Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2019.28 Release - AskJ1 Community
<main> <article class="userContent"> <p>2019-08-20</p> <h2 data-id="new-features">New Features</h2> <ul><li><p>Several exciting capabilities added to the <strong>AWS Integration</strong>:</p> <ul><li>Analysis of <strong>S3 Bucket Policies</strong> and build out permission relationships<br> between the bucket and the principals.</li> </ul></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line"><em>This is in addition to parsing of bucket ACLs which was already<br> supported.</em></p> </div></blockquote> <ul><li>Analysis of <strong>IAM Policy Documents</strong> and build out permission relationships<br> between the IAM policy and target resources.</li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line"><em>This allows you to query and visualize the IAM permissions on a graph.<br> For example queries, see [this article][1].</em></p> </div></blockquote> <ul><li>Analysis of <strong>EC2 Instance IAM Role Profiles</strong> and mapping them to the IAM<br> Role an EC2 Instance is allowed to assume.</li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line"><em>Combined with the policy document parsing above, this allows you to<br> identify potential misconfigurations and permissions that may be too<br> broad.</em></p> </div></blockquote> <pre class="code codeBlock" spellcheck="false" tabindex="0">> </pre> <blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line"><em>Read [this blog post][2] to see how this helps quickly identify issues<br> similar to the one contributed to the recent Capital One data breach.</em></p> </div></blockquote> <ul><li><p>Enabled parsing of addition attributes on <strong>Inspector Findings</strong> and set<br> them as properties, including <code class="code codeInline" spellcheck="false" tabindex="0">protocol</code>, <code class="code codeInline" spellcheck="false" tabindex="0">port</code>, <code class="code codeInline" spellcheck="false" tabindex="0">tcpPorts</code>, <code class="code codeInline" spellcheck="false" tabindex="0">udpPorts</code>,<br><code class="code codeInline" spellcheck="false" tabindex="0">eni</code>, <code class="code codeInline" spellcheck="false" tabindex="0">ruleType</code>, <code class="code codeInline" spellcheck="false" tabindex="0">instanceId</code>, <code class="code codeInline" spellcheck="false" tabindex="0">igw</code>, <code class="code codeInline" spellcheck="false" tabindex="0">vpc</code>, <code class="code codeInline" spellcheck="false" tabindex="0">securityGroup</code>, and <code class="code codeInline" spellcheck="false" tabindex="0">acl</code>.</p> <ul><li>Collecting and displaying entity <strong>Raw Data</strong>:</li> </ul><p>In some cases, data capture from an integration provider may not be suitable<br> as properties assigned to an entity resource. For example, the actual <em>policy<br> document</em> of an AWS IAM policy. In this case, that data is captured and stored<br> in its raw format.</p> <p>You can view Raw Data in the <strong>Entity Properties Panel</strong> from either the<br><strong>Asset Inventory</strong> app or <strong>Graph View</strong> of query results in <strong>Landing</strong>.</p> <ul><li><p>From the <strong>Integrations</strong> page, you now have the option to <strong>manually trigger<br> multiple integrations</strong> to run instead of one at a time (e.g. for multiple<br> AWS accounts integrated with JupiterOne).</p></li> <li><p>From the <strong>Alerts -> Open Vulns & Findings</strong> view, you now have the option to<br><strong>tweak the vulnerability findings query</strong> that generates the findings count<br> and listing.</p></li> </ul></li> </ul><h2 data-id="community-projects">Community Projects</h2> <p><em>Community resources are provided AS IS. Code contributions and forks welcome.</em></p> <ul><li>Ever wondered what the dependency relationships look like among your own code<br> repos? We've added a new open source project <code class="code codeInline" spellcheck="false" tabindex="0">map-repo-dependencies</code> to help<br> answer that. For more details, see:<br><a rel="nofollow" href="https://github.com/JupiterOne/map-repo-dependencies">https://github.com/JupiterOne/map-repo-dependencies</a></li> </ul><p><em>This is the first time we are including community resources in release notes.<br> There are a few previously published resources to mention:</em></p> <ul><li><p><code class="code codeInline" spellcheck="false" tabindex="0">jupiterone-client-nodejs</code>: A node.js client wrapper and CLI utility for<br> JupiterOne public API.<br><a rel="nofollow" href="https://github.com/JupiterOne/jupiterone-client-nodejs">https://github.com/JupiterOne/jupiterone-client-nodejs</a></p></li> <li><p><code class="code codeInline" spellcheck="false" tabindex="0">secops-automation-examples</code>: Examples on how to maintain security/compliance<br> as code and to automate SecOps using the JupiterOne platform.<br><a rel="nofollow" href="https://github.com/JupiterOne/secops-automation-examples">https://github.com/JupiterOne/secops-automation-examples</a></p></li> <li><p><code class="code codeInline" spellcheck="false" tabindex="0">security-policy-templates</code>: A set of policies, standards and procedures with<br> mapping to HIPAA, HITRUST CSF, PCI DSS, NIST, CIS Controls, etc.<br><a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates">https://github.com/JupiterOne/security-policy-templates</a></p></li> <li><p><code class="code codeInline" spellcheck="false" tabindex="0">jupiter-policy-builder</code>: CLI for generating policies, standards and<br> procedures (PSP) documentation in Markdown and publishing to JupiterOne.<br><a rel="nofollow" href="https://github.com/JupiterOne/jupiter-policy-builder">https://github.com/JupiterOne/jupiter-policy-builder</a></p></li> <li><p><code class="code codeInline" spellcheck="false" tabindex="0">npm-enforce-age</code>: A utility that reminds you when it is time to revoke your<br> issued NPM tokens.<br><a rel="nofollow" href="https://github.com/JupiterOne/npm-enforce-age">https://github.com/JupiterOne/npm-enforce-age</a></p></li> </ul><h2 data-id="early-access-features">Early Access Features</h2> <ul><li><p>A number of fixes and improvements were made to the <strong>Question Trend Charts</strong><br> early access feature:</p> <ul><li><p>Different data series on the trend chart did not display different colors.</p></li> <li><p>Updated the labels of data series on the trend chart to display the name of<br> the stored query when available.</p></li> <li><p>Added an option for users to enable/disable display of trends when editing a<br> saved question in the library.</p></li> </ul></li> </ul><h2 data-id="improvements-and-bug-fixes">Improvements and Bug Fixes</h2> <ul><li><p>Improved the UI display of properties in the <strong>Entity Properties Panel</strong> for<br> array and JSON text properties.</p></li> <li><p>Fixed an issue when editing custom properties of an entity in Asset Inventory,<br> number values were saved as strings.</p></li> <li><p>Fixed an issue where the <code class="code codeInline" spellcheck="false" tabindex="0">unique</code> keyword in certain queries did not correctly<br> return all values.</p></li> <li><p>Fixed an issue where Alert Rules were created without a <code class="code codeInline" spellcheck="false" tabindex="0">Create Alert</code> action<br> or <code class="code codeInline" spellcheck="false" tabindex="0">version</code> for queries when using basic rule editor.</p></li> <li><p>Fixed an issue where changes to a new Insights board immediately after it was<br> created overrides the board that was previously opened.</p></li> <li><p>Fixed the query generated by the <code class="code codeInline" spellcheck="false" tabindex="0">Find Similar</code> action from entity property<br> panel when the selected property value was not a string.</p></li> <li><p>Improved handling of streamed alerts processing.</p></li> <li><p>Improved error messages for query error reporting in the Landing app.</p></li> <li><p>Several other misc. backend and UI/UX improvements.</p></li> </ul> </article> </main>