Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2020.47 Release - AskJ1 Community
<main> <article class="userContent"> <p>2020-06-16</p> <p>In addition to the new features and updates below, check out<br><a href="https://ask.us.jupiterone.io" rel="nofollow">https://ask.us.jupiterone.io</a> for the newly improved Question Library.</p> <h2 data-id="new-features">New Features</h2> <ul><li><p>Added a <strong>Compliance Evidence Library</strong> to manage all uploaded evidence<br> files/documents across all compliance standards from one central place. Each<br> uploaded evidence can be attached to multiple compliance requirements, similar<br> to how one query question can be mapped to many.</p></li> <li><p>Brand new <strong>Compliance Reporting</strong> capability that allows users to configure a<br> report template in Markdown and <strong>generate a full PDF report</strong> based on the<br> status, risks, and other dynamic attributes of the selected compliance<br> standard and organization data.</p></li> <li><p>In the compliance requirement view, a <strong>Gap indicator</strong> is added to next to<br> each question, and each query tab within a question, as appropriate, to<br> indicate which question/query identified gaps for the give requirement.</p></li> <li><p>Brand new <strong>Powerup</strong> capability to <strong>Configure Resource Whitelisting</strong>. The<br> allowlisting is used to <strong>enrich</strong> a particular class of entities. Currently<br> supported allowlisting includes:</p> <ul><li><p><strong>Approved Applications</strong> - enriches <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">Application</code> entities with an<br><code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">approved</code> boolean attribute</p></li> <li><p><strong>Internal IP Addresses</strong> - enriches mapped <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">Host</code> or <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">Network</code> entities<br> with an <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">internal</code> boolean attribute</p></li> <li><p><strong>Trusted External IP Addresses</strong> - enriches mapped <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">Host</code> or <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">Network</code><br> entities with a <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">trusted</code> boolean attribute</p></li> </ul></li> <li><p>In the <strong>Asset Inventory</strong> app, <strong>Bulk Upload</strong> entities/relationships via<br> JSON/YAML file will prompt the user for a <code class="code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline code codeInline" spellcheck="false" tabindex="0">scope</code> (previously saved "scopes"<br> are listed for easy selection).</p></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">What does "scope" mean?</p> </div></blockquote> <p>></p> <blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">A scope is used to identify relationships to update/delete during diffing.<br> Previously existing entities/relationships within the same scope that no<br> longer exist in the latest upload are deleted.</p> </div></blockquote> <ul><li><p>Added an indicator in the entity properties panel to show any property value<br> that has been manually edited/overriden by an administrator. The original<br> value from the integration source / provider is shown on mouse hover.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/EEXSQ0AW9UNP/property-override.png" alt="property-override" class="embedImage-img importedEmbed-img"></img></p></li> <li><p>Added initial prompt for users to import Alert Rules upon first visit of the <br> Alerts app.</p></li> <li><p>Added shortcut button to see <strong>Revision History</strong> of each policy/procedure<br> document in the <strong>Policies</strong> app.</p></li> </ul><h2 data-id="integrations">Integrations</h2> <ul><li><strong>Carbon Black</strong>: Added alert findings ingestion.</li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">IMPORTANT: The new release of the Carbon Black integration uses their latest<br> v6 API and it requires a change in API permission settings.</p> </div></blockquote> <p>></p> <blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line"><strong>Please obtain new credentials and update the integration configuration in JupiterOne.</strong></p> </div></blockquote> <p>></p> <blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">The instructions are found in the doc <a rel="nofollow" href="../docs/integrations/cbdefense/cbdefense.md">here</a>.</p> </div></blockquote> <ul><li><p><strong>Carbon Black, Cisco AMP, Cisco Meraki, Jamf, Snipe-IT</strong>: Improvements across<br> multiple endpoint protection / endpoint management integrations to better<br> correlate and normalize data so that they consistently point to the same<br> device.</p></li> <li><p>Properly handle capturing of RAW data with the new integration SDK.</p></li> <li><p>Various small bug fixes and improvements.</p></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">We are actively working on CloudTrail events support! Nothing in this release<br> yet but may be ready for beta testing as soon as the next release! Stay tuned.</p> </div></blockquote> <h2 data-id="improvements-and-bug-fixes">Improvements and Bug Fixes</h2> <ul><li><p>A few mapper improvements and bug fixes.</p></li> <li><p>A few query and indexer improvements and bug fixes.</p></li> </ul> </article> </main>