Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne 7 April 2022 Release - AskJ1 Community
<main> <article class="userContent"> <h2 data-id="april-7-2022">April 7, 2022</h2> <h2 data-id="new-features-and-improvements">New Features and Improvements</h2> <ul><li><p>Released two new J1 Insights dashboards:</p> <ul><li>The Critical Asset Attack Surface dashboard provides visibility into the attack surface associated with your critical assets that are indirectly connected to the internet or allowing access to everyone.</li> <li>GitHub Insights dashboard provides visibility into your GitHub accounts includes user access, developer activity, collaborator details, information on pull requests, and issue summary by repos.</li> </ul></li> <li><p>J1 Alerts now allows you to tag assets within a new or existing alerts, including tagging an alert as a <code class="code codeInline" spellcheck="false" tabindex="0">critical asset</code>.</p></li> <li><p>If an icon has been added for a vendor within your environment, it now displays in status charts (such as Insights, vendors, and risks in J1Compliance) in various areas of the JupiterOne platform.</p></li> <li><p>J1 Compliance now offers a gaps table for quick, actionable insights into the compliance gaps identified across your environment. The consolidated view of gaps makes working through associated tasks and the impacted assets straightforward, without having to get into other areas of J1 Compliance.</p></li> <li><p>When query questions are deleted, they are now automatically unmapped from J1 Compliance requirements and controls.</p></li> <li><p>The new compliance APIs are officially integrated into the main JupiterOne API endpoint. These APIs expose a graph of your compliance data, including frameworks, evidence, controls, and more. You can perform GraphQL introspection on the JupiterOne API to see all the new available operations.</p></li> <li><p>The <code class="code codeInline" spellcheck="false" tabindex="0">includeDeleted</code> property is now supported in alert rule queries. When the <code class="code codeInline" spellcheck="false" tabindex="0">includeDeleted</code> value is true, the specific query allows for deleted data to be considered.</p> <p></p></li> </ul><h2 data-id="integrations">Integrations</h2> <h3 data-id="jamf">JAMF</h3> <ul><li>Added the <code class="code codeInline" spellcheck="false" tabindex="0">deviceId</code> property to <code class="code codeInline" spellcheck="false" tabindex="0">user_endpoint</code> (<code class="code codeInline" spellcheck="false" tabindex="0">Host</code> | <code class="code codeInline" spellcheck="false" tabindex="0">Device</code>) and <code class="code codeInline" spellcheck="false" tabindex="0">mobile_device</code> (<code class="code codeInline" spellcheck="false" tabindex="0">Device</code>) assets, enabling you to answer this question: <a rel="nofollow" href="https://ask.us.jupiterone.io/question/fdcdd4efcb5b914808d87ab0939f9748efb188a6?integrations=sentinelone&tagFilter=all">Which user devices do not have SentinelOne agent installed?</a></li> </ul><h3 data-id="aws">AWS</h3> <ul><li><p>Added OpenID Connect providers, enabling you to answer this question: <a rel="nofollow" href="https://ask.us.jupiterone.io/question/a886fe001e96eafe9aec6c288a656d6125ec8e21?search=what%20ope&tagFilter=all">What OpenID Connect providers does my AWS account have?</a></p></li> <li><p>Implemented new SSM entities and relationships:</p> <p>The following entities are created:</p></li> </ul><table><thead><tr><th>Resources</th> <th>Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Entity <code class="code codeInline" spellcheck="false" tabindex="0">_class</code></th> </tr></thead><tbody><tr><td>AWS SSM Patch Baseline</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">aws_patch_baseline</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Configuration</code></td> </tr><tr><td>AWS SSM Patch Group</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">aws_patch_group</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Group</code></td> </tr><tr><td>AWS SSM Secure String Parameter Metadata</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">aws_secure_string_parameter</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Secret</code></td> </tr><tr><td>AWS SSM Service</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">aws_ssm</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Service</code></td> </tr></tbody></table><p>The following relationships are created:</p> <table><thead><tr><th>Source Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Relationship <code class="code codeInline" spellcheck="false" tabindex="0">_class</code></th> <th>Target Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> </tr></thead><tbody><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">aws_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">aws_ssm</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">aws_ssm</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">aws_patch_baseline</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">aws_ssm</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">aws_patch_group</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">aws_ssm</code></td> <td><strong>MANAGES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">aws_secure_string_parameter</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">aws_patch_group</code></td> <td><strong>USES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">aws_patch_baseline</code></td> </tr></tbody></table><p>The following mapped relationships are created:</p> <table><thead><tr><th>Source Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Relationship <code class="code codeInline" spellcheck="false" tabindex="0">_class</code></th> <th>Target Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Direction</th> </tr></thead><tbody><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">aws_patch_group</code></td> <td><strong>USES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">*aws_patch_baseline*</code></td> <td>FORWARD</td> </tr></tbody></table><p><img src="https://us.v-cdn.net/6035534/uploads/0CITPDPBZLNW/aws-ssm-model.png" alt="" class="embedImage-img importedEmbed-img"></img></p> <h3 data-id="slack">Slack</h3> <ul><li>Resolved an issue that was causing the <code class="code codeInline" spellcheck="false" tabindex="0">mfaEnabled</code> value to be reported incorrectly.</li> </ul><h3 data-id="github">GitHub</h3> <ul><li>Resolved an issue that was limiting all <code class="code codeInline" spellcheck="false" tabindex="0">github_pullrequest</code> (<code class="code codeInline" spellcheck="false" tabindex="0">PR</code>) entities from being ingested when there was a specific error during the execution of the integration.</li> </ul><h3 data-id="orca">Orca</h3> <p>The <a rel="nofollow" href="https://orcasecurity.io/">Orca</a> integration is now available for use.</p> <p>This integration provides the following insights:</p> <ul><li>Visualize Orca Security services, groups, and users in the JupiterOne graph.</li> <li>Map Orca Security users to employees in your JupiterOne account.</li> <li>Monitor changes to Orca Security users using JupiterOne alerts.</li> </ul><p>The following entities are created:</p> <table><thead><tr><th>Resources</th> <th>Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Entity <code class="code codeInline" spellcheck="false" tabindex="0">_class</code></th> </tr></thead><tbody><tr><td>Account</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">orca_account</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Account</code></td> </tr><tr><td>Role</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">orca_role</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">AccessRole</code></td> </tr><tr><td>User</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">orca_user</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">User</code></td> </tr><tr><td>UserGroup</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">orca_group</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">UserGroup</code></td> </tr></tbody></table><p>The following relationships are created:</p> <table><thead><tr><th>Source Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Relationship <code class="code codeInline" spellcheck="false" tabindex="0">_class</code></th> <th>Target Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> </tr></thead><tbody><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">orca_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">orca_group</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">orca_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">orca_user</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">orca_group</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">orca_user</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">orca_user</code></td> <td><strong>ASSIGNED</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">orca_role</code></td> </tr></tbody></table><p>Configuring this integration allows you to seamlessly answer the following questions about your Orca environment:</p> <ul><li>What users in Orca do I have?</li> <li>What groups in Orca do I have?</li> <li>Which users belong to which groups in my Orca environment?</li> <li>Do I have a user assigned a role that allows them to do too much?</li> </ul><h3 data-id="crowdstrike">Crowdstrike</h3> <ul><li>Added the ingestion of Crowdstike vulnerabilities, enabling you to answer this question: Which vulnerabilities can exploit my sensors?</li> </ul><h3 data-id="sentry">Sentry</h3> <ul><li>Updated the integration to use auth token authentication instead of OAuth for better support.</li> </ul><h3 data-id="microsoft-365">Microsoft 365</h3> <ul><li>Added the <code class="code codeInline" spellcheck="false" tabindex="0">version</code> property to <code class="code codeInline" spellcheck="false" tabindex="0">intune_detected_application</code>, enabling you to answer this question: Which versions are my devices using?</li> </ul><h3 data-id="carbon-black">Carbon Black</h3> <ul><li>Added web links to <code class="code codeInline" spellcheck="false" tabindex="0">cbdefense_sensor</code> and <code class="code codeInline" spellcheck="false" tabindex="0">cbdefense_alert</code> assets, giving you the ability to go directly into the Carbon Black dashboard to remediate these issues.</li> </ul><h3 data-id="okta">Okta</h3> <ul><li>Added the <code class="code codeInline" spellcheck="false" tabindex="0">supportEnabled</code> and <code class="code codeInline" spellcheck="false" tabindex="0">supportExpiresOn</code> property to <code class="code codeInline" spellcheck="false" tabindex="0">okta_account</code> so that you can answer this question: Which Okta accounts have support access enabled?</li> </ul><h3 data-id="integration-sdk">Integration SDK</h3> <ul><li>Added the ability for users to change the base URL for the synchronization API.</li> </ul><h3 data-id="integration-ui">Integration UI</h3> <ul><li>Added a search bar to the integration instance, enabling you to quickly search within each of your integration instances.</li> </ul><h2 data-id="bug-fixes">Bug Fixes</h2> <ul><li>Resolved some issues regarding how deleted questions were managed.</li> <li>Fixed a bug where users were prevented from importing rule packs.</li> <li>Addressed an issue where controls in J1 Compliance could not be created.</li> </ul><h2 data-id="upcoming-notice">Upcoming Notice</h2> <p>J1 will be pursuing a planned deprecation of the J1 endpoint agent in the coming months. Stay tuned for updates on a replacement.</p> </article> </main>