Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2019.16 Release - AskJ1 Community
<main> <article class="userContent"> <p>2019-02-21</p> <h2 data-id="new-features">New Features</h2> <ul><li><p>New ingestion and analysis from <strong>AWS</strong>:</p> <ul><li><p><strong>RDS</strong> clusters and instances</p> <p>Try <code class="code codeInline" spellcheck="false" tabindex="0">Find aws_rds_cluster that CONTAINS aws_db_instance return tree</code></p></li> <li><p><strong>DynamoDB</strong> tables</p> <p>Try <code class="code codeInline" spellcheck="false" tabindex="0">Find aws_dynamodb_table that relates to * return tree</code></p></li> <li><p><strong>S3</strong> bucket public access settings</p> <p>Try <code class="code codeInline" spellcheck="false" tabindex="0">Find aws_s3_bucket with BlockPublicAcls != true</code></p></li> <li><p><strong>AMI</strong> images - note that only custom AMI images are currently ingested,<br> not public or marketplace AMIs.</p> <p>Try <code class="code codeInline" spellcheck="false" tabindex="0">Find aws_ami that relates to * return tree</code></p></li> </ul></li> <li><p><strong>SAML Single Sign On (SSO)</strong> now generally available to enterprise customers</p></li> <li><p><strong>Endpoint Compliance Agent</strong> powered by Stethoscope app released for macOS<br> devices. Access it from the "Power Ups" menu, and send invite to your users by<br> email. The agent checks the following endpoint configuration with the default<br> policy:</p> <ul><li>OS version</li> <li>Patching/update status</li> <li>Host firewall status</li> <li>Disk encryption status</li> <li>Screensaver / screen lock protection</li> <li>Remote login status</li> </ul></li> <li><p><strong>Veracode Integration</strong> first iteration - supports ingestion of Vulnerability<br> findings.</p></li> <li><p><strong>Google Integration</strong> first iteration - supports ingestion of Users and User<br> Groups.</p></li> <li><p><strong>Sharing URL</strong> is added to query results from Landing Zone.</p></li> <li><p>New packaged questions and queries added:</p> <ul><li>[aws] <em>Find all the IAM user access keys in production AWS accounts.</em></li> <li>[aws] <em>Find all the SSH key pairs in production AWS accounts.</em></li> <li>[aws] <em>Are there SSH keys not in use?</em></li> <li><p>[aws] <em>Is there anything that connects to an external AWS account that is not part of my organization?</em></p></li> <li><p>[access] <em>Did we remove all access from employees who left?</em></p></li> <li>[access] <em>Which user accounts do not have multi-factor authentication enabled?</em></li> <li>[appdev] <em>Who are the most recent contributors to this repo?</em></li> <li>[appdev] <em>Which PRs did this developer open in the last 5 days?</em></li> <li>[data] <em>What is the inventory of my sensitive data stores?</em></li> <li>[endpoint] <em>Is operating system patching and auto update enabled on endpoint hosts?</em></li> <li>[endpoint] <em>Is application patching and auto update enabled on endpoint hosts?</em></li> <li>[endpoint] <em>What are the approved server/system images?</em></li> <li>[endpoint] <em>Are all system images updated in the past six months?</em></li> <li>[endpoint] <em>Which hosts are (or are not) using approved standard images?</em></li> <li>[infra] <em>What production resources are directly connected/exposed to the Internet/everyone?</em></li> <li>[general] <em>What applications and operating systems are in use?</em></li> <li>[general] <em>Who are my software vendors? Do I have proper vendor support for my software applications?</em></li> </ul></li> </ul><h2 data-id="improvements-and-bug-fixes">Improvements and Bug Fixes</h2> <ul><li>Added column sorting of query results from Landing Zone.</li> <li>Continued improvements of backend services.</li> <li>Several bug fixes of indexer, mapper, persister and integrations.</li> <li><p>Fixed action and display bugs associated with adding/editing an entity in<br> Asset Inventory.</p></li> <li><p>Lots of improvements made to the managed SDK to support open source<br> integration development.</p></li> <li><p>Updated timestamp properties for AWS integration to number instead of string<br> so that queries can use them for date/time comparison.</p></li> <li><p>Renamed AWS entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code> definitions to be more consistent with the<br> Terraform type naming convention.</p></li> </ul> </article> </main>