Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2020.56 Release - AskJ1 Community
<main> <article class="userContent"> <p>2020-10-22</p> <h2 data-id="new-features">New Features</h2> <ul><li><p>Added support to genarate a <strong>shareable URL for an Insights dashboard</strong>.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/UU2EORMAXYX1/insights-dashboard-share-link.png" alt="insights-dashboard-share-link" class="embedImage-img importedEmbed-img"></img></p></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">This is similar to sharing a Google Doc file via a link. This is useful for sharing with other users <br> in the organization who do not have a JupiterOne user account, or sharing with an external user such<br> as an auditor.</p> <p class="blockquote-line">Anyone with acccess to the link can view the dashboard. Please share with care. Shareable link does<br> not expire, but you can revoke the link / stop sharing at any time.</p> </div></blockquote> <ul><li><p>Added the ability to <strong>cancel a running query</strong>. Also, the query result actions such as sharing are<br> enabled while the query is still running.</p></li> <li><p>Added <strong>currency label</strong> and <strong>decimal limit</strong> to number chart and pie chart widgets in the Insights <br> dashboard app.</p></li> <li><p>Updates to <strong>the platform API</strong>:</p> <ul><li>Added ability to fetch synchronization logs for bulk upload via API</li> <li>Added bulk delete API</li> </ul></li> </ul><h2 data-id="integrations">Integrations</h2> <ul><li>Added <code class="code codeInline" spellcheck="false" tabindex="0">ONE_WEEK</code> polling interval as an available option to all integrations.</li> </ul><h3 data-id="aws">AWS</h3> <ul><li><p>Improved queries for <strong>"Is public access enabled for any S3 Bucket?"</strong> to reduce false positives <br> by taking into acocunt public access block settings in addition to bucket ACL and bucket policy</p></li> <li><p>Normalize <code class="code codeInline" spellcheck="false" tabindex="0">transferLock</code> to <code class="code codeInline" spellcheck="false" tabindex="0">Domain.transferLock</code> and <code class="code codeInline" spellcheck="false" tabindex="0">Domain.locked</code></p></li> <li><p>Added <strong>CloudHSM</strong> support: ingesting Cloud HSM <code class="code codeInline" spellcheck="false" tabindex="0">Cluster</code>, <code class="code codeInline" spellcheck="false" tabindex="0">Host</code>, and <code class="code codeInline" spellcheck="false" tabindex="0">Backup</code> entities <br> (each also classed as <code class="code codeInline" spellcheck="false" tabindex="0">Vault</code>)</p></li> <li><p>Added <code class="code codeInline" spellcheck="false" tabindex="0">DeleteBucketEncryption</code> CloudTrail event handler</p></li> <li><p>Added lifecycle properties to entities currently monitored by CloudTrail:</p> <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">createdBy</code>, <code class="code codeInline" spellcheck="false" tabindex="0">createdOn</code></li> <li><code class="code codeInline" spellcheck="false" tabindex="0">updatedBy</code>, <code class="code codeInline" spellcheck="false" tabindex="0">updatedOn</code></li> <li><code class="code codeInline" spellcheck="false" tabindex="0">deletedBy</code>, <code class="code codeInline" spellcheck="false" tabindex="0">deletedOn</code></li> </ul></li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <p class="blockquote-line">Learn more about enabling <a rel="nofollow" href="https://support.jupiterone.io/hc/en-us/articles/360051794213-AWS-CloudTrail-Event-Streaming">CloudTrail Event Streaming</a> <br> if you'd like to see entities in JupiterOne updating as changes occur in your AWS infrastructure.</p> </div></blockquote> <h3 data-id="azure">Azure</h3> <ul><li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_event_grid_domain</code> entities</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_resource_group|has|azure_event_grid_domain</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_event_grid_domain_topic</code> entities</li> <li><p>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_event_grid_domain|has|azure_event_grid_domain_topic</code><br> relationships</p></li> <li><p>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_event_grid_topic</code> entities</p></li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_resource_group|has|azure_event_grid_topic</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_event_grid_topic_subscription</code> entities</li> <li><p>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_event_grid_topic|has|azure_event_grid_topic_subscription</code><br> relationship</p></li> <li><p>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_event_grid_domain_topic|has|azure_event_grid_topic_subscription</code><br> relationship</p></li> <li><p>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_batch_account</code> entities</p></li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_resource_group|has|azure_batch_account</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_batch_pool</code> entities</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_batch_account|has|azure_batch_pool</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_batch_application</code> entities</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_batch_account|has|azure_batch_application</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_batch_certificate</code> entities</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_batch_account|has|azure_batch_certificate</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_redis_cache</code> entities</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_resource_group|has|azure_redis_cache</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_redis_firewall_rule</code> entities</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_redis_cache|has|azure_redis_firewall_rule</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_redis_cache|connects|azure_redis_cache</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_container_group</code> entities</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_resource_group|has|azure_container_group</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_container</code> entities</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_container_group|has|azure_container</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_container_volume</code> entities</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_container_group|has|azure_container_volume</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_container|uses|azure_container_volume</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_container_volume|uses|azure_storage_file_share</code> relationships</li> <li>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_advisor_recommendation</code> entities</li> <li><p>Added <code class="code codeInline" spellcheck="false" tabindex="0">ANY_SCOPE|has|azure_advisor_recommendation</code> relationships. These can<br> target any scoped entity within Azure.</p></li> <li><p>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_security_assessment</code> entities</p></li> <li><p>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_security_assessment|identified|azure_advisor_recommendation</code><br> relationships</p></li> <li><p>Added <code class="code codeInline" spellcheck="false" tabindex="0">azure_subscription|performed|azure_security_assessment</code> relationships</p></li> </ul><h3 data-id="godaddy">GoDaddy</h3> <ul><li>Normalize <code class="code codeInline" spellcheck="false" tabindex="0">transferProtected</code> to <code class="code codeInline" spellcheck="false" tabindex="0">Domain.transferLock</code> and <code class="code codeInline" spellcheck="false" tabindex="0">Domain.locked</code></li> </ul><h3 data-id="google-cloud">Google Cloud</h3> <ul><li><p>Expose boolean <code class="code codeInline" spellcheck="false" tabindex="0">public</code> property on <code class="code codeInline" spellcheck="false" tabindex="0">google_storage_bucket</code> that determines<br> whether a storage bucket is public</p></li> <li><p>Added CIS Benchmarks for Google Cloud managed questions:</p> <ul><li>Ensure that corporate login credentials are used</li> <li>Ensure that there are only GCP-managed service account keys for each service account</li> <li>Ensure that Service Account has no Admin privileges</li> <li>Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level</li> <li>Ensure user-managed/external keys for service accounts are rotated every 90 days or less</li> <li>Ensure encryption keys are rotated within a period of 365 days</li> <li>Ensure that the default network does not exist in a project</li> <li>Ensure that SSH access is restricted from the internet</li> <li>Ensure that RDP access is restricted from the Internet</li> <li>Ensure that Google Cloud Compute instances are not configured to use the default service account</li> <li>Ensure that Cloud Storage bucket is not anonymously or publicly accessible</li> <li>Ensure that Cloud Storage buckets have uniform bucket-level access enabled</li> </ul></li> </ul><h3 data-id="google-workspaces">Google Workspaces</h3> <ul><li>Added <code class="code codeInline" spellcheck="false" tabindex="0">google_token - ALLOWS -> Vendor</code> relationships</li> </ul><h3 data-id="qualys">Qualys</h3> <ul><li>Integration ported to latest SDK, executing across multiple steps, significant improvements on performance and scalability</li> <li><p>Updated entity/relationship ingestion to better match the latest <br><a rel="nofollow" href="https://support.jupiterone.io/hc/en-us/articles/360041429733-Data-Model-for-Vulnerability-Management">JupiterOne Data Model for Vulnerability Management</a></p></li> <li><p>Improved API client to handle rate limit response headers</p></li> <li>Ingest <code class="code codeInline" spellcheck="false" tabindex="0">Account</code> entity and relate to <code class="code codeInline" spellcheck="false" tabindex="0">Service</code> entities for VMDR and Web Application Scanner, with portal/service version information in raw data</li> <li>Ingest <code class="code codeInline" spellcheck="false" tabindex="0">Service - SCANS -> Host</code> relationships and <code class="code codeInline" spellcheck="false" tabindex="0">Service - IDENTIFIED -> Finding</code> relationships</li> </ul><h2 data-id="community-projects">Community Projects</h2> <ul><li><p>New <code class="code codeInline" spellcheck="false" tabindex="0">nslookup-shodan</code> project that contains an automation script to enrich the domain records mapping in a JupiterOne account. <br> This enrichment connects DNS records to target hosts, ultimately allowing users to easily identify records pointing to targets<br> that are outside of their integrated assets (i.e. vendor hosted) and any truely "orphaned" records.</p> <p>See details in the GitHub repo: <a rel="nofollow" href="https://github.com/JupiterOne/nslookup-shodan">https://github.com/JupiterOne/nslookup-shodan</a></p></li> </ul><h2 data-id="other-improvements-and-bug-fixes">Other Improvements and Bug Fixes</h2> <ul><li><p>Fixed UI issue with status indicators not lining up with compliance titles.</p></li> <li><p>Resolved an issue with cache token expiration that might require the user to refresh the page while still logged in to the app.</p></li> <li><p>Fixed 502 errors that were happening on Lambda cold start due to gremlin package bug.</p></li> <li><p>Improved scalabiility of the synchronization process.</p></li> </ul> </article> </main>