2020-04-30
Had a sprint focused on new integration SDK and new integrations. In the past
two weeks, our dev team made 160+ commits to the new integration sdk and
data model, plus 250+ commits across 14 integrations!
See Integrations section below for more details.
Also, see an important update on an AWS entity class label change below.
New Features
- Added auto-grouping of graph nodes of the same type, and a list view
to scroll through each item in the group. Select an item in the list to see
its detailed properties.
- Added ring decoration to Finding and Vulnerability entity nodes to show
a colored ring/border based on severity.
- Improved pie chart layout in Insights dashboards. Also made long list
in legend scrollable.
New public facing JupiterOne Questions site.
Added toggle button to expand/collapse all sections in a
selected compliance standard or questionnaire.
Improved version history diff of security policies and procedures document
text.
Integrations
SDK and Data Model
Initial release of 10 new integrations (beta)
Updates to AWS, Azure, and other existing integrations
[AWS]:
- Added ingestion of
aws_nat_gateway and aws_vpn_gateway in a VPC
- Analyze EBS snapshots to determine
shared and public status
Try these two new questions:
>
- Are there EBS snapshots shared with other accounts?
- Are there EBS snapshots shared publicly?
Updated relationship mappings between aws_route53_record entities to
IpAddress, NetworkInterface, Gateway (e.g. ALB/ELB), SES Service,
ACM Service, and other aws_route53_record (alias records) entities.
Added mapping of several saved AWS queries/questions to PCI DSS standard
requirements
Tweaked queries in question "Which IAM policies in addition to
"AdministratorAccess" allow full admin access to any and all resources?" to
include separate queries/sections for admin-role-inline-policies and
exceptions.
Fixed IAM policy parsing to set update flag for Change* IAM permissions.
Set baseUrl property on aws_s3_bucket entities to:
https://${bucket.bucketName}.s3.amazonaws.com
Updated the _class on aws_route53_zone and aws_route53_record entities:
aws_route53_zone class will be DomainZone (previously Domain and Zone)aws_route53_record class will be DomainRecord (previously DomainRecord and Record)
Important: Please update your queries in saved questions and/or alert rules accordingly.
Community Projects
This allows users to write terraform code to describe and provision
jupiterone questions (saved queries) and alert rules, similar to how you use
terraform code to provision AWS resources. We plan to add resources to
describe compliance standards, groups, SAML clients, and more in the future.
Added support to publish policies to Confluence in
security-policy-builder via the command psp publish --confluence to
security-policy-builder; plus several minor bug fixes.
Improved policy and procedure templates to better handle HIPAA related
statements conditionally.
Improvements and Bug Fixes
.png)
