Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2020.55 Release - AskJ1 Community
<main> <article class="userContent"> <p>2020-10-06</p> <h2 data-id="new-features">New Features</h2> <ul><li><p>Added support for custom Jira Issue Collector in Compliance app such that you can create a Jira<br> issue on-demand directly from a requirement view.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/8687WS9RMJ77/compliance-jira-issue-collector.png" alt="jira-issue-collector" class="embedImage-img importedEmbed-img"></img></p></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">We plan to improve this on-demand Jira issue creation workflow in the future to support features<br> like auto populating certain fields.</p> </div></blockquote> <ul><li><p>Added an entity count indicator to each integration instance. Clicking on the entity count chip wil<br> run a query to show entity counts from that integration instance by entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code>.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/A3EVVULTLNXU/integration-entity-count.png" alt="integration-entity-count" class="embedImage-img importedEmbed-img"></img></p></li> <li><p>Customers can now start a trial themselves for apps they don't current have access to.</p></li> <li><p><em>We have been secretly working on a compliance review workflow feature. It's now in internal testing. Stay tuned!</em></p></li> </ul><h2 data-id="integrations">Integrations</h2> <h3 data-id="aws">AWS</h3> <ul><li><p>Added support to ingest <strong>Amazon Macie</strong> findings. Try:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find aws_s3_bucket with classification != 'public' and tag.Production=true that has aws_macie_finding with hasSensitiveData = true and detectionsCount > 0 return tree </pre></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">This requires <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">macie2:GetFindings</code> and <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">macie2:ListFindings</code> IAM permissions to be added to the<br> IAM policy attached to the JupiterOne integration IAM role.</p> </div></blockquote> <ul><li><p>Improved trust relationships mapping for IAM SAML federation to Google G Suite accounts.</p></li> <li><p>Added <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">netmask</code> property to <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_vpc</code> and <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_subnet</code> entities so that users can easily find subnets,<br> or security group rules pointing to subnets with large netmasks in a query -- e.g. <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">netmask > 16</code>.</p></li> <li><p>Improved relationship mapping between Route53 <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">CNAME</code> records to EC2 instance entities.</p></li> <li><p>Fixed missing relationships between <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_security_group</code> and <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_elasticsearch_domain</code> entities.<br> This allows a query to determine if any ElasticSearch domain is publicly facing:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">find Internet that allows aws_security_group that protects aws_elasticsearch_domain that has aws_subnet with public=true return TREE </pre></li> <li><p>Changed the Lambda <> VPC relationships so that the <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">HAS</code> relationship is built between<br><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_lambda_function</code> and <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_subnet</code> entities. This was previously at the <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_vpc</code> level<br> which was less accurate.</p></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">This is a potentially breaking change if you have existing queries between <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_vpc</code> and<br><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_lambda_function</code> entities.</p> </div></blockquote> <p>></p> <blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">This query:</p> </div></blockquote> <p>></p> <blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find aws_vpc that HAS aws_lambda_function </pre> </div></blockquote> <p>></p> <blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">Needs to be updated to</p> </div></blockquote> <p>></p> <blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find aws_vpc that CONTAINS aws_subnet that HAS aws_lambda_function </pre> </div></blockquote> <p>></p> <blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">The <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_lambda_function</code> entities will continue to have <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">vpcId</code> property that can be used<br> in query filters.</p> </div></blockquote> <h3 data-id="bamboohr">BambooHR</h3> <ul><li>Initial release</li> <li>See <a rel="nofollow" href="../docs/integrations/bamboohr/graph-bamboohr.md">docs</a> for more details</li> </ul><h3 data-id="cloudflare">CloudFlare</h3> <ul><li>Add <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">DomainRecord.value</code> property containing the data of the record</li> </ul><h3 data-id="godaddy">GoDaddy</h3> <ul><li>Initial release</li> <li>See <a rel="nofollow" href="../docs/integrations/godaddygraph-godaddy.md">docs</a> for more details</li> </ul><h3 data-id="google-cloud">Google Cloud</h3> <ul><li><p>Added ingestion of <strong>networking</strong> resources</p> <ul><li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">google_compute_firewall</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">google_compute_network</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">google_compute_subnetwork</code></li> </ul></li> <li><p>Added ingestion of <strong>KMS</strong> resources</p> <ul><li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">google_kms_key_ring</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">google_kms_crypto_key</code></li> </ul></li> <li><p>Added new relationships</p> <ul><li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">google_compute_firewall PROTECTS google_compute_network</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">google_compute_network CONTAINS google_compute_subnetwork</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">google_compute_network HAS google_compute_firewall</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">google_compute_subnetwork HAS google_compute_instance</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Internet ALLOWS google_compute_firewall</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Internet DENIES google_compute_firewall</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Host ALLOWS google_compute_firewall</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Host DENIES google_compute_firewall</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Network ALLOWS google_compute_firewall</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Network DENIES google_compute_firewall</code></li> <li><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">google_kms_key_ring HAS google_kms_crypto_key</code></li> </ul></li> <li><p>Fixed duplicate <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_key</code> detected error when the Google Cloud<br><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">serviceusage.services.list</code> API returned a duplicate API service<br> intermittently.</p></li> <li><p>Fixed <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">ComputeInstanceTrustsServiceAccount</code> relationship which allowed array<br> relationships.</p></li> <li><p>Fixed potential for DUPLICATE_KEY_ERROR in <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">fetchResourceManagerIamPolicy</code>.</p></li> </ul><h3 data-id="google-workspace-formerly-g-suite">Google Workspace (formerly G Suite)</h3> <ul><li>Fixed an incorrect mapping of users to groups.</li> </ul><h2 data-id="other-improvements-and-bug-fixes">Other Improvements and Bug Fixes</h2> <ul><li><p>In the query results table, metadata properties are shown with their actual name the column<br> headers (e.g. <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">type</code> -> <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">class</code> -> <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_class</code>).</p></li> <li><p>Resolved an issue where the table view Insights chart would clip information on smaller screens.</p></li> <li><p>Changed the trend chart in Alerts to always starts at 0 for the Y-axis to avoid confusion.</p></li> <li><p>Resolved an issue where compliance standards would throw a 500 error when being created.</p></li> </ul> </article> </main>