Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 23 March 2022 Release - AskJ1 Community
<main> <article class="userContent"> <h2 data-id="march-23-2022">March 23, 2022</h2> <h2 data-id="new-features-and-improvements">New Features and Improvements</h2> <ul><li>If Compliance frameworks and controls are configured before instituting Policies and Procedures, controls are now automatically mapped back to corresponding procedures within Policies.</li> <li>The last evaluation date for frameworks within Compliance is now displayed, both at the framework level, and the requirement level.</li> <li>Failed evaluations of frameworks in Compliance now display a message, calling attention to the frameworks that failed.</li> </ul><h2 data-id="integrations">Integrations</h2> <h3 data-id="azure">Azure</h3> <ul><li>Fixed an issue with the relationships being created between <code class="code codeInline" spellcheck="false" tabindex="0">azure_subnet</code> and <code class="code codeInline" spellcheck="false" tabindex="0">azure_vm</code> entities that was causing duplicate key errors.</li> </ul><h3 data-id="google-cloud">Google Cloud</h3> <ul><li><p>Updated several dependencies in the data ingestion steps so that more steps complete successfully when an integration job executes:</p> <ul><li>Decoupled the <code class="code codeInline" spellcheck="false" tabindex="0">fetch-compute-region-disks</code> step from KMS keys dependencies. This change allows the Region Disks step to execute successfully even if KMS keys steps are disabled.</li> <li>Decoupled the <code class="code codeInline" spellcheck="false" tabindex="0">fetch-memcache-instances</code> step from compute network dependencies. This change allows the Memcache Instances step to execute successfully even if the compute network steps are disabled.</li> <li>Decoupled the <code class="code codeInline" spellcheck="false" tabindex="0">fetch-dataproc-clusters</code> step from KMS keys dependencies. This change allows the Compute Dataproc Clusters step to execute successfully even if the KMS keys steps are disabled.</li> <li>Decoupled the <code class="code codeInline" spellcheck="false" tabindex="0">fetch-pubsub-topics</code> step from KMS keys dependencies. This change allows the PubSub Topics step to execute successfully even if the KMS keys steps are disabled.</li> <li>Decoupled the <code class="code codeInline" spellcheck="false" tabindex="0">fetch-redis-instances</code> step from compute network dependencies. This change allows the Redis Instances step to execute successfully even if the compute network steps are disabled.</li> <li>Decoupled the <code class="code codeInline" spellcheck="false" tabindex="0">fetch-app-engine-application</code> step from storage dependencies. This change allows the App Engine Applications step to execute successfully even if the storage steps are disabled.</li> <li>Decoupled the <code class="code codeInline" spellcheck="false" tabindex="0">fetch-compute-backend-buckets</code> step from storage dependencies. This change allows the Compute Backend Buckets step to execute successfully even if storage steps are disabled.</li> <li>Decoupled the <code class="code codeInline" spellcheck="false" tabindex="0">fetch-private-ca-certificate-authorities</code> step from storage dependencies. This change allows the CA Certificate Authorities step to execute successfully even if the storage steps are disabled.</li> <li>Decoupled the <code class="code codeInline" spellcheck="false" tabindex="0">fetch-compute-images</code> step from KMS keys dependencies. This change allows the Compute Images step to execute successfully even if the KMS keys steps are disabled.</li> <li>Decoupled the <code class="code codeInline" spellcheck="false" tabindex="0">fetch-logging-project-sinks</code> step from storage dependencies. This change allows the Logging Project Sinks step to execute successfully even if the storage steps are disabled.</li> </ul></li> <li><p>Improved the accuracy of the boolean <code class="code codeInline" spellcheck="false" tabindex="0">google_storage_bucket.public</code> property by factoring in the project’s <code class="code codeInline" spellcheck="false" tabindex="0">storage.publicAccessPrevention</code> policy (see <a rel="nofollow" href="https://cloud.google.com/storage/docs/public-access-prevention">https://cloud.google.com/storage/docs/public-access-prevention</a>).</p> <ul><li><strong>Note:</strong> this change requires an additional permission, <code class="code codeInline" spellcheck="false" tabindex="0">orgpolicy.policies.get</code>, to be added to your custom access role.</li> </ul></li> </ul><h3 data-id="jira">Jira</h3> <ul><li>Removed the raw data from the <code class="code codeInline" spellcheck="false" tabindex="0">jira_issue</code> entity to prevent ingestion failures.</li> </ul><h3 data-id="jupiterone">JupiterOne</h3> <ul><li>The JupiterOne integration now ingests <code class="code codeInline" spellcheck="false" tabindex="0">jupiterone_api_token</code> entities. The properties include <code class="code codeInline" spellcheck="false" tabindex="0">displayName</code>, <code class="code codeInline" spellcheck="false" tabindex="0">createdOn</code>, and <code class="code codeInline" spellcheck="false" tabindex="0">expiresOn</code>.</li> </ul><h3 data-id="knowbe4">KnowBe4</h3> <ul><li>Added support for Canadian accounts. The integration now allows for <code class="code codeInline" spellcheck="false" tabindex="0">us</code>, <code class="code codeInline" spellcheck="false" tabindex="0">eu</code>, and <code class="code codeInline" spellcheck="false" tabindex="0">ca</code> accounts.</li> </ul><h3 data-id="microsoft-365">Microsoft 365</h3> <ul><li>Entities that are produced by the Microsoft 365 integration that meet the following criteria, will have their _type value renamed to user_endpoint: <ul><li>The entity currently has the _type value of smartphone</li> <li>The entity has a deviceType property with the value windowsRT</li> </ul></li> </ul><p><strong>Note:</strong> Devices that run Windows RT can technically be smartphones, tablets, laptops, etc. Windows RT is traditionally a mobile operating system, but can run on multiple different device types. This makes it difficult to reliably determine the actual real-world device type (e.g. smartphone) on the JupiterOne entity.</p> <ul><li>Removed raw data from the following entities: <ul><li>Detected Application entity</li> <li>Compliance Policy entity</li> </ul></li> </ul><h3 data-id="salesforce">Salesforce</h3> <ul><li>Added the <code class="code codeInline" spellcheck="false" tabindex="0">active</code> and <code class="code codeInline" spellcheck="false" tabindex="0">userType</code> properties to the <code class="code codeInline" spellcheck="false" tabindex="0">salesforce_user</code> entity.</li> </ul><h3 data-id="splunk">Splunk</h3> <ul><li>Released version 1.3 of the <a rel="nofollow" href="https://splunkbase.splunk.com/app/6138/">JupiterOne Add-on on Splunkbase</a>. This release adds a Custom Command, allowing Splunk users to execute a J1QL query and display the response in Splunk.</li> </ul><h3 data-id="veracode">Veracode</h3> <p>The Veracode integration was rewritten to take advantage of the latest Veracode APIs and to use the current <a rel="nofollow" href="https://github.com/JupiterOne/integration-template">JupiterOne Integration SDK</a>.</p> <p>The following entities are ingested:</p> <table><thead><tr><th>Veracode Entity Resource</th> <th>Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Entity <code class="code codeInline" spellcheck="false" tabindex="0">_class</code></th> </tr></thead><tbody><tr><td>Account</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_account</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Account</code></td> </tr><tr><td>Scan Type</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_scan</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Service</code></td> </tr><tr><td>CWE</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">cwe</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Weakness</code></td> </tr><tr><td>Vulnerability</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_vulnerability</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Vulnerability</code></td> </tr><tr><td>Finding</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_finding</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Finding</code></td> </tr></tbody></table><p>The following relationships are created:</p> <table><thead><tr><th>From</th> <th>Type</th> <th>To</th> </tr></thead><tbody><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_scan</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_scan</code></td> <td><strong>IDENTIFIED</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_vulnerability</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_vulnerability</code></td> <td><strong>EXPLOITS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">cwe</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_finding</code></td> <td><strong>IS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_vulnerability</code></td> </tr></tbody></table><p>The following mapped relationships are created:</p> <table><thead><tr><th>From</th> <th>Type</th> <th>To</th> </tr></thead><tbody><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">CodeRepo/Project/Application</code></td> <td><strong>HAS/HAD</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">veracode_finding</code> <strong>Note:</strong> This is mapped automatically only when the name of the Veracode Application the finding belongs to matches the name of a CodeRepo/Project/Application in JupiterOne.</td> </tr></tbody></table> </article> </main>