Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2020.42 Release - AskJ1 Community
<main> <article class="userContent"> <p>2020-03-30</p> <h2 data-id="new-features">New Features</h2> <ul><li><p>Introducing <strong>default alias</strong> in query language. This simplifies query writing<br> in most scenarios with return values (using <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">RETURN</code>) or post-traversal<br> filtering (using <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">WHERE</code>).</p> <p>For example, the following query:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find User as u that is Person as p return u.username, p.displayName, p.manager </pre> <p>This can be simplified to:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find User that is Person return User.username, Person.displayName, Person.manager </pre></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">The <strong>Class</strong> or <strong>Type</strong> of an entity can be used directly as the<br><strong>default alias</strong>.</p> </div></blockquote> <p>></p> <blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">Note that this does not work if you reference the same Class or Type of<br> entity more than once in the same query.</p> </div></blockquote> <ul><li>Added support to configure <strong>granular access policies</strong> associated with a<br> J1 user group.<br> (A few more iterations to come this sprint to fully support this capability)</li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">A J1 PLUS/ENTERPRISE tier feature</p> </div></blockquote> <ul><li>Added support to capture detailed <strong>audit trail</strong>.<br> (UI coming soon for account admins to view audit trails)</li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">A J1 PLUS/ENTERPRISE tier feature</p> </div></blockquote> <ul><li><p>Added support to <strong>send SQS message</strong> to a queue and <strong>publish SNS message</strong><br> to a topic in <strong>alert rule actions</strong>. This can be used to trigger custom<br> automation.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/59ZZA5MJXGZC/alerts-rule-actions-sns-sqs.png" alt="alert-rule-action-sns-sqs" class="embedImage-img importedEmbed-img"></img></p></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">Note: in order to use this capability, the JupiterOne integration role for<br> the target AWS integration must be assigned <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">sns:Publish</code> and/or<br><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">sqs:SendMessage</code> permissions in an attached IAM policy.</p> </div></blockquote> <ul><li><p>Added configurable <strong>minimum alert level threshold</strong> in <strong>Daily Digest</strong><br> emails. Only alerts above this set threshold will be counted and included<br> in the daily emails.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/BOTF7LE1EVDO/alerts-daily-email-minimum-threshold.png" alt="daily-digest-min-threshold" class="embedImage-img importedEmbed-img"></img></p></li> <li><p>Added support to query <strong>internal J1 entities</strong> via graph query, including J1<br> users, groups, and (soon) API access keys. This will support setting up alert<br> rules for relevant resources (e.g. Alert when J1 API keys are near expiration).</p></li> </ul><h2 data-id="integrations">Integrations</h2> <ul><li><p><strong>[VMWare AirWatch]</strong> (beta) Rolled out initial version of AirWatch integration! See<br><a rel="nofollow" href="https://jupiterone.vanillacommunities.com/kb/articles/1144-airwatch-integration-with-jupiterone">docs</a> for details.</p></li> <li><p><strong>[AWS]</strong> Added support for <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">ElastiCache</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Elasticsearch</code>, and <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">SNS</code>. See<br><a rel="nofollow" href="../docs/integrations/aws/index.md">docs</a> for details.</p> <p>Also, AWS <strong>Organizations</strong> support is fully functioning, with properties and<br> tags of sub-accounts properly captured. (Thanks to improvements made in the<br> system mapper.)</p></li> <li><p><strong>[Azure]</strong> Added support for <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Load Balancers</code> and relationships to the IP<br> interfaces they connect to in the backend. See<br><a rel="nofollow" href="../docs/integrations/azure/graph-azure.md">docs</a> for details.</p></li> <li><p><strong>[Crowd Strike]</strong> Added ingestion of additional agent properties, including<br><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">deviceId</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">macAddress</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">publicIp</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">osVersion</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">platform</code>, and<br><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">first/lastSeenOn</code> timestamps.</p></li> <li><p><strong>[Github]</strong> Implemented a workaround to a Github GraphQL error on a specific<br> organization query. Github engineering team acknowledged the issue on their<br> side but did not provide a timeframe on fix.</p></li> </ul><h2 data-id="improvements-and-bug-fixes">Improvements and Bug Fixes</h2> <ul><li><p>Fixed a number of bugs in the <strong>Insights</strong> app -- it is now officially out of<br> beta!</p></li> <li><p>Performance improvements on <strong>Landing</strong> page.</p></li> <li><p>Significant <strong>Mapper</strong> performance improvements and bug fixes. Also added<br> support to enrich properties of a target entity that is not created by the<br> mapper or the source integration.</p></li> <li><p>Fixed a bug in <strong>Compliance</strong> where the "no gap" and "no policy" evidence<br> filter did not work upon initial page load.</p></li> <li><p>Fixed a navigation error using "<" ">" buttons in <strong>Compliance</strong> requirements<br> view.</p></li> <li><p><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">jupiterone-client-nodejs</code> -- latest version <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">0.21.1</code> includes the following<br> bug fixes and improvements:</p> <ul><li><p>Improved API throttling in nodejs client, CLI, and <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">security-policy-builder</code><br> (version <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">3.1.2</code>).</p></li> <li><p>Fixed a query timeout issue in the nodejs client.</p></li> <li><p>Added <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">upsert</code> entity support to the CLI.</p></li> </ul></li> </ul> </article> </main>