April 7, 2022
New Features and Improvements
Released two new J1 Insights dashboards:
- The Critical Asset Attack Surface dashboard provides visibility into the attack surface associated with your critical assets that are indirectly connected to the internet or allowing access to everyone.
- GitHub Insights dashboard provides visibility into your GitHub accounts includes user access, developer activity, collaborator details, information on pull requests, and issue summary by repos.
J1 Alerts now allows you to tag assets within a new or existing alerts, including tagging an alert as a critical asset.
If an icon has been added for a vendor within your environment, it now displays in status charts (such as Insights, vendors, and risks in J1Compliance) in various areas of the JupiterOne platform.
J1 Compliance now offers a gaps table for quick, actionable insights into the compliance gaps identified across your environment. The consolidated view of gaps makes working through associated tasks and the impacted assets straightforward, without having to get into other areas of J1 Compliance.
When query questions are deleted, they are now automatically unmapped from J1 Compliance requirements and controls.
The new compliance APIs are officially integrated into the main JupiterOne API endpoint. These APIs expose a graph of your compliance data, including frameworks, evidence, controls, and more. You can perform GraphQL introspection on the JupiterOne API to see all the new available operations.
The includeDeleted property is now supported in alert rule queries. When the includeDeleted value is true, the specific query allows for deleted data to be considered.
Integrations
JAMF
AWS
| Resources |
Entity _type |
Entity _class |
|---|
| AWS SSM Patch Baseline |
aws_patch_baseline |
Configuration |
| AWS SSM Patch Group |
aws_patch_group |
Group |
| AWS SSM Secure String Parameter Metadata |
aws_secure_string_parameter |
Secret |
| AWS SSM Service |
aws_ssm |
Service |
The following relationships are created:
Source Entity _type |
Relationship _class |
Target Entity _type |
|---|
aws_account |
HAS |
aws_ssm |
aws_ssm |
HAS |
aws_patch_baseline |
aws_ssm |
HAS |
aws_patch_group |
aws_ssm |
MANAGES |
aws_secure_string_parameter |
aws_patch_group |
USES |
aws_patch_baseline |
The following mapped relationships are created:
Source Entity _type |
Relationship _class |
Target Entity _type |
Direction |
|---|
aws_patch_group |
USES |
*aws_patch_baseline* |
FORWARD |
Slack
- Resolved an issue that was causing the
mfaEnabled value to be reported incorrectly.
GitHub
- Resolved an issue that was limiting all
github_pullrequest (PR) entities from being ingested when there was a specific error during the execution of the integration.
Orca
The Orca integration is now available for use.
This integration provides the following insights:
- Visualize Orca Security services, groups, and users in the JupiterOne graph.
- Map Orca Security users to employees in your JupiterOne account.
- Monitor changes to Orca Security users using JupiterOne alerts.
The following entities are created:
| Resources |
Entity _type |
Entity _class |
|---|
| Account |
orca_account |
Account |
| Role |
orca_role |
AccessRole |
| User |
orca_user |
User |
| UserGroup |
orca_group |
UserGroup |
The following relationships are created:
Source Entity _type |
Relationship _class |
Target Entity _type |
|---|
orca_account |
HAS |
orca_group |
orca_account |
HAS |
orca_user |
orca_group |
HAS |
orca_user |
orca_user |
ASSIGNED |
orca_role |
Configuring this integration allows you to seamlessly answer the following questions about your Orca environment:
- What users in Orca do I have?
- What groups in Orca do I have?
- Which users belong to which groups in my Orca environment?
- Do I have a user assigned a role that allows them to do too much?
Crowdstrike
- Added the ingestion of Crowdstike vulnerabilities, enabling you to answer this question: Which vulnerabilities can exploit my sensors?
Sentry
- Updated the integration to use auth token authentication instead of OAuth for better support.
Microsoft 365
- Added the
version property to intune_detected_application, enabling you to answer this question: Which versions are my devices using?
Carbon Black
- Added web links to
cbdefense_sensor and cbdefense_alert assets, giving you the ability to go directly into the Carbon Black dashboard to remediate these issues.
Okta
- Added the
supportEnabled and supportExpiresOn property to okta_account so that you can answer this question: Which Okta accounts have support access enabled?
Integration SDK
- Added the ability for users to change the base URL for the synchronization API.
Integration UI
- Added a search bar to the integration instance, enabling you to quickly search within each of your integration instances.
Bug Fixes
- Resolved some issues regarding how deleted questions were managed.
- Fixed a bug where users were prevented from importing rule packs.
- Addressed an issue where controls in J1 Compliance could not be created.
Upcoming Notice
J1 will be pursuing a planned deprecation of the J1 endpoint agent in the coming months. Stay tuned for updates on a replacement.
.png)