Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2019.20 Release - AskJ1 Community
<main> <article class="userContent"> <p>2019-04-15</p> <h2 data-id="new-features">New Features</h2> <ul><li><p>Updates to early access <strong>Alerts</strong> app:</p> <ul><li><p>View alert details and dismiss alerts</p></li> <li><p>Create and edit alert rules in the webapp (previously only via the API)</p></li> <li><p>First alert rule pack released - rules for AWS configuration auditing:<br><a rel="nofollow" href="https://github.com/JupiterOne/jupiterone-alert-rules/blob/master/rule-packs/aws-config.json">https://github.com/JupiterOne/jupiterone-alert-rules/blob/master/rule-packs/aws-config.json</a></p> <p>Also see: <a rel="nofollow" href="https://support.jupiterone.io/hc/en-us/articles/360022721894-AWS-Resource-Configuration-Auditing">https://support.jupiterone.io/hc/en-us/articles/360022721894-AWS-Resource-Configuration-Auditing</a></p></li> </ul></li> <li><p>New <strong>JupiterOne CLI</strong> for querying and entity/relationship/alert operations<br> via the command line. A <strong>JupiterOne NodeJS Client</strong> is also available to help<br> with your own automation.<br><a rel="nofollow" href="https://github.com/JupiterOne/jupiterone-client-nodejs">https://github.com/JupiterOne/jupiterone-client-nodejs</a></p></li> <li><p>Ability to <strong>enable API Key access</strong> for one or more user groups to allow the<br> users to generate API keys used for the external client or CLI.</p></li> <li><p><strong>Jira integration</strong> initial release - ingests Jira issues and store them as<br> Record entities from specified project(s). Maps the Jira users to employees<br> and to the issues they created or reported.</p> <p>This is especially useful if you track incidents and risks in Jira and would<br> like them to be consolidated and mapped to the rest of your resources.</p> <p><em>The ability to create a Jira issue from a query or an alert is coming soon.</em></p></li> <li><p><strong>SentinelOne integration</strong> initial release - ingests SentinelOne endpoint<br> agents and connects them to the devices and their owners. You can leverage<br> the agent status as a contextual data point in security analysis.</p> <p>For example, the following query gives you a visual graph of the employee that<br> has an inactive SentinelOne agent, that person's device, and the user accounts<br> that person has access to:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find sentinelone_agent with isActive!=true as agent that protects Device as d that relates to Person as p that is User as u return tree </pre> <p><img src="https://us.v-cdn.net/6035534/uploads/FHEAJCNQQ2GQ/graph-sentinelone-inactive-user.png" alt="sentinelone-inactive-user" class="embedImage-img importedEmbed-img"></img></p></li> <li><p><strong>AWS Inspector</strong> and <strong>GuardDuty</strong> integration - You can now query for<br> Inspector and GuardDuty findings in JupiterOne, and see a graph visualization<br> of how the findings relate to CVEs and the resources they impact.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/HUB3D5OFM17C/aws-inspector-guardduty-findings-table.png" alt="findings-table" class="embedImage-img importedEmbed-img"></img></p> <p><img src="https://us.v-cdn.net/6035534/uploads/4V2VAXAW2ZNK/aws-inspector-guardduty-findings-graph.png" alt="findings-graph" class="embedImage-img importedEmbed-img"></img></p> <ul><li><p>Inspector findings from multiple assessment runs are de-duplicated which<br> significantly cuts down the noise.</p></li> <li><p>You can also configure alerts based on the configuration and contextual<br> relationships of the impacted resources. For example, an alert with the<br> following query:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find (Host|DataStore) with classification='critical' that has Finding with numericSeverity > 7 </pre></li> </ul></li> <li><p><strong>Backup configuration</strong> is captured for AWS <strong>S3</strong>, <strong>RDS</strong>, and <strong>DynamoDB</strong><br> data stores and databases. You can simply run the following query to find<br> anything that has backup enabled (switch to <code class="code codeInline" spellcheck="false" tabindex="0">false</code> to find those with no<br> backup):</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find DataStore with hasBackup=true </pre></li> </ul><h2 data-id="improvements-and-bug-fixes">Improvements and Bug Fixes</h2> <ul><li><p>Improved typography and added app icon to the navigation bar.</p></li> <li><p>Improved new user onboarding UI/UX.</p></li> <li><p>Fixed an issue that prevents email address from correctly saving on a <code class="code codeInline" spellcheck="false" tabindex="0">Person</code><br> entity in the Asset Inventory app.</p></li> <li><p>Fixed a bug where mapper failed to map a trust relationship in an edge case.</p></li> <li><p>Several other UI fixes and adjustments.</p></li> </ul> </article> </main>