/* * These styles apply ONLY to the header and footer assets. */ a { -webkit-font-smoothing: antialiased; } .userContent .tableWrapper table { background: white; } #titleBar { display: none; position: absolute; } .ask-j1-header { position: relative; /* height: 77px; */ overflow: visible; z-index: 9; } .ask-j1-header-container .ask-j1-menu-container .ask-j1-header_navigation .ask-j1-header_menu .menu-item a.active { color: #8C9EFF; } .ask-j1-header-container .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper #SiteNav .filter-dropdown:first-of-type { max-width: 145px; } .ask-j1-header-container .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper #SiteNav .filter-dropdown:nth-of-type(2) { max-width: 170px; } .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper .filter-dropdown a { text-decoration: none; } #shopify-section-header .ask-j1-menu-container .submenu .filter-dropdown-wrapper .site-nav-hs .filter-dropdown.site-nav--active .site-nav__link { text-decoration: underline; } .ask-j1-menu-container .submenu .site-nav__link.active { color:#8C9EFF !important; text-decoration: underline !important; } .ask-j1-menu-container .submenu .submenu-items.d-flex { /* display: none !important; */ } .ask-j1-header-container .ask-j1-menu-container .ask-j1-header_navigation .ask-j1-header_menu .menu-item a { text-decoration: none; -webkit-font-smoothing: antialiased; } .ask-j1-header-container .ask-j1-menu-container .submenu { z-index: 1; } * { padding: 0; margin: 0; box-sizing: border-box; } .footer { background: #f5f5f6; color: #555a62; font-size: 14px; line-height: 1.5; padding: 18px 0; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1236px; margin: 0 auto; } .footer a { color: #0291db; } .footer a:hover { color: #0276b3; } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-col { padding: 0 3px; } .footer-col-copyRight { justify-content: flex-start; } .footer-col-logo { justify-content: flex-end; } .footer-col-copyRight, .footer-col-logo { flex: 1; display: flex; } .logo { width: 120px; height: 28px; opacity: 0.6; } @media screen and (max-width: 768px) { .footer-row { display: block; } .footer-col { width: 100%; text-align: center; margin: 6px 0; } .footer-col:first-child { margin-top: 0; } .footer-col:last-child { margin-bottom: 0; } .footer-col-copyRight, .footer-col-logo { justify-content: center; } .logo { margin: 0 auto; } } #shopify-section-header .ask-j1-menu-container .submenu .filter-dropdown-wrapper .site-nav-hs .filter-dropdown { display: flex; align-items: center; } @media screen and (max-width: 1101px) and (min-width: 871px) { #shopify-section-header .ask-j1-menu-container .submenu .filter-dropdown-wrapper .site-nav-hs .filter-dropdown { font-size: 18px; } #shopify-section-header .ask-j1-menu-container .submenu .filter-dropdown-wrapper .site-nav-hs .filter-dropdown { margin: 0 10px 0 0 !important; padding-right: 10px !important; } .ask-j1-header-container .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper #SiteNav .ask-j1-header-container .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper #SiteNav .filter-dropdown:first-of-type { } .ask-j1-menu-container .submenu .submenu-items { margin-left: 0px !important; } } @media screen and (min-width: 1101px){ #shopify-section-header .ask-j1-menu-container .submenu .filter-dropdown-wrapper .site-nav-hs .filter-dropdown { font-size: 16px; } } @media screen and (max-width: 871px) { #shopify-section-header .ask-j1-menu-container .submenu .filter-dropdown-wrapper .site-nav-hs .filter-dropdown { font-size: 12px; } .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper { margin-left: 4px !important; } #shopify-section-header .ask-j1-menu-container .submenu .filter-dropdown-wrapper .site-nav-hs .filter-dropdown { margin: 0 5px 0 0 !important; padding-right: 5px !important; } .ask-j1-menu-container .submenu .submenu-items .search .search-input { width: 100% !important; } .ask-j1-menu-container .submenu .submenu-items { margin-left: 6px !important; } } @media screen and (min-width: 1100px) and (max-width: 1330px) { #shopify-section-header .ask-j1-menu-container .submenu .filter-dropdown-wrapper .site-nav-hs .filter-dropdown { font-size: 16px; } #shopify-section-header .ask-j1-menu-container .submenu .filter-dropdown-wrapper .site-nav-hs .filter-dropdown { margin: 0 24px 0 0 !important; padding-right: 24px !important; } .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper { margin-left: 8px; } .ask-j1-menu-container .submenu .submenu-items { margin-left: 4px; } } @media screen and (max-width: 800px) { .ask-j1-header .ask-j1-header-container.menu-active .ask-j1-menu-container .ask-j1-header_navigation { z-index: 9; position: relative; background: white; } } .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper .filter-dropdown:not(:last-child):after { height: 100%; } @media screen and (max-width: 1100px) and (min-width: 870px) { .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper .filter-dropdown:not(:last-child):after { top: 0px !important; } } @media screen and (max-width: 870px) { .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper .filter-dropdown:not(:last-child):after { height: 16px !important; } } @media screen and (max-width: 800px) { .ask-j1-header .ask-j1-header-container.menu-active .ask-j1-header-logo-mobile { /* padding: 12px !important; */ } /* .ask-j1-header .ask-j1-header-container.menu-active .ask-j1-menu-container .ask-j1-header_navigation { padding: 50px 20px 20px !important; } */ } .ask-j1-menu-container .submenu .submenu-items .filter-dropdown-wrapper .filter-dropdown a { font-family: "Lato", sans-serif; } .ask-j1-header-container .ask-j1-menu-container .ask-j1-header_navigation .ask-j1-header_menu .menu-item:first-of-type a{ color: #8C9EFF !important; } .remove-first-active .ask-j1-header-container .ask-j1-menu-container .ask-j1-header_navigation .ask-j1-header_menu .menu-item:first-of-type a{ color: #fff !important; } .ask-j1-header-container .ask-j1-menu-container .ask-j1-header_navigation .ask-j1-header_menu .menu-item{ display: flex; } #shopify-section-header .ask-j1-menu-container .submenu .submenu-items .search form button img{ width: 18px; } .ask-j1-menu-container .submenu .submenu-items .search { width: 276px !important; border-radius: 3px; } .ask-j1-menu-container .submenu .submenu-items .search form { width: 100% !important; justify-content: space-between !important; } .ask-j1-menu-container .submenu .submenu-items .search form >input::placeholder, .ask-j1-menu-container .submenu .submenu-items .search form >input { padding: 5px 0 6px !important; letter-spacing: 0.15px; font-family: Lato; font-style: normal; font-weight: normal; -webkit-font-smoothing: antialiased; font-size: 16px; } .ask-j1-header-container .ask-j1-menu-container .submenu-items a:hover, .ask-j1-header-container .ask-j1-menu-container .ask-j1-header_navigation .menu-item a:hover { color: #8C9EFF !important; } .ask-j1-header-container .ask-j1-menu-container .submenu-items a:hover { text-decoration: underline !important; } @media screen and ( min-width: 760px ){ #shopify-section-header .ask-j1-header-container .ask-j1-header-logo .atmc-header_logo img { height: 108px !important; } } @media screen and ( max-width: 800px ){ #titleBar { display: none !important; } } /*# sourceMappingURL=styles.css.map */

Release Notes

JupiterOne 2020.56 Release

2020-10-22

New Features

Added support to genarate a shareable URL for an Insights dashboard.

This is similar to sharing a Google Doc file via a link. This is useful for sharing with other users
in the organization who do not have a JupiterOne user account, or sharing with an external user such
as an auditor.

Anyone with acccess to the link can view the dashboard. Please share with care. Shareable link does
not expire, but you can revoke the link / stop sharing at any time.

Added the ability to cancel a running query. Also, the query result actions such as sharing are
enabled while the query is still running.
Added currency label and decimal limit to number chart and pie chart widgets in the Insights
dashboard app.
Updates to the platform API:
- Added ability to fetch synchronization logs for bulk upload via API
- Added bulk delete API

Integrations

Added ONE_WEEK polling interval as an available option to all integrations.

AWS

Improved queries for "Is public access enabled for any S3 Bucket?" to reduce false positives
by taking into acocunt public access block settings in addition to bucket ACL and bucket policy
Normalize transferLock to Domain.transferLock and Domain.locked
Added CloudHSM support: ingesting Cloud HSM Cluster, Host, and Backup entities
(each also classed as Vault)
Added DeleteBucketEncryption CloudTrail event handler
Added lifecycle properties to entities currently monitored by CloudTrail:
- createdBy, createdOn
- updatedBy, updatedOn
- deletedBy, deletedOn

Learn more about enabling CloudTrail Event Streaming
if you'd like to see entities in JupiterOne updating as changes occur in your AWS infrastructure.

Azure

Added azure_event_grid_domain entities
Added azure_resource_group|has|azure_event_grid_domain relationships
Added azure_event_grid_domain_topic entities
Added azure_event_grid_domain|has|azure_event_grid_domain_topic
relationships
Added azure_event_grid_topic entities
Added azure_resource_group|has|azure_event_grid_topic relationships
Added azure_event_grid_topic_subscription entities
Added azure_event_grid_topic|has|azure_event_grid_topic_subscription
relationship
Added azure_event_grid_domain_topic|has|azure_event_grid_topic_subscription
relationship
Added azure_batch_account entities
Added azure_resource_group|has|azure_batch_account relationships
Added azure_batch_pool entities
Added azure_batch_account|has|azure_batch_pool relationships
Added azure_batch_application entities
Added azure_batch_account|has|azure_batch_application relationships
Added azure_batch_certificate entities
Added azure_batch_account|has|azure_batch_certificate relationships
Added azure_redis_cache entities
Added azure_resource_group|has|azure_redis_cache relationships
Added azure_redis_firewall_rule entities
Added azure_redis_cache|has|azure_redis_firewall_rule relationships
Added azure_redis_cache|connects|azure_redis_cache relationships
Added azure_container_group entities
Added azure_resource_group|has|azure_container_group relationships
Added azure_container entities
Added azure_container_group|has|azure_container relationships
Added azure_container_volume entities
Added azure_container_group|has|azure_container_volume relationships
Added azure_container|uses|azure_container_volume relationships
Added azure_container_volume|uses|azure_storage_file_share relationships
Added azure_advisor_recommendation entities
Added ANY_SCOPE|has|azure_advisor_recommendation relationships. These can
target any scoped entity within Azure.
Added azure_security_assessment entities
Added azure_security_assessment|identified|azure_advisor_recommendation
relationships
Added azure_subscription|performed|azure_security_assessment relationships

GoDaddy

Normalize transferProtected to Domain.transferLock and Domain.locked

Google Cloud

Expose boolean public property on google_storage_bucket that determines
whether a storage bucket is public
Added CIS Benchmarks for Google Cloud managed questions:
- Ensure that corporate login credentials are used
- Ensure that there are only GCP-managed service account keys for each service account
- Ensure that Service Account has no Admin privileges
- Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level
- Ensure user-managed/external keys for service accounts are rotated every 90 days or less
- Ensure encryption keys are rotated within a period of 365 days
- Ensure that the default network does not exist in a project
- Ensure that SSH access is restricted from the internet
- Ensure that RDP access is restricted from the Internet
- Ensure that Google Cloud Compute instances are not configured to use the default service account
- Ensure that Cloud Storage bucket is not anonymously or publicly accessible
- Ensure that Cloud Storage buckets have uniform bucket-level access enabled

Google Workspaces

Added google_token - ALLOWS -> Vendor relationships

Qualys

Integration ported to latest SDK, executing across multiple steps, significant improvements on performance and scalability
Updated entity/relationship ingestion to better match the latest
JupiterOne Data Model for Vulnerability Management
Improved API client to handle rate limit response headers
Ingest Account entity and relate to Service entities for VMDR and Web Application Scanner, with portal/service version information in raw data
Ingest Service - SCANS -> Host relationships and Service - IDENTIFIED -> Finding relationships

Community Projects

New nslookup-shodan project that contains an automation script to enrich the domain records mapping in a JupiterOne account.
This enrichment connects DNS records to target hosts, ultimately allowing users to easily identify records pointing to targets
that are outside of their integrated assets (i.e. vendor hosted) and any truely "orphaned" records.

See details in the GitHub repo: https://github.com/JupiterOne/nslookup-shodan

Other Improvements and Bug Fixes

Fixed UI issue with status indicators not lining up with compliance titles.
Resolved an issue with cache token expiration that might require the user to refresh the page while still logged in to the app.
Fixed 502 errors that were happening on Lambda cold start due to gremlin package bug.
Improved scalabiility of the synchronization process.