Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2019.30 Release - AskJ1 Community
<main> <article class="userContent"> <p>2019-09-30</p> <h2 data-id="new-features">New Features</h2> <ul><li><p>Added <strong>J1QL docs in-app</strong> to the Query Library. you can access the docs with<br> the Library open side-by-side as you run queries.</p> <p>You can even try any of the queries mentioned in the docs directly — just<br> click the play button next to a query!</p> <p><img src="https://us.v-cdn.net/6035534/uploads/0U613LCHZ955/query-library-docs.gif" alt="query-library-docs" class="embedImage-img importedEmbed-img"></img></p></li> <li><p>Other updates in the <strong>Landing</strong> app:</p> <ul><li><p>Added support to <strong>page through >250 rows</strong> in query results from the<br> Landing webapp.</p></li> <li><p>Added shortcut/action button to create an Alert rule directly from query<br> result.</p></li> <li><p>Added shortcut to edit a saved question directly from question results.</p></li> <li><p>Saved and Packaged (pre-loaded) questions are now combined under one tab in<br> the Query Library. You can toggle the view to include/exclude packaged<br> questions in the view. Additionally, you can now edit or delete packaged<br> questions.</p></li> </ul></li> <li><p>Added the ability to <strong>view historic data</strong> associated with an entity that has<br> raw JSON data stored (most, not all, entities currently have raw data saved).</p> <ul><li><p>The <strong>History view</strong> can be invoked from the entity properties menu, either<br> within the Asset Inventory view or the Graph view. Selecting "History" from<br> the dropdown actions menu will open up a modal where you can view previous<br> versions of the entity JSON (if available).</p></li> <li><p>Within the History view, you can select two versions of JSON data for a<br> side-by-side or inline comparison (<strong>Diff view</strong>).</p></li> </ul></li> <li><p>Updates in the <strong>Compliance</strong> app:</p> <ul><li>Added <strong>bulk evidence download</strong> capability in compliance app.</li> </ul><p>Clicking on the "Download" button for a selected compliance standard will<br> trigger a build of all available compliance evidence in the background. You<br> will receive an email notification with a link when the package is ready for<br> download.</p> <p>Current limitation: if an evidence query generates more than 250 results,<br> the bulk download only includes the initial 250 results as sample output.<br> This is done as a trade-off so that the evidence package can be generated<br> relatively quickly. This sampling is sufficient for audits/assessments in<br> most cases. Evidence download directly from a specific requirement will<br> include the full results.</p> <ul><li><p>In evidence downloads, added <strong>query and timestamp</strong> directly to the CSV<br> files as metadata header, followed by the actual data.</p></li> <li><p>You can add a new query question directly within the compliance requirement<br> details view and have it mapped to the selected requirement/control.</p></li> </ul></li> <li><p>Added filter support for the "Type" column in Alerts > Open Vulns & Findings<br> view.</p></li> <li><p>Added support to delete an alert rule, in addition to disabling the rule.</p></li> <li><p>Support custom fields in Jira action of an alert rule, via the<br><code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">additionalFields</code> object. This must be configured with the advanced (JSON)<br> rule editor.</p></li> <li><p>J1QL now supports non-alphanumeric characters in the property names, by<br> wrapping the name in brackets. e.g. --</p> <ul><li><code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">Find Host with [special-prop-name]='abc'</code></li> <li><code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">Find Host as e return e.[special-prop-name]</code></li> </ul></li> </ul><h2 data-id="integrations">Integrations</h2> <ul><li><p><strong>AWS</strong></p> <ul><li>Added capability to <strong>detect leaked secrets/credentials</strong> in CloudFormation<br> Stack parameters and outputs. Run the following query to find them:</li> </ul><pre class="code codeBlock" spellcheck="false" tabindex="0">Find aws_cloudformation_stack with secretsDetected=true </pre> <p>Detected secrets will be masked as <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">****REDACTED****</code> in the parameters /<br> outputs.</p></li> <li><p><strong>Azure</strong></p> <ul><li>Added the following entities and their corresponding relationships:<br><code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">azure_vm</code>, <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">azure_nic</code> and <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">azure_public_ip</code>.</li> </ul><p>See <a rel="nofollow" href="../docs/integrations/azure/graph-azure.md">Azure integration docs</a> for more details.</p></li> </ul><h2 data-id="improvements-and-bug-fixes">Improvements and Bug Fixes</h2> <ul><li><p>Fixed UI pointer when you mouse over a Group name in Users & Access view.</p></li> <li><p>Fixed broken link in the Policy Builder / edit view to go back to policies.</p></li> <li><p>Fixed a query language bug where negation on property filter did not work when<br> the property value is an array.</p></li> <li><p>Fixed an issue where arrays were incorrectly converted to comma separate<br> strings when indexed.</p></li> <li><p>Improved how query parsing is handled with complex filter conditions and<br> parenthesis.</p></li> <li><p>Fixed an issue where empty string was incorrectly handled by the mapper.</p></li> <li><p>Improved layout of the alert rule editor.</p></li> </ul><h2 data-id="community-projects">Community Projects</h2> <p><em>Community resources are provided AS IS. Code contributions and forks welcome.</em></p> <ul><li><p>Added examples using JupiterOne to enforce code reviews and security code<br> scanning in CI/CD pipeline. See:</p> <ul><li><a rel="nofollow" href="https://github.com/JupiterOne/change-management-client">https://github.com/JupiterOne/change-management-client</a></li> <li><a rel="nofollow" href="https://github.com/JupiterOne/change-management-example">https://github.com/JupiterOne/change-management-example</a></li> </ul></li> <li><p>Added example training template (for HIPAA awareness) and how to capture<br> employee training records in YAML for custom internal training and publish to<br> JupiterOne graph. See:</p> <ul><li><a rel="nofollow" href="https://github.com/JupiterOne/security-training-templates">https://github.com/JupiterOne/security-training-templates</a></li> </ul></li> <li><p>Open sourced a tool to detect specific type of pull request and alert the<br> security team in Slack. See:</p> <ul><li><a rel="nofollow" href="https://github.com/JupiterOne/bitbucket-pr-detector">https://github.com/JupiterOne/bitbucket-pr-detector</a></li> </ul></li> <li><p>Added examples compliance standard JSON files for FedRAMP High, Moderate, Low,<br> and SOC 2 Security (Common Criteria). These can be imported to the Compliance<br> app. See:</p> <ul><li><a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates/blob/master/templates/standards/fedramp-high.json">https://github.com/JupiterOne/security-policy-templates/blob/master/templates/standards/fedramp-high.json</a></li> <li><a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates/blob/master/templates/standards/fedramp-moderate.json">https://github.com/JupiterOne/security-policy-templates/blob/master/templates/standards/fedramp-moderate.json</a></li> <li><a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates/blob/master/templates/standards/fedramp-low.json">https://github.com/JupiterOne/security-policy-templates/blob/master/templates/standards/fedramp-low.json</a></li> <li><a rel="nofollow" href="https://github.com/JupiterOne/security-policy-templates/blob/master/templates/standards/soc2-security.json">https://github.com/JupiterOne/security-policy-templates/blob/master/templates/standards/soc2-security.json</a></li> </ul></li> </ul> </article> </main>