Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 2021.83 Release - AskJ1 Community
<main> <article class="userContent"> <p>November 5, 2021</p> <h2 data-id="new-features-and-improvements">New Features and Improvements</h2> <ul><li><p>Assets in the Graph Viewer that have a <em>problem</em> associated with them now have<br> a visual indication and details of the problem in the properties side panel. <img src="https://us.v-cdn.net/6035534/uploads/W83IQG7A9GGM/rn-problems.png" alt="rn_problems" class="embedImage-img importedEmbed-img"></img></p></li> <li><p>The Center for Internet Security (CIS) Controls Version 8 is now available as<br> a standard in the Compliance app with <a rel="nofollow" href="../guides/compliance/compliance-mapping-policies.md">the mapped controls</a> to the default<br> procedures within the Policies app.</p></li> <li><p>You can now set a default layout for the Insights Graph Viewer widget: select either<br> mesh, horizontal tree, or vertical tree layout.</p></li> <li><p>You can now upload screenshots, videos, or other files in <strong>Resources > Report an issue</strong>.</p></li> </ul><h2 data-id="integrations">Integrations</h2> <p>You can now schedule integration job runs for a specific hour of the day or day of<br> the week, depending on your customized polling configuration. This feature prevents<br> J1 from consuming resources around mission-critical activities. Set the optional<br> parameter, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">pollingIntervalCronExpression</code>, using the <a rel="nofollow" href="../docs/jupiterone-api.md">JupiterOne platform API</a> to<br> use this capability.</p> <p>Note: This functionality is not supported in the UI.</p> <h3 data-id="aws">AWS</h3> <p>J1 is no longer adding <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">aws_lambda_function.codeLocation</code> to assets as it does not<br> provide any security insight value and only introduces a potential vulnerability and<br> unnecessary versioning.</p> <p>J1 is removing any AWS secret access keys from properties that are setting them when<br> the integration runs. Current values are now overwritten with the latest values and<br> "REDACTED" appears in the place of the keys.</p> <h3 data-id="azure">Azure</h3> <ul><li>Added support for ingesting the following new resources:</li> </ul><table><thead><tr><th>Resources</th> <th>Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_class</code></th> </tr></thead><tbody><tr><td>Azure Kubernetes Cluster</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">azure_kubernetes_cluster</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Cluster</code></td> </tr><tr><td>Resource Lock</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">azure_resource_lock</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Rule</code></td> </tr><tr><td>Key Vault Key</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">azure_keyvault_key</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Key</code></td> </tr><tr><td>Key Vault Secret</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">azure_keyvault_secret</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Secret</code></td> </tr></tbody></table><ul><li>Added support for ingesting the following new relationships:</li> </ul><table><thead><tr><th>Source Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Relationship <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_class</code></th> <th>Target Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code></th> </tr></thead><tbody><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">azure_resource_group</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">azure_kubernetes_cluster</code></td> </tr><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">azure_resource_lock</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">ANY_SCOPE</code></td> </tr></tbody></table><ul><li>Added new properties to resources:</li> </ul><table><thead><tr><th>Entity</th> <th>Properties</th> </tr></thead><tbody><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">azure_keyvault_service</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">enableSoftDelete</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">enablePurgeProtection</code></td> </tr><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">azure_storage_account</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">tableAnalyticsLoggingReadEnabled</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">tableAnalyticsLoggingWriteEnabled</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">tableAnalyticsLoggingDeleteEnabled</code></td> </tr></tbody></table><ul><li>New questions added to the Questions Library:</li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <ul><li><p>Are all critical resources protected by resource locks?</p></li> <li><p>Are all Key Vaults recoverable?</p></li> <li><p>Is RBAC enabled on all Azure Kubernetes Services Instances?</p></li> </ul></div></blockquote> <h3 data-id="github">GitHub</h3> <ul><li>When a JupiterOne GitHub application installation does not have permission to<br> fetch two-factor authentication information for <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">github_user</code>s, the <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">github_user</code><br><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">mfaEnabled</code> property is now assigned <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">undefined</code> instead of <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">false</code>.</li> </ul><h3 data-id="knowbe4">Knowbe4</h3> <ul><li>Added support for ingesting the following new resources:</li> </ul><table><thead><tr><th>Resources</th> <th>Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_class</code></th> </tr></thead><tbody><tr><td>KnowBe4 Phishing Campaign</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">knowbe4_phishing_campaign</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Training</code></td> </tr><tr><td>KnowBe4 Phishing Security Test</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">knowbe4_phishing_security_test</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Assessment</code></td> </tr></tbody></table><ul><li>Added support for ingesting the following new relationships:</li> </ul><table><thead><tr><th>Source Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Relationship <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_class</code></th> <th>Target Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code></th> </tr></thead><tbody><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">knowbe4_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">knowbe4_phishing_campaign</code></td> </tr><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">knowbe4_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">training_campaign</code></td> </tr><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">knowbe4_phishing_campaign</code></td> <td><strong>CONTAINS</strong></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">knowbe4_phishing_security_test</code></td> </tr></tbody></table><h3 data-id="kubernetes">Kubernetes</h3> <ul><li>Added support for ingesting the following new resources:</li> </ul><table><thead><tr><th>Resources</th> <th>Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_class</code></th> </tr></thead><tbody><tr><td>Kubernetes Cluster</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_cluster</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Cluster</code></td> </tr><tr><td>KnowBe4 Phishing Security Test</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">knowbe4_phishing_security_test</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Assessment</code></td> </tr><tr><td>Kubernetes Container Spec</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_container_spec</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Configuration</code></td> </tr><tr><td>Kubernetes Pod Security Policy (PSP)</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_pod_security_policy</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Configuration</code></td> </tr><tr><td>Kubernetes Network Policy</td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_network_policy</code></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Configuration</code></td> </tr></tbody></table><ul><li>Added support for ingesting the following new relationships:</li> </ul><table><thead><tr><th>Source Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Relationship <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_class</code></th> <th>Target Entity <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">_type</code></th> </tr></thead><tbody><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_cluster</code></td> <td><strong>CONTAINS</strong></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_namespace</code></td> </tr><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_deployment</code></td> <td><strong>USES</strong></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_container_spec</code></td> </tr><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_cluster</code></td> <td><strong>CONTAINS</strong></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_pod_security_policy</code></td> </tr><tr><td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_namespace</code></td> <td><strong>CONTAINS</strong></td> <td><code class="code codeInline code codeInline" spellcheck="false" tabindex="0">kube_network_policy</code></td> </tr></tbody></table><ul><li>New questions added to the Questions Library:</li> </ul><blockquote class="UserQuote blockquote"><div class="QuoteText blockquote-content"> <ul><li><p>Which Kubernetes container specs admit containers to run in privileged mode?</p></li> <li><p>Which Kubernetes containers are permitted to run as the root user?</p></li> <li><p>Which Kubernetes Pod Security Policies (PSP) admit privileged containers?</p></li> <li><p>Which Kubernetes Pod Security Policies (PSP) admit containers to share the host process ID namespace?</p></li> <li><p>Which Kubernetes Pod Security Policies (PSP) admit containers to share the host IPC namespace?</p></li> <li><p>Which Kubernetes Pod Security Policies (PSP) admit containers to share the host network namespace?</p></li> <li><p>Which Kubernetes Pod Security Policies (PSP) admit containers to escalate privileges?</p></li> <li><p>Which Kubernetes Pod Security Policies (PSP) admit containers with the NET_RAW capability?</p></li> <li><p>Which Kubernetes Pod Security Policies (PSP) admit containers with the added capabilities?</p></li> <li><p>Which Kubernetes namespaces do not have network policies defined?</p></li> </ul></div></blockquote> <h3 data-id="qualys">Qualys</h3> <ul><li><p>You can now enable or disable Qualys web application scan ingestion based on the integration configuration.<br> Toggle the new Ingest Web App Scans integration configuration option from the JupiterOne <a rel="nofollow" href="https://jupiterone.vanillacommunities.com/kb/articles/1017-qualys-integration-with-jupiterone">Qualys integration</a> configuration page.</p></li> <li><p>JupiterOne now fetches Qualys findings (<code class="code codeInline code codeInline" spellcheck="false" tabindex="0">qualys_host_finding</code>) with the Fixed status.</p></li> <li><p>The status filter for host detections is changed to explicitly request and ingest any 'New', 'Fixed', 'Active',<br> and 'Re-Opened' statuses. By default, 'Fixed' detections are not returned from Qualys unless explicitly specified.<br> This feature allows you to view the graph detections that are 'Fixed' and to track the changes to detections of any status.</p></li> </ul> </article> </main>