Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2020.41 Release - AskJ1 Community
<main> <article class="userContent"> <p>2020-03-17</p> <h2 data-id="new-features">New Features</h2> <ul><li><p>Added <strong>evidence upload</strong> capability to Compliance app.</p></li> <li><p>Much improved <strong>Slack message formatting</strong> from JupiterOne alerts. See example<br> alert below. The message title links to the alert in the JupiterOne web app.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/WBMHF8JQHRT3/alerts-slack-message.png" alt="alerts-slack-message" class="embedImage-img importedEmbed-img"></img></p> <p>The alert above is configured with the following <code class="code codeInline" spellcheck="false" tabindex="0">slackBody</code> template and<br> action:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">"templates": { "slackBody": "Function Name: {{item.functionName}}\nMemory size: {{item.memorySize}}\n\n" }, ... "operations": [ { ... "actions": [ ... { "type": "SEND_SLACK_MESSAGE", "body": "{{queries.query0.data|mapTemplate('slackBody')|join(' ')}}", "webhookUrl": "https://hooks.slack.com/services/ABC/DEF" } ] } ] </pre> <p>Additionally, <code class="code codeInline" spellcheck="false" tabindex="0">{{alertWebLink}}</code> is available as a variable that can be<br> referenced in rule templating.</p></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">🤫 <em>Don't tell anyone yet: a JupiterOne Slack app is coming soon!</em></p> </div></blockquote> <h2 data-id="integrations">Integrations</h2> <ul><li><p><strong>[AWS]</strong> Added ingestion of tags on IAM users and roles; captured<br><code class="code codeInline" spellcheck="false" tabindex="0">backupsCount</code>, <code class="code codeInline" spellcheck="false" tabindex="0">oldestBackupCreatedOn</code>, and <code class="code codeInline" spellcheck="false" tabindex="0">latestBackupCreatedOn</code><br> properties to <code class="code codeInline" spellcheck="false" tabindex="0">aws_dynamodb_table</code> entities.</p></li> <li><p><strong>[Jamf]</strong> Added properties from general details to computer entity.</p></li> <li><p><strong>[Jira]</strong> Improved parsing of Jira description/text contents; created missing<br><code class="code codeInline" spellcheck="false" tabindex="0">jira_account</code> -> <code class="code codeInline" spellcheck="false" tabindex="0">jira_user</code> relationships.</p></li> <li><p><strong>[Okta]</strong> Added raw data capture for Okta entities.</p></li> <li><p><strong>[Tenable Cloud]</strong> Added additional fields to Finding and Vulnerability<br> entities ingested from Tenable Cloud API, including <code class="code codeInline" spellcheck="false" tabindex="0">description</code>, <code class="code codeInline" spellcheck="false" tabindex="0">synopsis</code>,<br><code class="code codeInline" spellcheck="false" tabindex="0">solution</code>, <code class="code codeInline" spellcheck="false" tabindex="0">priority</code>, <code class="code codeInline" spellcheck="false" tabindex="0">numericPriority</code>, etc. when available. Also fixed<br> incorrectly assigned values to <code class="code codeInline" spellcheck="false" tabindex="0">severity</code> and <code class="code codeInline" spellcheck="false" tabindex="0">numericSeverity</code>.</p></li> </ul><h2 data-id="improvements-and-bug-fixes">Improvements and Bug Fixes</h2> <ul><li><p>Improved auto-complete to not make suggestions after quotation marks.</p> <p><em>Note: Query auto-complete is now enabled by default for new users.</em></p></li> <li><p>Fixed an issue with the Github app installation flow during integration setup.</p></li> <li><p>Fixed an occasional timeout issue with Snyk integration.</p></li> <li><p>Minor content updates and fixes to <code class="code codeInline" spellcheck="false" tabindex="0">security-policy-templates</code>.</p></li> <li><p>Fixed an issue in Insights where adding a second widget to the board<br> overwrites the one that was just added before it.</p></li> <li><p>Added more end-to-end testing and monitoring to improve platform health check.</p></li> </ul><h2 data-id="community-projects">Community Projects</h2> <ul><li><p>Added example script to leverage graph query results to enrich entity data:</p> <p><a rel="nofollow" href="https://github.com/JupiterOne/graph-enrichment-examples">https://github.com/JupiterOne/graph-enrichment-examples</a></p> <p>And a corresponding blog post to describe a use case around checking user<br> account MFA status:</p> <p><a rel="nofollow" href="https://jupiterone.com/blog/reduce-noise-when-analyzing-user-mfa-status/">https://jupiterone.com/blog/reduce-noise-when-analyzing-user-mfa-status/</a></p></li> <li><p>Added a module to support running Microsoft's Playwright on AWS Lambda and<br> Google Cloud Functions:</p> <p><a rel="nofollow" href="https://github.com/JupiterOne/playwright-aws-lambda">https://github.com/JupiterOne/playwright-aws-lambda</a></p> <p><em>This was added about a month ago but never made it into the release note.</em></p></li> </ul> </article> </main>