accounts (i.e. an IAM Role that has a trust policy to an AWS Service)?</em></li> <li>[aws] <em>Are all EBS volumes encrypted?</em></li> <li>[aws] <em>Is default server side encryption enabled for all S3 Buckets?</em></li> <li>[aws] <em>Who has been assigned full Administrator access?</em></li> <li>[aws] <em>Are there assume role trusts to external entities?</em></li> <li>[aws] <em>Are all the AWS Config rules complaint? (if AWS Config service is enabled)</em></li> <li>[aws] <em>Are there any noncompliant production resources in AWS per Config evaluation? (if AWS Config is enabled)</em></li> <li>[aws] <em>Are there EC2 instances exposed to the Internet?</em></li> <li>[aws] <em>Which EC2 instances may have external network connections?</em></li> </ul></li> </ul><h2 data-id="improvements-and-bug-fixes">Improvements and Bug Fixes</h2> <ul><li>Improved username display next to the user avatar.</li> <li><p>UI/UX improvements on Landing Zone search, with <strong>Clear</strong>, <strong>Save</strong>, and<br><strong>Clear All</strong> action buttons for query results.</p></li> <li><p>Improved accuracy of full-text search.</p></li> <li>Fixed missing column in some query/search results.</li> <li><p>Fixed account name tagging not enabled by default in certain integration<br> configurations.</p></li> <li><p>Several stability and robustness improvements on backend services.</p></li> <li>New icons for several entity classes.</li> </ul> </article> </main>