You can use Postman with the JupiterOne API to import and export data. The following are examples of requests you can make after you have exported your J1 data such as saved queries to Postman.
{
"info": {
"_postman_id": "450bcc28-7b47-4190-aefd-79144b3ce4b8",
"name": "JupiterOne Public GraphQL",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
"_exporter_id": "17496224"
},
"item": [
{
"name": "J1QL",
"item": [
{
"name": "J1QL Example",
"request": {
"auth": {
"type": "bearer"
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"description": "API Token can be created using these instructions: https://support.jupiterone.io/hc/en-us/articles/360025989253-Enable-API-Key-Access",
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"description": "Account ID can be found under Account Management view under Settings.",
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "query J1QL(\n $query: String!\n $cursor: String\n $variables: JSON\n $dryRun: Boolean\n $remember: Boolean\n $includeDeleted: Boolean\n $flags: QueryV1Flags\n ) {\n queryV1(\n query: $query\n variables: $variables\n dryRun: $dryRun\n remember: $remember\n includeDeleted: $includeDeleted\n flags: $flags\n cursor: $cursor\n ) {\n type\n data\n cursor\n }\n }",
"variables": "{\n \"query\": \"find User\",\n \"includeDeleted\": false,\n \"flags\":{\"variableResultSize\":true},\n \"cursor\":\"\"\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"response": [
{
"name": "J1QL Example",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"description": "API Token can be created using these instructions: https://support.jupiterone.io/hc/en-us/articles/360025989253-Enable-API-Key-Access",
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"description": "Account ID can be found under Account Management view under Settings.",
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "query J1QL(\n $query: String!\n $cursor: String\n $variables: JSON\n $dryRun: Boolean\n $remember: Boolean\n $includeDeleted: Boolean\n $flags: QueryV1Flags\n ) {\n queryV1(\n query: $query\n variables: $variables\n dryRun: $dryRun\n remember: $remember\n includeDeleted: $includeDeleted\n flags: $flags\n cursor: $cursor\n ) {\n type\n data\n cursor\n }\n }",
"variables": "{\n \"query\": \"find User with displayName ^= \\\"Erkang\\\"\",\n \"includeDeleted\": false,\n \"flags\":{\"variableResultSize\":true},\n \"cursor\":\"\"\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Date",
"value": "Tue, 14 Mar 2023 14:39:13 GMT"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "16976"
},
{
"key": "Connection",
"value": "keep-alive"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
},
{
"key": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"key": "Expect-CT",
"value": "max-age=0"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=15552000; includeSubDomains"
},
{
"key": "X-Download-Options",
"value": "noopen"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Origin-Agent-Cluster",
"value": "?1"
},
{
"key": "X-Permitted-Cross-Domain-Policies",
"value": "none"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "vary",
"value": "Origin"
},
{
"key": "access-control-allow-credentials",
"value": "true"
},
{
"key": "ratelimit-limit",
"value": "1000"
},
{
"key": "ratelimit-remaining",
"value": "999"
},
{
"key": "ratelimit-reset",
"value": "1"
},
{
"key": "ratelimit-requested",
"value": "1"
}
],
"cookie": [],
"body": "{\n \"data\": {\n \"queryV1\": {\n \"type\": \"list\",\n \"data\": [\n {\n \"id\": \"9eb63c13-a5d0-3a43-cd3b-e76b61873746\",\n \"entity\": {\n \"_integrationDefinitionId\": \"0d497d9e-c4ff-4fbf-b8c3-056990218f84\",\n \"_integrationName\": \"bitbucket-lifeomic\",\n \"_beginOn\": \"2020-04-03T01:03:44.098Z\",\n \"displayName\": \"Erkang Zheng\",\n \"_class\": [\n \"User\"\n ],\n \"_version\": 2,\n \"_integrationClass\": [\n \"ITS\",\n \"SCM\",\n \"VCS\",\n \"VersionControl\"\n ],\n \"_accountId\": \"j1dev\",\n \"_id\": \"280a3ace-0c68-4c62-b619-c7ed410cf655\",\n \"_key\": \"{14d17a6c-f0fd-4d1d-a8d2-b143354a2995}\",\n \"_type\": [\n \"bitbucket_user\"\n ],\n \"_deleted\": false,\n \"_rawDataHashes\": \"eyJkZWZhdWx0Ijoidml5Q2IrMVVSQzhTTGhPS2lKMk9NNi9ZUGFOcEpmRjlOeFdNbjRHbmtRbz0ifQ==\",\n \"_integrationInstanceId\": \"eff34852-e021-42c6-a68d-a6e0f93d1484\",\n \"_integrationType\": \"bitbucket\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2019-08-09T20:50:12.173Z\"\n },\n \"properties\": {\n \"tag.AccountName\": \"bitbucket-lifeomic\",\n \"name\": \"Erkang Zheng\",\n \"nickname\": \"Erkang Zheng\"\n }\n },\n {\n \"id\": \"c8b71232-4897-a0a5-7c94-10a77be7aab8\",\n \"entity\": {\n \"_integrationDefinitionId\": \"155e9e67-3612-44bb-842c-5265a9035345\",\n \"_integrationName\": \"jira/infosec\",\n \"_beginOn\": \"2021-01-16T08:19:53.527Z\",\n \"displayName\": \"Erkang Zheng\",\n \"_class\": [\n \"User\"\n ],\n \"_version\": 4,\n \"_integrationClass\": [\n \"Collaboration\",\n \"ITS\",\n \"Ticketing\",\n \"Workflow\"\n ],\n \"_accountId\": \"j1dev\",\n \"_id\": \"a1542a07-5568-4588-82c2-f6c4da3010bd\",\n \"_key\": \"jira_user_557058:c1f2ea6e-5675-456e-a9ec-b37a43aaeeb5\",\n \"_type\": [\n \"jira_user\"\n ],\n \"_deleted\": false,\n \"_rawDataHashes\": \"eyJkZWZhdWx0IjoiektPSDJRWFIxZWlDeW5iWnR3ZmRwZ0hjK2c5OG9pZlEzek9Ldmp0ZGNpUT0ifQ==\",\n \"_integrationInstanceId\": \"e58b2b4a-2f00-4e35-9f2e-6d68179eb816\",\n \"_integrationType\": \"jira\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2019-11-01T00:36:28.649Z\"\n },\n \"properties\": {\n \"accountType\": \"atlassian\",\n \"id\": \"557058:c1f2ea6e-5675-456e-a9ec-b37a43aaeeb5\",\n \"self\": \"https://lifeomic.atlassian.net/rest/api/3/user?accountId=557058:c1f2ea6e-5675-456e-a9ec-b37a43aaeeb5\",\n \"email\": \"erkang.zheng@lifeomic.com\",\n \"timeZone\": \"America/New_York\",\n \"active\": true,\n \"tag.AccountName\": \"jira/infosec\"\n }\n },\n {\n \"id\": \"e0b78d41-6a7c-85c8-0c65-1995b6e2275a\",\n \"entity\": {\n \"_integrationDefinitionId\": \"d045effa-2bed-462e-8208-7503f708afb3\",\n \"_integrationName\": \"O365\",\n \"_beginOn\": \"2021-01-16T07:39:41.393Z\",\n \"displayName\": \"Erkang Zheng\",\n \"_class\": [\n \"User\"\n ],\n \"_version\": 2,\n \"_integrationClass\": \"CSP\",\n \"_accountId\": \"j1dev\",\n \"_id\": \"b6ddf519-6a01-45e7-a243-e65e1b74ae14\",\n \"_key\": \"azure_user_b8c27ca7-e7ef-416b-91fb-71ed2db18cfc\",\n \"_type\": [\n \"azure_user\"\n ],\n \"_deleted\": false,\n \"_integrationInstanceId\": \"043e6032-3c50-4c74-b5b4-f1dec28f0b67\",\n \"_integrationType\": \"azure\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2019-12-18T19:36:10.543Z\"\n },\n \"properties\": {\n \"tag.AccountName\": \"O365\",\n \"mail\": \"erkang.zheng@lifeomic.com\",\n \"jobTitle\": \"CISO\",\n \"surname\": \"Zheng\",\n \"id\": \"b8c27ca7-e7ef-416b-91fb-71ed2db18cfc\",\n \"userPrincipalName\": \"erkang.zheng@lifeomic.com\",\n \"givenName\": \"Erkang\",\n \"mobilePhone\": \"9195228915\"\n }\n },\n {\n \"id\": \"0aba2d19-1adc-3480-b3ae-c1bf34edc21d\",\n \"entity\": {\n \"_integrationDefinitionId\": \"d045effa-2bed-462e-8208-7503f708afb3\",\n \"_integrationName\": \"graph-azure\",\n \"_beginOn\": \"2020-09-04T17:37:00.306Z\",\n \"displayName\": \"Erkang Zheng\",\n \"_class\": [\n \"User\"\n ],\n \"_version\": 1,\n \"_integrationClass\": \"CSP\",\n \"_accountId\": \"j1dev\",\n \"_id\": \"e75bb07b-867b-4b48-9e8d-6060145ac7f1\",\n \"_key\": \"894a1974-e9fa-4bcc-a560-91b58d1a224f\",\n \"_type\": [\n \"azure_user\"\n ],\n \"_deleted\": false,\n \"_integrationInstanceId\": \"804e9b05-de36-4166-aac0-9c474aabfaa5\",\n \"_integrationType\": \"azure\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2020-09-04T17:37:00.306Z\"\n },\n \"properties\": {\n \"id\": \"894a1974-e9fa-4bcc-a560-91b58d1a224f\",\n \"givenName\": \"Erkang\",\n \"mail\": \"erkang@gmail.com\",\n \"surname\": \"Zheng\",\n \"userPrincipalName\": \"erkang_gmail.com#EXT#@adamjupiteronehotmailcom.onmicrosoft.com\",\n \"name\": \"Erkang Zheng\",\n \"email\": \"erkang@gmail.com\",\n \"firstName\": \"Erkang\",\n \"lastName\": \"Zheng\",\n \"username\": \"erkang_gmail.com#EXT#@adamjupiteronehotmailcom.onmicrosoft.com\",\n \"tag.AccountName\": \"graph-azure\"\n }\n },\n {\n \"id\": \"8a778b1f-78d6-4e65-88df-253df5002ae3\",\n \"entity\": {\n \"_key\": \"slack-user:team_T0129SR43DL:user_U012GJWNFR8\",\n \"_type\": [\n \"slack_user\"\n ],\n \"_class\": [\n \"User\"\n ],\n \"displayName\": \"Erkang\",\n \"_integrationType\": \"slack\",\n \"_integrationDefinitionId\": \"e770f533-4e49-40e0-8fd7-75bbb79dd824\",\n \"_integrationName\": \"jptrone.slack.com\",\n \"_beginOn\": \"2023-03-13T21:56:57.802Z\",\n \"_version\": 5183,\n \"_accountId\": \"j1dev\",\n \"_id\": \"bb625357-119b-4937-9b4d-d88f304d0e54\",\n \"_deleted\": false,\n \"_integrationInstanceId\": \"ba19a94f-211a-4f5d-9a20-6ef661f583c2\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2021-01-19T21:17:12.626Z\"\n },\n \"properties\": {\n \"id\": \"U012GJWNFR8\",\n \"name\": \"erkang.zheng\",\n \"userId\": \"U012GJWNFR8\",\n \"username\": \"erkang.zheng\",\n \"realName\": \"Erkang Zheng\",\n \"email\": \"erkang.zheng@jupiterone.com\",\n \"emailDomain\": \"jupiterone.com\",\n \"bot\": false,\n \"appUser\": false,\n \"admin\": true,\n \"teamAdmin\": true,\n \"teamOwner\": true,\n \"primaryTeamOwner\": true,\n \"restricted\": false,\n \"ultraRestricted\": false,\n \"active\": true,\n \"updatedOn\": \"2023-03-13T21:20:24.000Z\",\n \"userType\": \"owner\",\n \"tag.Production\": true,\n \"tag.AccountName\": \"jptrone.slack.com\",\n \"tags\": \"Production\"\n }\n },\n {\n \"id\": \"c6b77294-a169-4c96-b79f-ebe64e9ea97f\",\n \"entity\": {\n \"_integrationDefinitionId\": \"8ca1addd-cf80-44c6-8127-bd31c9b43ded\",\n \"_integrationName\": \"Adam's Default Tenant\",\n \"_beginOn\": \"2021-02-09T17:58:54.421Z\",\n \"displayName\": \"Erkang Zheng\",\n \"_class\": [\n \"User\"\n ],\n \"_version\": 1,\n \"_accountId\": \"j1dev\",\n \"_id\": \"a069d4a5-b879-4b9b-8b2d-93dac574328c\",\n \"_key\": \"894a1974-e9fa-4bcc-a560-91b58d1a224f\",\n \"_type\": [\n \"microsoft_365_user\"\n ],\n \"_deleted\": false,\n \"_integrationInstanceId\": \"ba3973a3-d5dc-4c0b-b70d-3bce1ee4c227\",\n \"_integrationType\": \"microsoft-365\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2021-02-09T17:58:54.421Z\"\n },\n \"properties\": {\n \"id\": \"894a1974-e9fa-4bcc-a560-91b58d1a224f\",\n \"name\": \"Erkang Zheng\",\n \"username\": \"erkang_gmail.com#EXT#@adamjupiteronehotmailcom.onmicrosoft.com\",\n \"givenName\": \"Erkang\",\n \"firstName\": \"Erkang\",\n \"email\": \"erkang@gmail.com\",\n \"mail\": \"erkang@gmail.com\",\n \"surname\": \"Zheng\",\n \"lastName\": \"Zheng\",\n \"userPrincipalName\": \"erkang_gmail.com#EXT#@adamjupiteronehotmailcom.onmicrosoft.com\",\n \"tag.AccountName\": \"Adam's Default Tenant\"\n }\n },\n {\n \"id\": \"6dd5cdf3-9da1-465d-91f9-ed1b8af207ff\",\n \"entity\": {\n \"_integrationDefinitionId\": \"155e9e67-3612-44bb-842c-5265a9035345\",\n \"_integrationName\": \"jupiterone.atlassian.net\",\n \"_beginOn\": \"2021-03-17T07:09:05.217Z\",\n \"displayName\": \"Erkang Zheng\",\n \"_class\": [\n \"User\"\n ],\n \"_version\": 1,\n \"_integrationClass\": [\n \"Collaboration\",\n \"ITS\",\n \"Ticketing\",\n \"Workflow\"\n ],\n \"_accountId\": \"j1dev\",\n \"_id\": \"702cfbb8-2a9c-4c2d-afb6-b729bace8238\",\n \"_key\": \"jira_user_5f29cd2cc1b9f4001cbe087c\",\n \"_type\": [\n \"jira_user\"\n ],\n \"_deleted\": false,\n \"_rawDataHashes\": \"eyJkZWZhdWx0IjoiLzBjQ1NvS0ZqNGRHN1M2NzJyeVNSSUFxMjRJRDhERW0xNFZVdWdiRzljWT0ifQ==\",\n \"_integrationInstanceId\": \"52caa14b-9c6f-4d37-af99-9a10ce37ee51\",\n \"_integrationType\": \"jira\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2021-03-17T07:09:05.217Z\"\n },\n \"properties\": {\n \"id\": \"5f29cd2cc1b9f4001cbe087c\",\n \"self\": \"https://jupiterone.atlassian.net/rest/api/3/user?accountId=5f29cd2cc1b9f4001cbe087c\",\n \"active\": true,\n \"accountType\": \"atlassian\",\n \"tag.AccountName\": \"jupiterone.atlassian.net\"\n }\n },\n {\n \"id\": \"535f642f-bf57-47ab-a601-f4b08d5be345\",\n \"entity\": {\n \"_integrationDefinitionId\": \"0d497d9e-c4ff-4fbf-b8c3-056990218f84\",\n \"_integrationName\": \"JupiterOne\",\n \"_beginOn\": \"2021-06-02T15:41:51.508Z\",\n \"displayName\": \"Erkang Zheng\",\n \"_class\": [\n \"User\"\n ],\n \"_version\": 2,\n \"_integrationClass\": [\n \"ITS\",\n \"SCM\",\n \"VCS\",\n \"VersionControl\"\n ],\n \"_accountId\": \"j1dev\",\n \"_id\": \"b5bf0a54-b075-4f6f-9288-5b201d860099\",\n \"_key\": \"{55030f6e-477a-4a2f-8fe3-a87cbbaecd6d}\",\n \"_type\": [\n \"bitbucket_user\"\n ],\n \"_deleted\": false,\n \"_rawDataHashes\": \"eyJkZWZhdWx0IjoicmJHalJ5UWtwVkFDcmRXN1R5a09XRkZwMlJ1ekJYNERuQTRHTmR0Y05tST0ifQ==\",\n \"_integrationInstanceId\": \"3178c8e8-214a-4d41-bbc0-ff933119a20e\",\n \"_integrationType\": \"bitbucket\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2021-06-02T15:25:31.465Z\"\n },\n \"properties\": {\n \"nickname\": \"Erkang Zheng\",\n \"name\": \"Erkang Zheng\",\n \"username\": \"Erkang Zheng\",\n \"tag.AccountName\": \"JupiterOne\",\n \"tag.Production\": false\n }\n },\n {\n \"id\": \"a351f6c5-1031-4132-b953-e32be225d0b1\",\n \"entity\": {\n \"_key\": \"slack-user:team_T0129SR43DL:user_U023E3DMRBK\",\n \"_type\": [\n \"slack_user\"\n ],\n \"_class\": [\n \"User\"\n ],\n \"displayName\": \"Erkang Zheng\",\n \"_integrationType\": \"slack\",\n \"_integrationDefinitionId\": \"e770f533-4e49-40e0-8fd7-75bbb79dd824\",\n \"_integrationName\": \"jptrone.slack.com\",\n \"_beginOn\": \"2023-03-09T18:56:55.854Z\",\n \"_version\": 4345,\n \"_accountId\": \"j1dev\",\n \"_id\": \"1a5efbdc-7d98-4d36-96e8-ff956c99dd1f\",\n \"_deleted\": false,\n \"_integrationInstanceId\": \"ba19a94f-211a-4f5d-9a20-6ef661f583c2\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2021-06-06T19:17:01.628Z\"\n },\n \"properties\": {\n \"id\": \"U023E3DMRBK\",\n \"name\": \"erkang\",\n \"userId\": \"U023E3DMRBK\",\n \"username\": \"erkang\",\n \"email\": \"erkang@gmail.com\",\n \"emailDomain\": \"gmail.com\",\n \"bot\": false,\n \"appUser\": false,\n \"admin\": false,\n \"teamAdmin\": false,\n \"teamOwner\": false,\n \"primaryTeamOwner\": false,\n \"restricted\": false,\n \"ultraRestricted\": false,\n \"active\": false,\n \"updatedOn\": \"2021-05-26T00:04:52.000Z\",\n \"userType\": \"user\",\n \"tag.Production\": true,\n \"tag.AccountName\": \"jptrone.slack.com\",\n \"tags\": \"Production\"\n }\n },\n {\n \"id\": \"dd20199d-a7d9-4053-baff-090ed7173de9\",\n \"entity\": {\n \"_id\": \"c349c8b1-43de-4b18-acf2-4f84555d5606\",\n \"_integrationDefinitionId\": \"d045effa-2bed-462e-8208-7503f708afb3\",\n \"_integrationName\": \"george test\",\n \"_beginOn\": \"2022-12-29T20:50:13.431Z\",\n \"displayName\": \"Erkang Zheng\",\n \"_class\": [\n \"User\"\n ],\n \"_version\": 4,\n \"_integrationClass\": [\n \"CSP\",\n \"Infrastructure\"\n ],\n \"_accountId\": \"j1dev\",\n \"_key\": \"6f0108a5-7838-4aa2-a92b-1cfd6e9d9aa8\",\n \"_type\": [\n \"azure_user\"\n ],\n \"_deleted\": false,\n \"_integrationInstanceId\": \"fd850899-8c98-4241-b1f1-54febabbfd97\",\n \"_integrationType\": \"azure\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2021-07-06T22:19:42.019Z\"\n },\n \"properties\": {\n \"tag.CriticalAsset\": true,\n \"@tag.CriticalAsset\": \"\",\n \"id\": \"6f0108a5-7838-4aa2-a92b-1cfd6e9d9aa8\",\n \"businessPhones\": \"8335787663\",\n \"givenName\": \"Erkang\",\n \"preferredLanguage\": \"en-US\",\n \"surname\": \"Zheng\",\n \"userPrincipalName\": \"erkang.zheng@jupiterone.com\",\n \"userType\": \"Member\",\n \"accountEnabled\": true,\n \"name\": \"Erkang Zheng\",\n \"firstName\": \"Erkang\",\n \"lastName\": \"Zheng\",\n \"username\": \"erkang.zheng@jupiterone.com\",\n \"tag.AccountName\": \"george test\",\n \"tag.Production\": true,\n \"tags\": \"Production\"\n }\n },\n {\n \"id\": \"db0d93e2-00c4-40ba-9ffd-496a26c77cbf\",\n \"entity\": {\n \"_key\": \"jira_user_5f29cd2cc1b9f4001cbe087c\",\n \"_type\": [\n \"jira_user\"\n ],\n \"_class\": [\n \"User\"\n ],\n \"displayName\": \"Erkang Zheng\",\n \"_integrationType\": \"jira\",\n \"_integrationClass\": [\n \"Collaboration\",\n \"ITS\",\n \"Ticketing\",\n \"Workflow\"\n ],\n \"_integrationDefinitionId\": \"155e9e67-3612-44bb-842c-5265a9035345\",\n \"_integrationName\": \"j1dev\",\n \"_beginOn\": \"2022-07-26T10:09:26.935Z\",\n \"_version\": 5,\n \"_accountId\": \"j1dev\",\n \"_id\": \"9b259f19-a2f0-4c02-8b63-70ecdfdc05fc\",\n \"_deleted\": false,\n \"_integrationInstanceId\": \"5fca87ee-3d73-4885-a5bd-d4ac2d532404\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2021-08-12T01:09:15.020Z\"\n },\n \"properties\": {\n \"id\": \"5f29cd2cc1b9f4001cbe087c\",\n \"self\": \"https://jupiterone.atlassian.net/rest/api/3/user?accountId=5f29cd2cc1b9f4001cbe087c\",\n \"name\": \"Erkang Zheng\",\n \"email\": \"erkang.zheng@jupiterone.com\",\n \"active\": true,\n \"accountType\": \"atlassian\",\n \"username\": \"erkang.zheng@jupiterone.com\",\n \"webLink\": \"https://jupiterone.atlassian.net/jira/people/5f29cd2cc1b9f4001cbe087c\",\n \"tag.AccountName\": \"j1dev\"\n }\n },\n {\n \"id\": \"14d6c5f7-a903-4234-bdf1-e19e27f7468a\",\n \"entity\": {\n \"_id\": \"dad1bc7b-827c-438e-bf03-96c3ef705b66\",\n \"_integrationDefinitionId\": \"8ca1addd-cf80-44c6-8127-bd31c9b43ded\",\n \"_integrationName\": \"George Tang's M365 test integration\",\n \"_beginOn\": \"2023-01-19T20:35:45.058Z\",\n \"displayName\": \"Erkang Zheng\",\n \"_class\": [\n \"User\"\n ],\n \"_version\": 5,\n \"_integrationClass\": [\n \"MDM\",\n \"IdP\",\n \"endpoint\"\n ],\n \"_accountId\": \"j1dev\",\n \"_key\": \"6f0108a5-7838-4aa2-a92b-1cfd6e9d9aa8\",\n \"_type\": [\n \"azure_user\"\n ],\n \"_deleted\": false,\n \"_integrationInstanceId\": \"073a797f-f675-4f30-a50d-0fb00fac8d25\",\n \"_integrationType\": \"microsoft-365\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2021-11-06T21:18:14.370Z\"\n },\n \"properties\": {\n \"tag.CriticalAsset\": true,\n \"@tag.CriticalAsset\": \"\",\n \"name\": \"Erkang Zheng\",\n \"username\": \"erkang.zheng@jupiterone.com\",\n \"givenName\": \"Erkang\",\n \"firstName\": \"Erkang\",\n \"preferredLanguage\": \"en-US\",\n \"surname\": \"Zheng\",\n \"lastName\": \"Zheng\",\n \"userPrincipalName\": \"erkang.zheng@jupiterone.com\",\n \"id\": \"6f0108a5-7838-4aa2-a92b-1cfd6e9d9aa8\",\n \"tag.AccountName\": \"George Tang's M365 test integration\"\n }\n },\n {\n \"id\": \"5a9ae212-b49a-44ed-a81d-9e37388f522f\",\n \"entity\": {\n \"displayName\": \"Erkang Zheng\",\n \"_source\": \"integration-managed\",\n \"_accountId\": \"j1dev\",\n \"_id\": \"f343ba4a-7201-4858-93f0-35dc4a4d9816\",\n \"_key\": \"sysdig_user:10007544\",\n \"_type\": [\n \"sysdig_user\"\n ],\n \"_class\": [\n \"User\"\n ],\n \"_deleted\": false,\n \"_version\": 2,\n \"_createdOn\": \"2021-12-14T20:46:31.776Z\",\n \"_beginOn\": \"2021-12-14T20:47:24.204Z\",\n \"_integrationInstanceId\": \"5dc3f3a1-ebb1-41c7-b61f-421da5b824d8\",\n \"_integrationDefinitionId\": \"1135f382-f345-4a65-a806-a17e3374b8dc\",\n \"_integrationName\": \"Sysdig Integration Sandbox\",\n \"_integrationType\": \"sysdig\"\n },\n \"properties\": {\n \"products\": [\n \"SDC\",\n \"SDS\"\n ],\n \"lastName\": \"Zheng\",\n \"enabled\": true,\n \"id\": \"10007544\",\n \"admin\": true,\n \"username\": \"erkang.zheng@jupiterone.com\",\n \"tag.AccountName\": \"Sysdig Integration Sandbox\",\n \"active\": true,\n \"lastSeenOnSecure\": 1639514730192,\n \"systemRole\": \"ROLE_CUSTOMER\",\n \"createdOn\": \"2021-12-14T20:45:03.945Z\",\n \"status\": \"confirmed\",\n \"version\": 2,\n \"webLink\": \"https://us2.app.sysdig.com/secure/#/settings/users/10007544\",\n \"name\": \"erkang.zheng@jupiterone.com\",\n \"firstName\": \"Erkang\",\n \"email\": \"erkang.zheng@jupiterone.com\",\n \"@email\": \"\"\n }\n },\n {\n \"id\": \"b4b15da3-0678-4fc3-aa3f-c36c59c4c16e\",\n \"entity\": {\n \"_key\": \"slack-user:team_T0129SR43DL:user_U023E3DMRBK\",\n \"_type\": [\n \"slack_user\"\n ],\n \"_class\": [\n \"User\"\n ],\n \"displayName\": \"Erkang Zheng\",\n \"_integrationType\": \"slack\",\n \"_integrationDefinitionId\": \"e770f533-4e49-40e0-8fd7-75bbb79dd824\",\n \"_integrationName\": \"Tammy\",\n \"_beginOn\": \"2023-03-09T19:34:50.207Z\",\n \"_version\": 2,\n \"_accountId\": \"j1dev\",\n \"_id\": \"ccfb6a14-c620-4b25-8650-97d1fd426d25\",\n \"_deleted\": false,\n \"_integrationInstanceId\": \"eb647799-37a1-4c96-bb8b-0cdc1ea3437f\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2022-10-02T16:34:51.561Z\"\n },\n \"properties\": {\n \"id\": \"U023E3DMRBK\",\n \"name\": \"erkang\",\n \"userId\": \"U023E3DMRBK\",\n \"username\": \"erkang\",\n \"email\": \"erkang@gmail.com\",\n \"emailDomain\": \"gmail.com\",\n \"bot\": false,\n \"appUser\": false,\n \"admin\": false,\n \"teamAdmin\": false,\n \"teamOwner\": false,\n \"primaryTeamOwner\": false,\n \"restricted\": false,\n \"ultraRestricted\": false,\n \"active\": false,\n \"updatedOn\": \"2021-05-26T00:04:52.000Z\",\n \"userType\": \"user\",\n \"tag.AccountName\": false\n }\n },\n {\n \"id\": \"ec9a19e2-9189-4886-87d8-1273d4636125\",\n \"entity\": {\n \"_key\": \"slack-user:team_T0129SR43DL:user_U012GJWNFR8\",\n \"_type\": [\n \"slack_user\"\n ],\n \"_class\": [\n \"User\"\n ],\n \"displayName\": \"Erkang\",\n \"_integrationType\": \"slack\",\n \"_integrationDefinitionId\": \"e770f533-4e49-40e0-8fd7-75bbb79dd824\",\n \"_integrationName\": \"Tammy\",\n \"_beginOn\": \"2023-03-13T21:34:48.868Z\",\n \"_version\": 168,\n \"_accountId\": \"j1dev\",\n \"_id\": \"18f1a1fb-d6cf-4bd9-992f-3016ccf8e1d6\",\n \"_deleted\": false,\n \"_integrationInstanceId\": \"eb647799-37a1-4c96-bb8b-0cdc1ea3437f\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2022-10-02T16:34:51.561Z\"\n },\n \"properties\": {\n \"id\": \"U012GJWNFR8\",\n \"name\": \"erkang.zheng\",\n \"userId\": \"U012GJWNFR8\",\n \"username\": \"erkang.zheng\",\n \"realName\": \"Erkang Zheng\",\n \"email\": \"erkang.zheng@jupiterone.com\",\n \"emailDomain\": \"jupiterone.com\",\n \"bot\": false,\n \"appUser\": false,\n \"admin\": true,\n \"teamAdmin\": true,\n \"teamOwner\": true,\n \"primaryTeamOwner\": true,\n \"restricted\": false,\n \"ultraRestricted\": false,\n \"active\": true,\n \"updatedOn\": \"2023-03-13T21:20:24.000Z\",\n \"userType\": \"owner\",\n \"tag.AccountName\": false\n }\n },\n {\n \"id\": \"46faeb5e-42f3-49d4-8ee1-eb067530d549\",\n \"entity\": {\n \"displayName\": \"Erkang Zheng\",\n \"_source\": \"integration-managed\",\n \"_accountId\": \"j1dev\",\n \"_id\": \"813a654b-59ed-4d4b-a1e2-99c6d8b5c5df\",\n \"_key\": \"slack-user:team_T0129SR43DL:user_U023E3DMRBK\",\n \"_type\": [\n \"slack_user\"\n ],\n \"_class\": [\n \"User\"\n ],\n \"_deleted\": false,\n \"_version\": 1,\n \"_createdOn\": \"2022-10-31T18:32:24.036Z\",\n \"_beginOn\": \"2022-10-31T18:32:24.036Z\",\n \"_integrationInstanceId\": \"eb4f2fac-e9a1-474d-8859-5f0e5ef90b16\",\n \"_integrationDefinitionId\": \"e770f533-4e49-40e0-8fd7-75bbb79dd824\",\n \"_integrationName\": \"ManAlertTest\",\n \"_integrationType\": \"slack\"\n },\n \"properties\": {\n \"id\": \"U023E3DMRBK\",\n \"name\": \"erkang\",\n \"userId\": \"U023E3DMRBK\",\n \"username\": \"erkang\",\n \"email\": \"erkang@gmail.com\",\n \"emailDomain\": \"gmail.com\",\n \"bot\": false,\n \"appUser\": false,\n \"admin\": false,\n \"teamAdmin\": false,\n \"teamOwner\": false,\n \"primaryTeamOwner\": false,\n \"restricted\": false,\n \"ultraRestricted\": false,\n \"active\": false,\n \"updatedOn\": \"2021-05-26T00:04:52.000Z\",\n \"userType\": \"user\",\n \"tag.AccountName\": \"ManAlertTest\"\n }\n },\n {\n \"id\": \"e93d778b-dbcd-49c2-8f27-7cceeb2000d2\",\n \"entity\": {\n \"_key\": \"slack-user:team_T0129SR43DL:user_U012GJWNFR8\",\n \"_type\": [\n \"slack_user\"\n ],\n \"_class\": [\n \"User\"\n ],\n \"displayName\": \"Erkang\",\n \"_integrationType\": \"slack\",\n \"_integrationDefinitionId\": \"e770f533-4e49-40e0-8fd7-75bbb79dd824\",\n \"_integrationName\": \"ManAlertTest\",\n \"_beginOn\": \"2023-03-10T13:43:54.959Z\",\n \"_version\": 11,\n \"_accountId\": \"j1dev\",\n \"_id\": \"780d9fef-4fba-43e7-a099-7ef8ece42246\",\n \"_deleted\": false,\n \"_integrationInstanceId\": \"eb4f2fac-e9a1-474d-8859-5f0e5ef90b16\",\n \"_source\": \"integration-managed\",\n \"_createdOn\": \"2022-10-31T18:32:24.036Z\"\n },\n \"properties\": {\n \"id\": \"U012GJWNFR8\",\n \"name\": \"erkang.zheng\",\n \"userId\": \"U012GJWNFR8\",\n \"username\": \"erkang.zheng\",\n \"realName\": \"Erkang Zheng\",\n \"email\": \"erkang.zheng@jupiterone.com\",\n \"emailDomain\": \"jupiterone.com\",\n \"bot\": false,\n \"appUser\": false,\n \"admin\": true,\n \"teamAdmin\": true,\n \"teamOwner\": true,\n \"primaryTeamOwner\": true,\n \"restricted\": false,\n \"ultraRestricted\": false,\n \"active\": true,\n \"updatedOn\": \"2023-03-04T23:54:42.000Z\",\n \"userType\": \"owner\",\n \"tag.AccountName\": \"ManAlertTest\"\n }\n }\n ],\n \"cursor\": null\n }\n }\n}"
}
]
}
]
},
{
"name": "Alert",
"item": [
{
"name": "Create Alert Rule",
"request": {
"auth": {
"type": "bearer"
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation CreateQuestionRuleInstance (\n $instance: CreateQuestionRuleInstanceInput!\n) {\n createQuestionRuleInstance (\n instance: $instance\n ) {\n id\n name\n description\n specVersion\n pollingInterval\n question {\n queries {\n query\n version\n }\n }\n operations {\n when\n actions\n }\n outputs\n }\n}",
"variables": "{\n \"instance\": {\n \"name\": \"unencrypted-prod-data\",\n \"description\": \"Data stores in production tagged critical and unencrypted\",\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 0,\n \"outputs\": [\n \"alertLevel\"\n ],\n \"operations\": [\n {\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n },\n \"actions\": [\n {\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\",\n \"targetValue\": \"CRITICAL\"\n },\n {\n \"type\": \"CREATE_ALERT\"\n }\n ]\n }\n ],\n \"question\": {\n \"queries\": [\n {\n \"query\": \"Find DataStore with (production=true or tag.Production=true) and classification='critical' and encrypted!=true as d return d.tag.AccountName as Account, d.displayName as UnencryptedDataStores, d._type as Type, d.encrypted as Encrypted\",\n \"version\": \"v1\",\n \"name\": \"unencryptedCriticalData\"\n }\n ]\n }\n }\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"response": [
{
"name": "Create Alert Rule",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation CreateQuestionRuleInstance (\n $instance: CreateQuestionRuleInstanceInput!\n) {\n createQuestionRuleInstance (\n instance: $instance\n ) {\n id\n name\n description\n specVersion\n pollingInterval\n question {\n queries {\n query\n version\n }\n }\n operations {\n when\n actions\n }\n outputs\n }\n}",
"variables": "{\n \"instance\": {\n \"name\": \"unencrypted-prod-data-example\",\n \"description\": \"Data stores in production tagged critical and unencrypted\",\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 0,\n \"outputs\": [\n \"alertLevel\"\n ],\n \"operations\": [\n {\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n },\n \"actions\": [\n {\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\",\n \"targetValue\": \"CRITICAL\"\n },\n {\n \"type\": \"CREATE_ALERT\"\n }\n ]\n }\n ],\n \"question\": {\n \"queries\": [\n {\n \"query\": \"Find DataStore with (production=true or tag.Production=true) and classification='critical' and encrypted!=true as d return d.tag.AccountName as Account, d.displayName as UnencryptedDataStores, d._type as Type, d.encrypted as Encrypted\",\n \"version\": \"v1\",\n \"name\": \"unencryptedCriticalData\"\n }\n ]\n }\n }\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Date",
"value": "Tue, 14 Mar 2023 14:46:26 GMT"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "867"
},
{
"key": "Connection",
"value": "keep-alive"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
},
{
"key": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"key": "Expect-CT",
"value": "max-age=0"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=15552000; includeSubDomains"
},
{
"key": "X-Download-Options",
"value": "noopen"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Origin-Agent-Cluster",
"value": "?1"
},
{
"key": "X-Permitted-Cross-Domain-Policies",
"value": "none"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "vary",
"value": "Origin"
},
{
"key": "access-control-allow-credentials",
"value": "true"
},
{
"key": "ratelimit-limit",
"value": "1000"
},
{
"key": "ratelimit-remaining",
"value": "999"
},
{
"key": "ratelimit-reset",
"value": "1"
},
{
"key": "ratelimit-requested",
"value": "1"
}
],
"cookie": [],
"body": "{\n \"data\": {\n \"createQuestionRuleInstance\": {\n \"id\": \"84a6237f-5d00-4f0d-a370-39918eaeb508\",\n \"name\": \"unencrypted-prod-data-example\",\n \"description\": \"Data stores in production tagged critical and unencrypted\",\n \"specVersion\": 0,\n \"pollingInterval\": \"ONE_DAY\",\n \"question\": {\n \"queries\": [\n {\n \"query\": \"Find DataStore with (production=true or tag.Production=true) and classification='critical' and encrypted!=true as d return d.tag.AccountName as Account, d.displayName as UnencryptedDataStores, d._type as Type, d.encrypted as Encrypted\",\n \"version\": \"v1\"\n }\n ]\n },\n \"operations\": [\n {\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n },\n \"actions\": [\n {\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\",\n \"targetValue\": \"CRITICAL\",\n \"id\": \"6c89719d-956d-4950-a160-3dda900129db\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"ea1e9287-4d9c-40e0-a384-b63f7a7f0ce2\"\n }\n ]\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ]\n }\n }\n}"
}
]
},
{
"name": "Trigger Alert Rule Copy",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "{{api_key}}",
"type": "string"
}
]
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation EvaluateRuleInstance ($id: ID!) {\n evaluateRuleInstance (\n id: $id\n ) {\n outputs {\n name\n value\n }\n }\n}",
"variables": "{\n \"id\": \"08a1e32a-a7fb-4514-9ce9-585f4d0a46f9\"\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"response": [
{
"name": "Trigger Alert Rule Copy",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation EvaluateRuleInstance ($id: ID!) {\n evaluateRuleInstance (\n id: $id\n ) {\n outputs {\n name\n value\n }\n }\n}",
"variables": "{\n \"id\": \"84a6237f-5d00-4f0d-a370-39918eaeb508\"\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Date",
"value": "Tue, 14 Mar 2023 14:49:11 GMT"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "49"
},
{
"key": "Connection",
"value": "keep-alive"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
},
{
"key": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"key": "Expect-CT",
"value": "max-age=0"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=15552000; includeSubDomains"
},
{
"key": "X-Download-Options",
"value": "noopen"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Origin-Agent-Cluster",
"value": "?1"
},
{
"key": "X-Permitted-Cross-Domain-Policies",
"value": "none"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "vary",
"value": "Origin"
},
{
"key": "access-control-allow-credentials",
"value": "true"
},
{
"key": "ratelimit-limit",
"value": "1000"
},
{
"key": "ratelimit-remaining",
"value": "999"
},
{
"key": "ratelimit-reset",
"value": "1"
},
{
"key": "ratelimit-requested",
"value": "1"
}
],
"cookie": [],
"body": "{\n \"data\": {\n \"evaluateRuleInstance\": {\n \"outputs\": []\n }\n }\n}"
}
]
},
{
"name": "List Alert Instances",
"request": {
"auth": {
"type": "bearer"
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "query ListAlertInstances {\n listAlertInstances {\n instances {\n accountId\n createdOn\n dismissedOn\n id\n lastEvaluationBeginOn\n lastEvaluationEndOn\n lastEvaluationResult {\n outputs {\n name\n value\n }\n rawDataDescriptors {\n name\n persistedResultType\n recordCount\n }\n }\n lastUpdatedOn\n level\n questionRuleInstance {\n accountId\n deleted\n id\n latest\n latestAlertId\n latestAlertIsActive\n name\n operations {\n actions\n when \n }\n outputs\n pollingInterval\n specVersion\n tags\n templates\n type\n version\n }\n reportRuleInstance {\n id\n }\n ruleId\n status\n }\n pageInfo {\n endCursor\n hasNextPage\n }\n }\n }",
"variables": ""
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"response": [
{
"name": "List Alert Instances",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "query ListAlertInstances {\n listAlertInstances {\n instances {\n accountId\n createdOn\n dismissedOn\n id\n lastEvaluationBeginOn\n lastEvaluationEndOn\n lastEvaluationResult {\n outputs {\n name\n value\n }\n rawDataDescriptors {\n name\n persistedResultType\n recordCount\n }\n }\n lastUpdatedOn\n level\n questionRuleInstance {\n accountId\n deleted\n id\n latest\n latestAlertId\n latestAlertIsActive\n name\n operations {\n actions\n when \n }\n outputs\n pollingInterval\n specVersion\n tags\n templates\n type\n version\n }\n reportRuleInstance {\n id\n }\n ruleId\n status\n }\n pageInfo {\n endCursor\n hasNextPage\n }\n }\n }",
"variables": ""
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Date",
"value": "Tue, 14 Mar 2023 14:59:15 GMT"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "50652"
},
{
"key": "Connection",
"value": "keep-alive"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
},
{
"key": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"key": "Expect-CT",
"value": "max-age=0"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=15552000; includeSubDomains"
},
{
"key": "X-Download-Options",
"value": "noopen"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Origin-Agent-Cluster",
"value": "?1"
},
{
"key": "X-Permitted-Cross-Domain-Policies",
"value": "none"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "vary",
"value": "Origin"
},
{
"key": "access-control-allow-credentials",
"value": "true"
},
{
"key": "ratelimit-limit",
"value": "1000"
},
{
"key": "ratelimit-remaining",
"value": "999"
},
{
"key": "ratelimit-reset",
"value": "1"
},
{
"key": "ratelimit-requested",
"value": "1"
}
],
"cookie": [],
"body": "{\n \"data\": {\n \"listAlertInstances\": {\n \"instances\": [\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1603897424356,\n \"dismissedOn\": 1604685547794,\n \"id\": \"00ba0ae8-f2c6-47d4-99f0-92a62babb138\",\n \"lastEvaluationBeginOn\": 1603908537852,\n \"lastEvaluationEndOn\": 1603908538040,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.query0.total\",\n \"value\": 0\n },\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 0\n }\n ]\n },\n \"lastUpdatedOn\": 1604685547794,\n \"level\": \"CRITICAL\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"321d3944-d63b-4e2c-b7f6-40205d0007da\",\n \"latest\": true,\n \"latestAlertId\": \"793f9aff-e1da-4224-8d41-3307b08b65cf\",\n \"latestAlertIsActive\": false,\n \"name\": \"s3-bucket-server-side-encryption-enabled\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"CRITICAL\",\n \"id\": \"1\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"1\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"queries.query0.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"321d3944-d63b-4e2c-b7f6-40205d0007da\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1607422029459,\n \"dismissedOn\": 1614968181793,\n \"id\": \"00dcb6eb-69e3-4133-8384-e2139c485c7e\",\n \"lastEvaluationBeginOn\": 1607797890439,\n \"lastEvaluationEndOn\": 1607797890649,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.query0.total\",\n \"value\": 0\n },\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 0\n }\n ]\n },\n \"lastUpdatedOn\": 1614968181793,\n \"level\": \"HIGH\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"d2bcc52d-3000-4fec-b107-d6c8dba222d2\",\n \"latest\": true,\n \"latestAlertId\": \"d9dc41fe-e395-4239-b17c-96094118b4a8\",\n \"latestAlertIsActive\": false,\n \"name\": \"high-severity-finding\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"HIGH\",\n \"id\": \"1\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"1\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"queries.query0.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"d2bcc52d-3000-4fec-b107-d6c8dba222d2\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1610491027243,\n \"dismissedOn\": 1614968174661,\n \"id\": \"00eca888-e749-40e2-b08f-802373e99a32\",\n \"lastEvaluationBeginOn\": 1614915080812,\n \"lastEvaluationEndOn\": 1614915081626,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.query0.total\",\n \"value\": 2\n },\n {\n \"name\": \"alertLevel\",\n \"value\": \"CRITICAL\"\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 2\n }\n ]\n },\n \"lastUpdatedOn\": 1614968174661,\n \"level\": \"CRITICAL\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"c5324ce2-d6e3-4e7d-85c2-4e50c87a0593\",\n \"latest\": true,\n \"latestAlertId\": \"530ea8f8-3b31-489c-bc68-21175c32de37\",\n \"latestAlertIsActive\": false,\n \"name\": \"s3-bucket-public-read-prohibited\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"CRITICAL\",\n \"id\": \"1\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"1\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"queries.query0.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"c5324ce2-d6e3-4e7d-85c2-4e50c87a0593\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1666910400323,\n \"dismissedOn\": 1666910594973,\n \"id\": \"010043ab-5d41-4e6c-9fcb-7f133b3b065e\",\n \"lastEvaluationBeginOn\": 1666910532845,\n \"lastEvaluationEndOn\": 1666910534095,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 1\n }\n ]\n },\n \"lastUpdatedOn\": 1666910594973,\n \"level\": \"INFO\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"a6abf09b-7e91-4d33-a7ef-021e7d93ba31\",\n \"latest\": true,\n \"latestAlertId\": \"63b138f9-a0d1-4343-bba3-aebd5987ec7d\",\n \"latestAlertIsActive\": false,\n \"name\": \"Chris Larson - Jira Additional Fields Test\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"INFO\",\n \"id\": \"4e7808e1-42be-4cd5-bdcd-06a7cfeea5df\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"81455c22-be3b-4a4c-9a4b-66e841356479\"\n },\n {\n \"summary\": \"Chris Larson - Jira Additional Fields Test 4\",\n \"issueType\": \"Task\",\n \"entityClass\": \"Vulnerability\",\n \"integrationInstanceId\": \"52caa14b-9c6f-4d37-af99-9a10ce37ee51\",\n \"additionalFields\": {\n \"priority\": {\n \"name\": \"low\",\n \"id\": \"4\"\n },\n \"Robinhood Risk Rating\": \"2\",\n \"description\": {\n \"type\": \"doc\",\n \"version\": 1,\n \"content\": [\n {\n \"type\": \"paragraph\",\n \"content\": [\n {\n \"type\": \"text\",\n \"text\": \"undefined\\n\\n**Affected Items:**\\n\\n* j1dev_christopher.larson@jupiterone.com\"\n }\n ]\n }\n ]\n }\n },\n \"project\": \"CT\",\n \"id\": \"932cb089-6eb4-4622-b8d1-90306bc64072\",\n \"type\": \"CREATE_JIRA_TICKET\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_WEEK\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": null,\n \"type\": \"QUESTION\",\n \"version\": 34\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"a6abf09b-7e91-4d33-a7ef-021e7d93ba31\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1636144866627,\n \"dismissedOn\": null,\n \"id\": \"017b0e93-64d7-441f-abdb-2d3d7e5195bd\",\n \"lastEvaluationBeginOn\": 1678740067611,\n \"lastEvaluationEndOn\": 1678740070097,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.query0.total\",\n \"value\": 0\n },\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 0\n }\n ]\n },\n \"lastUpdatedOn\": 1678740070097,\n \"level\": \"CRITICAL\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"11d8bec1-80c4-48b3-bcf4-04a5ee8fd489\",\n \"latest\": true,\n \"latestAlertId\": null,\n \"latestAlertIsActive\": false,\n \"name\": \"rds-storage-encrypted\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"CRITICAL\",\n \"id\": \"da598b6b-1fbf-4b78-9f92-dbbc412a9ee1\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"b544c8f1-5356-47f9-8844-fdcb69d2d108\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": true\n }\n }\n ],\n \"outputs\": [\n \"queries.query0.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"11d8bec1-80c4-48b3-bcf4-04a5ee8fd489\",\n \"status\": \"INACTIVE\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1668736253665,\n \"dismissedOn\": 1668736358179,\n \"id\": \"018bf7c6-96c7-4553-b091-73b355d26a8f\",\n \"lastEvaluationBeginOn\": 1668736322886,\n \"lastEvaluationEndOn\": 1668736325764,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 1\n }\n ]\n },\n \"lastUpdatedOn\": 1668736358179,\n \"level\": \"INFO\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"a6abf09b-7e91-4d33-a7ef-021e7d93ba31\",\n \"latest\": true,\n \"latestAlertId\": \"e4ff64b2-da9c-4a1c-a0c3-c093b40af894\",\n \"latestAlertIsActive\": false,\n \"name\": \"Chris Larson - Jira Additional Fields Test\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"INFO\",\n \"id\": \"d0c601a6-8da4-4a13-919a-9da6ebcabda8\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"bc41bcf3-b8fb-465c-a703-ec6a545f6681\"\n },\n {\n \"summary\": \"Chris Larson - Jira Additional Fields Test 6\",\n \"issueType\": \"Task\",\n \"entityClass\": \"Vulnerability\",\n \"integrationInstanceId\": \"52caa14b-9c6f-4d37-af99-9a10ce37ee51\",\n \"additionalFields\": {\n \"customfield_10196\": \"[CDATA[ Medium ]]\",\n \"description\": {\n \"type\": \"doc\",\n \"version\": 1,\n \"content\": [\n {\n \"type\": \"paragraph\",\n \"content\": [\n {\n \"type\": \"text\",\n \"text\": \"undefined\\n\\n**Affected Items:**\\n\\n* j1dev_christopher.larson@jupiterone.com\"\n }\n ]\n }\n ]\n }\n },\n \"project\": \"CT\",\n \"id\": \"932cb089-6eb4-4622-b8d1-90306bc64072\",\n \"type\": \"CREATE_JIRA_TICKET\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_WEEK\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 51\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"a6abf09b-7e91-4d33-a7ef-021e7d93ba31\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1658980576851,\n \"dismissedOn\": null,\n \"id\": \"026b6b0d-e22c-4090-a435-9097b1671a1c\",\n \"lastEvaluationBeginOn\": 1678779952544,\n \"lastEvaluationEndOn\": 1678779953978,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": \"HIGH\"\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 9\n }\n ]\n },\n \"lastUpdatedOn\": 1678779953980,\n \"level\": \"HIGH\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"c2d739b9-6042-43e6-be9f-e833580c1e09\",\n \"latest\": true,\n \"latestAlertId\": \"026b6b0d-e22c-4090-a435-9097b1671a1c\",\n \"latestAlertIsActive\": true,\n \"name\": \"Review New Pets\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"HIGH\",\n \"id\": \"78d7213a-9481-4daa-b3b5-80805b6fc1f4\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"2b925a5f-f74f-461d-97ed-67c04aba22db\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_WEEK\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": null,\n \"type\": \"QUESTION\",\n \"version\": 3\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"c2d739b9-6042-43e6-be9f-e833580c1e09\",\n \"status\": \"ACTIVE\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1633462059828,\n \"dismissedOn\": 1633631074069,\n \"id\": \"026e9d03-ff22-4d84-848b-0628b92d81b1\",\n \"lastEvaluationBeginOn\": 1633462058989,\n \"lastEvaluationEndOn\": 1633462059828,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": \"INFO\"\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 1\n }\n ]\n },\n \"lastUpdatedOn\": 1633631074069,\n \"level\": \"INFO\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"dfa7c8a6-0f6e-4997-a879-4e8c79290bbd\",\n \"latest\": true,\n \"latestAlertId\": \"a9a43934-03ae-44dd-8e3b-b73c61031ed1\",\n \"latestAlertIsActive\": false,\n \"name\": \"tony-5\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"INFO\",\n \"id\": \"462ad0b8-3b15-45be-8b8f-b6454381cd66\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"5d306ff5-c142-4896-b586-334509821b85\"\n },\n {\n \"id\": \"77a10c4c-956c-4e2b-98c7-1a5f34504687\",\n \"type\": \"SEND_EMAIL\",\n \"body\": \"Affected Items: <br><br>* Severity: medium <br>* Description: This rule helps determine whether the SSH daemon is configured to permit logging in to your EC2 instance as root. Status: true\",\n \"recipients\": [\n \"tony.ramirez@jupiterone.com\"\n ]\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {\n \"tempMap\": \"Severity: {{item.severity}} <br>* Description: {{item.description}} Status: {{item.open}}\"\n },\n \"type\": \"QUESTION\",\n \"version\": 3\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"dfa7c8a6-0f6e-4997-a879-4e8c79290bbd\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1651859972051,\n \"dismissedOn\": null,\n \"id\": \"02af8f69-f9c9-4374-954d-644f88369698\",\n \"lastEvaluationBeginOn\": 1666146183667,\n \"lastEvaluationEndOn\": 1666146184964,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 3\n }\n ]\n },\n \"lastUpdatedOn\": 1666146184964,\n \"level\": \"INFO\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"cf923786-247b-4059-8fea-6e19c5274ed5\",\n \"latest\": true,\n \"latestAlertId\": \"cc35d0f4-3795-4853-b61c-ee634c88aaa7\",\n \"latestAlertIsActive\": false,\n \"name\": \"test-webhook-tony\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"INFO\",\n \"id\": \"37cb2278-e479-40cc-aa89-8b7b3f706f0c\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"295bd426-175f-4025-94d4-c0ad7c753539\"\n },\n {\n \"itemRef\": \"obj\",\n \"id\": \"f216b7c2-2d38-4a33-8c38-719bd2f4bdb5\",\n \"type\": \"FOR_EACH_ITEM\",\n \"items\": [\n {\n \"entity\": {\n \"_beginOn\": \"2022-05-04T22:08:54.429Z\",\n \"_deleted\": false,\n \"_createdOn\": \"2019-01-22T01:57:46.999Z\",\n \"_lowAlertInstanceIds\": \"7b4e79c3-2203-4e6a-b17b-cd85bba89f62\",\n \"displayName\": \"vol-0efb2b9e057705fb2\",\n \"_integrationClass\": [\n \"CSP\",\n \"Infrastructure\"\n ],\n \"_mediumAlertInstanceIds\": \"b935b246-4cdb-45c6-b94f-a4afe74b8207\",\n \"_type\": [\n \"aws_ebs_volume\"\n ],\n \"_rawDataHashes\": \"eyJkZWZhdWx0IjoiT01DV1o2R0c0SVp2bnFiZGxMQmcyYXV4cHdkTDVBa1JEQ1A2bFdvTktOcz0ifQ==\",\n \"_key\": \"arn:aws:ec2:us-east-1:195479668431:volume/vol-0efb2b9e057705fb2\",\n \"_latest\": true,\n \"_integrationType\": \"aws\",\n \"_accountId\": \"j1dev\",\n \"_integrationDefinitionId\": \"7a669809-6e55-45b9-bf23-aa27613118e9\",\n \"_source\": \"integration-managed\",\n \"_integrationName\": \"AWS\",\n \"_class\": [\n \"DataStore\",\n \"Disk\"\n ],\n \"_id\": \"f3a1f739-b418-4c98-b2fc-de23b99e66ef\",\n \"_version\": 36,\n \"_integrationInstanceId\": \"517359f4-db77-4193-b434-5caef67446de\"\n },\n \"properties\": {\n \"volumeType\": \"gp2\",\n \"snapshotId\": \"snap-042f3271b38c0f653\",\n \"tag.AccountName\": \"jupiterone-demo\",\n \"webLink\": \"https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#Volumes:search=vol-0efb2b9e057705fb2\",\n \"@tag.AppName\": \"\",\n \"tag.Production\": true,\n \"active\": true,\n \"classification\": \"critical\",\n \"createdOn\": \"2019-01-11T18:41:58.505Z\",\n \"availabilityZone\": \"us-east-1a\",\n \"tag.AppName\": \"TestApp\",\n \"tags\": \"Production\",\n \"accountId\": \"195479668431\",\n \"encrypted\": false,\n \"size\": 8,\n \"iops\": 100,\n \"volumeId\": \"vol-0efb2b9e057705fb2\",\n \"id\": \"vol-0efb2b9e057705fb2\",\n \"state\": \"in-use\",\n \"region\": \"us-east-1\",\n \"arn\": \"arn:aws:ec2:us-east-1:195479668431:volume/vol-0efb2b9e057705fb2\"\n },\n \"id\": \"f4b439a3-95d8-a945-7ad9-5e35432332ab\"\n },\n {\n \"entity\": {\n \"_beginOn\": \"2022-03-29T15:42:44.188Z\",\n \"_deleted\": false,\n \"_createdOn\": \"2020-05-12T15:46:04.569Z\",\n \"_lowAlertInstanceIds\": \"7b4e79c3-2203-4e6a-b17b-cd85bba89f62\",\n \"displayName\": \"vol-02c9440de6a4e8218\",\n \"_integrationClass\": [\n \"CSP\",\n \"Infrastructure\"\n ],\n \"_mediumAlertInstanceIds\": \"b935b246-4cdb-45c6-b94f-a4afe74b8207\",\n \"_type\": [\n \"aws_ebs_volume\"\n ],\n \"_rawDataHashes\": \"eyJkZWZhdWx0IjoiU1RSa0d4NVh3VUlHS1pma2oyMFZycXlFVEF0ZFVyazBqOEkwcHA0RE5tUT0ifQ==\",\n \"_key\": \"arn:aws:ec2:us-east-1:195479668431:volume/vol-02c9440de6a4e8218\",\n \"_integrationType\": \"aws\",\n \"_accountId\": \"j1dev\",\n \"_integrationDefinitionId\": \"7a669809-6e55-45b9-bf23-aa27613118e9\",\n \"_source\": \"integration-managed\",\n \"_integrationName\": \"jupiterone-demo\",\n \"_class\": [\n \"DataStore\",\n \"Disk\"\n ],\n \"_id\": \"887a065f-691c-43be-87bb-21a20d2c2175\",\n \"_version\": 9,\n \"_integrationInstanceId\": \"517359f4-db77-4193-b434-5caef67446de\"\n },\n \"properties\": {\n \"volumeType\": \"gp2\",\n \"@classification\": \"\",\n \"snapshotId\": \"snap-0e1167baa50e9c0ff\",\n \"tag.AccountName\": \"jupiterone-demo\",\n \"webLink\": \"https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#Volumes:search=vol-02c9440de6a4e8218\",\n \"tag.Production\": true,\n \"active\": true,\n \"classification\": \"critical\",\n \"createdOn\": \"2020-05-12T02:56:53.968Z\",\n \"availabilityZone\": \"us-east-1a\",\n \"tags\": \"Production\",\n \"accountId\": \"195479668431\",\n \"encrypted\": false,\n \"size\": 8,\n \"iops\": 100,\n \"volumeId\": \"vol-02c9440de6a4e8218\",\n \"id\": \"vol-02c9440de6a4e8218\",\n \"state\": \"in-use\",\n \"region\": \"us-east-1\",\n \"arn\": \"arn:aws:ec2:us-east-1:195479668431:volume/vol-02c9440de6a4e8218\"\n },\n \"id\": \"76b904c8-650d-3dfd-4170-96968429500c\"\n }\n ],\n \"actions\": [\n {\n \"headers\": {\n \"Authorization\": \"Basic SnVwaXRlck9uZTpUZXN0MTIz\"\n },\n \"endpoint\": \"https://webhook.site/886aad16-d45b-47bb-b4e0-ff7c9a730e16\",\n \"type\": \"WEBHOOK\",\n \"method\": \"POST\",\n \"body\": {\n \"severity\": \"INFO\",\n \"description\": \"This Alert is for testing for_each\",\n \"source\": \"aws\"\n }\n }\n ]\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 20\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"cf923786-247b-4059-8fea-6e19c5274ed5\",\n \"status\": \"ACTIVE\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1653008304676,\n \"dismissedOn\": null,\n \"id\": \"03021467-c8c3-43a3-aa14-424f86032427\",\n \"lastEvaluationBeginOn\": 1678799000464,\n \"lastEvaluationEndOn\": 1678799001813,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.query0.total\",\n \"value\": 2\n },\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 2\n }\n ]\n },\n \"lastUpdatedOn\": 1678799001813,\n \"level\": \"MEDIUM\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"68e480d8-28e3-413a-9493-913a59039cec\",\n \"latest\": true,\n \"latestAlertId\": \"03021467-c8c3-43a3-aa14-424f86032427\",\n \"latestAlertIsActive\": true,\n \"name\": \"elbv2-acm-certificate-required\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"MEDIUM\",\n \"id\": \"a10a370b-5b48-4307-b1e2-13acc8ad2905\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"70e6fffa-44f5-4371-ad7a-a3d6158f095a\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": \"{{queries.query0.total > 0}}\"\n }\n }\n ],\n \"outputs\": [\n \"queries.query0.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [\n \"AwsConfig\"\n ],\n \"templates\": null,\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"68e480d8-28e3-413a-9493-913a59039cec\",\n \"status\": \"ACTIVE\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1631911494812,\n \"dismissedOn\": null,\n \"id\": \"031c3548-3604-4d74-af24-6e1809c8999e\",\n \"lastEvaluationBeginOn\": 1678715967350,\n \"lastEvaluationEndOn\": 1678715968343,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": \"INFO\"\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 4\n }\n ]\n },\n \"lastUpdatedOn\": 1678715968387,\n \"level\": \"INFO\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"fbdac221-00b6-4741-8598-931e1b689ada\",\n \"latest\": true,\n \"latestAlertId\": \"031c3548-3604-4d74-af24-6e1809c8999e\",\n \"latestAlertIsActive\": true,\n \"name\": \"oliver-test-email-dkim\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"INFO\",\n \"id\": \"0190b13b-8459-42bd-8ffe-d30593588517\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"12ca79d1-f014-4c7b-ba59-f4efd9a0d840\"\n },\n {\n \"id\": \"bceb1d7b-9249-41bc-892b-99e474d00cca\",\n \"type\": \"SEND_EMAIL\",\n \"body\": \"Affected Items: <br><br> {{queries.query0.data|mapTemplate('emailBody')|join(' ')}}\",\n \"recipients\": [\n \"oliver.carrillo@jupiterone.com\"\n ]\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_WEEK\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {\n \"emailBody\": \"({{itemIndex+1}} of {{itemCount}}) [{{item.name}}] {{item.value}}<br>\"\n },\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"fbdac221-00b6-4741-8598-931e1b689ada\",\n \"status\": \"ACTIVE\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1661536721357,\n \"dismissedOn\": null,\n \"id\": \"037cf25f-71b4-4ebc-aedd-02f067be3265\",\n \"lastEvaluationBeginOn\": 1678471121084,\n \"lastEvaluationEndOn\": 1678471122690,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 2\n }\n ]\n },\n \"lastUpdatedOn\": 1678471122690,\n \"level\": \"CRITICAL\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"7e09a0df-9099-47bf-a738-01e834edfee5\",\n \"latest\": true,\n \"latestAlertId\": \"037cf25f-71b4-4ebc-aedd-02f067be3265\",\n \"latestAlertIsActive\": true,\n \"name\": \"test tag entities\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"CRITICAL\",\n \"id\": \"846efeb3-6b50-4717-b23c-c5520d7f1fd8\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"33642666-1650-4f56-b0fa-6c4c4e83d643\"\n },\n {\n \"id\": \"7066fe21-b21f-466b-a4a5-328e84ad790c\",\n \"type\": \"TAG_ENTITIES\",\n \"entities\": \"{{queries.query0.data}}\",\n \"tags\": [\n {\n \"name\": \"tag name\",\n \"value\": \"tag val\"\n }\n ]\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_WEEK\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": null,\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"7e09a0df-9099-47bf-a738-01e834edfee5\",\n \"status\": \"ACTIVE\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1557745313552,\n \"dismissedOn\": 1559756461851,\n \"id\": \"0381f769-270e-469c-b85c-a84bff80980a\",\n \"lastEvaluationBeginOn\": null,\n \"lastEvaluationEndOn\": null,\n \"lastEvaluationResult\": null,\n \"lastUpdatedOn\": 1559756461851,\n \"level\": \"CRITICAL\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"4b8778a9-f146-492e-92ab-b5d99c6bc035\",\n \"latest\": true,\n \"latestAlertId\": null,\n \"latestAlertIsActive\": null,\n \"name\": \"users-no-mfa\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"type\": \"SET_PROPERTY\",\n \"targetValue\": \"CRITICAL\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": null,\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"4b8778a9-f146-492e-92ab-b5d99c6bc035\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1645231262833,\n \"dismissedOn\": null,\n \"id\": \"03de9daa-6a02-4a77-a89e-357873c39d08\",\n \"lastEvaluationBeginOn\": 1678764736386,\n \"lastEvaluationEndOn\": 1678764738068,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.query0.total\",\n \"value\": 2\n },\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 2\n }\n ]\n },\n \"lastUpdatedOn\": 1678764738068,\n \"level\": \"CRITICAL\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"c5324ce2-d6e3-4e7d-85c2-4e50c87a0593\",\n \"latest\": true,\n \"latestAlertId\": \"03de9daa-6a02-4a77-a89e-357873c39d08\",\n \"latestAlertIsActive\": true,\n \"name\": \"s3-bucket-public-read-prohibited\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"CRITICAL\",\n \"id\": \"6c998d4c-7ff8-4ff3-8a91-dbaddf815b91\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"604296f2-4446-4480-9b4e-2419d5008a5b\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": \"{{queries.query0.total > 0}}\"\n }\n }\n ],\n \"outputs\": [\n \"queries.query0.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"c5324ce2-d6e3-4e7d-85c2-4e50c87a0593\",\n \"status\": \"ACTIVE\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1568481096301,\n \"dismissedOn\": 1604685562440,\n \"id\": \"03e7d414-979a-4b35-8523-a92c62e123ce\",\n \"lastEvaluationBeginOn\": 1584824043451,\n \"lastEvaluationEndOn\": 1584824043690,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.Node6Query.total\",\n \"value\": 11\n },\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"Node6Query\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 11\n }\n ]\n },\n \"lastUpdatedOn\": 1604685562440,\n \"level\": \"HIGH\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"67098027-25dd-4f35-bbc9-5804fb89b203\",\n \"latest\": true,\n \"latestAlertId\": null,\n \"latestAlertIsActive\": false,\n \"name\": \"node-6\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"HIGH\",\n \"id\": \"86ca5c23-8493-4b4d-b7f6-f1b2dc1ea68a\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"2c95c485-79a5-46ef-9e0b-813b07477119\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.Node6Query.total\",\n \"!=\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"queries.Node6Query.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"THIRTY_MINUTES\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": null,\n \"type\": \"QUESTION\",\n \"version\": 3\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"67098027-25dd-4f35-bbc9-5804fb89b203\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1667264240863,\n \"dismissedOn\": null,\n \"id\": \"0400b3b4-d8b4-46c5-a527-01b99c0cbe16\",\n \"lastEvaluationBeginOn\": 1678755440801,\n \"lastEvaluationEndOn\": 1678755442169,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": \"CRITICAL\"\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 2\n }\n ]\n },\n \"lastUpdatedOn\": 1678755442192,\n \"level\": \"CRITICAL\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"37cf3279-4769-4295-9dea-cfa028d5d5da\",\n \"latest\": true,\n \"latestAlertId\": \"0400b3b4-d8b4-46c5-a527-01b99c0cbe16\",\n \"latestAlertIsActive\": true,\n \"name\": \"New Test Alert\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"CRITICAL\",\n \"id\": \"91464625-0941-4dce-a6ca-15837235bc6f\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"70ba75e8-12e4-4a3e-9ee5-93070a9ac6a4\"\n },\n {\n \"id\": \"fb3d2ce0-f842-4be9-ba54-2a01268aff2f\",\n \"type\": \"TAG_ENTITIES\",\n \"entities\": \"{{queries.query0.data}}\",\n \"tags\": [\n {\n \"name\": \"_AOSC\",\n \"value\": \"_AOSC\"\n }\n ]\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_WEEK\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": null,\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"37cf3279-4769-4295-9dea-cfa028d5d5da\",\n \"status\": \"ACTIVE\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1603911404616,\n \"dismissedOn\": 1603912123439,\n \"id\": \"0464917b-c481-4f04-abfe-0cf6c4a4dae0\",\n \"lastEvaluationBeginOn\": 1603911483395,\n \"lastEvaluationEndOn\": 1603911483946,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"s3BucketsDefaultEncryptionDisabledQuery\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 0\n }\n ]\n },\n \"lastUpdatedOn\": 1603912123439,\n \"level\": \"CRITICAL\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"200693df-3e62-4b48-8e07-927228c31c76\",\n \"latest\": true,\n \"latestAlertId\": \"7331df26-abe1-44bc-b6e3-66a916943048\",\n \"latestAlertIsActive\": false,\n \"name\": \"remediation-s3-bucket-default-encryption-disabled\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"CRITICAL\",\n \"id\": \"28eb012e-df92-4341-899a-7635181006cd\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"5d86ecc6-867e-4fdb-90ba-8d5b06b9b3db\"\n },\n {\n \"itemRef\": \"s3Item\",\n \"id\": \"6fba1cb5-0bd8-486e-bc59-49132a83e404\",\n \"type\": \"FOR_EACH_ITEM\",\n \"items\": [\n {\n \"bucketAccountName\": \"jupiterone-dev\",\n \"bucketRegion\": \"us-east-1\",\n \"bucketName\": \"elasticbeanstalk-us-east-1-564077667165\"\n }\n ],\n \"actions\": [\n {\n \"type\": \"JUPITERONE_QUERY\",\n \"name\": \"s3BucketAwsAccountQuery\",\n \"query\": \"find aws_account with tag.AccountName='undefined' as account return account.id as s3BucketAccountId LIMIT 1\"\n },\n {\n \"queueUrl\": \"https://sqs.undefined.amazonaws.com/undefined/S3BucketNotEncrypted\",\n \"integrationInstanceId\": \"317cf945-bf5f-4520-9c3b-67cb0fa41afe\",\n \"type\": \"REFLEX_SEND_SQS_MESSAGE\",\n \"data\": {\n \"source\": \"aws.s3\",\n \"time\": \"2020-10-08 - Test\",\n \"detail\": {\n \"requestParameters\": {}\n }\n }\n },\n {\n \"integrationInstanceId\": \"ba19a94f-211a-4f5d-9a20-6ef661f583c2\",\n \"type\": \"SEND_SLACK_MESSAGE\",\n \"body\": \"Default encryption on an S3 bucket remediated!\\nAWS Account ID: undefined\\nAWS Account Name: undefined\\nBucket name: undefined\\nBucket Region: undefined\\nJupiterOne Alert Link: undefined\",\n \"channels\": [\n \"#j1-test-alerts\"\n ]\n }\n ]\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": true\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"200693df-3e62-4b48-8e07-927228c31c76\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1644610792340,\n \"dismissedOn\": 1644610966833,\n \"id\": \"0480eb41-9c76-48dd-9bcd-c1d9d10db0d0\",\n \"lastEvaluationBeginOn\": 1644610790962,\n \"lastEvaluationEndOn\": 1644610792340,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": \"INFO\"\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query1\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 0\n },\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 115\n }\n ]\n },\n \"lastUpdatedOn\": 1644610966833,\n \"level\": \"INFO\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"29311291-f1a3-40d1-882e-3d66068597e4\",\n \"latest\": true,\n \"latestAlertId\": \"4c95f395-3c23-4763-a482-0d67583658bb\",\n \"latestAlertIsActive\": false,\n \"name\": \"Tony-Test_OR2\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"INFO\",\n \"id\": \"a6c61b7c-b45c-40c2-bc38-b046563fe55a\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"252602e3-d8a4-482e-9534-ba6af41e9d96\"\n },\n {\n \"id\": \"938c7172-4a57-4b80-9b5c-0edecc5ca91c\",\n \"type\": \"SEND_EMAIL\",\n \"body\": \"Affected Items: <br><br>* jupiterone-demo-1<br>* jupiterone-demo-private<br>* cf-templates-1040uek7azqe1-us-east-1<br>* jupiterone-demo-wazuh<br>* jupiterone-dev-raw-integration-data<br>* docs.dev.jupiterone.io<br>* jupiterone-dev-jupiter-policies<br>* jupiterone-dev-jupiter-psp-templates<br>* jupiterone-dev-public-resources<br>* jupiterone-dev-jupiter-integration-jira<br>* cf-templates-enmalgyuqf0d-us-east-1<br>* apps.dev.jupiterone.io<br>* jupiterone-dev-jupiter-mapper<br>* jupiterone-dev-config<br>* jupiterone-dev-jupiter-integration-threatstack<br>* jupiterone-dev-jupiter-questions<br>* jupiterone-dev-jupiter-integrations<br>* jupiterone-dev-jupiter-csv-builder<br>* jupiterone-dev-jupiter-reporting-service-results<br>* jupiterone-dev-lambdas<br>* jupiterone-dev-jupiter-integration-aws<br>* jupiterone-dev-jupiter-query-service-deferred-responses<br>* jupiterone-dev-jupiter-aws-integration<br>* jupiterone-dev-user-service<br>* jupiterone-dev-jupiter-compliance-service-evidence<br>* jupiterone-dev-backups-cognito-user-pools<br>* platform-usage.dev.jupiterone.io<br>* jupiterone-dev-jupiter-integration-okta<br>* aws-athena-query-results-564077667165-us-east-1<br>* billing.dev.jupiterone.io<br>* jupiterone-dev-sagemaker<br>* jupiterone-dev-jupiter-integration-jumpcloud<br>* jupiterone-dev-j1-ml-training-data<br>* jupiterone-dev-jupiter-integration-crowdstrike<br>* aws-glue-scripts-564077667165-us-east-1<br>* jupiterone-dev-jupiter-ml-service-training-data<br>* callisto.dev.jupiterone.io<br>* bucket-deny-access-acl<br>* jupiterone-dev-jupiter-integration-github-resources<br>* security-test-j1<br>* ask.dev.jupiterone.io<br>* jupiterone-dev-html-pdf-service-pdfs<br>* jupiterone-dev-jupiter-persister-raw-data<br>* jupiterone-dev-html-pdf-service-deferred-responses<br>* jupiterone-dev-waf-logs<br>* jupiterone-demo-ca-crl<br>* elasticbeanstalk-us-east-1-564077667165<br>* jupiterone-dev-graphql-proxy-service-eb-dist<br>* jupiterone-dev-pritunl-backup<br>* jupiterone-dev-graphql-proxy-service-lb-logs<br>* jupiterone-dev-tagging-test<br>* jupiterone-demo-cloudtrail<br>* jupiterone-dev-neptune-loader-test<br>* jupiterone-dev-security-policy-templates<br>* jupiterone-dev-jupiterone-cloudtrail<br>* jupiterone-dev-policies-and-procedures<br>* jupiterone-dev-query-language-service-cached-results<br>* jupiterone-dev-zipped-policies<br>* jupiterone-dev-macie-test<br>* jupiterone-dev-sample-data<br>* jupiterone-dev-qualys-integration-errors<br>* jupiterone-demo-private-exposed<br>* jupiterone-dev-jupiter-ml-service-comprehend-jobs<br>* login.dev.jupiterone.io<br>* michaels-fake-bucket-for-event-testing<br>* jupiterone-dev-callisto-site<br>* jupiterone-dev-2021-hackathon-data<br>* tmp-isaac-magician<br>* jupiterone-dev-jupiter-integration-jamf<br>* jupiterone-infra-state<br>* jupiterone-infra-deployments<br>* aws-neptune-notebook<br>* jupiterone-dev-jupiter-monitor-web-e2e-failures<br>* replicate-cloudtrail-test<br>* jupiterone-dev-emr-logs<br>* jupiterone-archive-jupiterone-dev<br>* jupiterone-dev-threatstack-integration<br>* jupiterone-demo-public<br>* nick-test-jupiterone-dev-jupiter-persister-raw-data<br>* aws-cloudtrail-logs-564077667165-e13309ab<br>* prod-eu-west-1-lambda-layer-bucket<br>* jupiterone-dev-provision-environment-data-export-developer<br>* aws-glue-jes-prod-us-east-1-assets<br>* jupiterone-dev-dynamo-export-s3<br>* jupiterone-dynamo-exports<br>* jupiterone-dev-compliance-service-bucket<br>* jupiterone-dev-data-eng<br>* jupiterone-prod-us-dynamo-export-s3<br>* jupiterone-dev-provision-environment-data-export-support<br>* aws-logs-564077667165-us-east-1<br>* aws-emr-resources-564077667165-us-east-1<br>* aws-glue-temporary-564077667165-us-east-1<br>* jupiterone-dev-account-service-policies<br>* jupiterone-dev-provision-vendor-stack-vendor-stack<br>* jupiterone-dev-interns-data-science<br>* aws-glue-temporary-564077667165-us-east-2<br>* aws-glue-scripts-564077667165-us-east-2<br>* jupiterone-dev-jupiter-usage-reporter-usage-reports<br>* jupiterone-dev-aws-cloudformation-templates<br>* databricks-prod-public-cfts<br>* databricks-eval-10357ae0c85e6f2ef14561504a7ba72d-s3-root-bucket<br>* databricks-eval-workspace-stack-lambdazipsbucket-1x27hv1d01t1k<br>* jupiterone-dev-notification-service-bucket<br>* provision-environment-data-export-developer<br>* ops-o11y-loki-564077667165<br>* ops-o11y-tempo-564077667165<br>* ops-o11y-grafana-564077667165<br>* ops-o11y-prometheus-564077667165<br>* ops-o11y-nlb-564077667165<br>* tmp-aiw-testing-access<br>* tmp-aiw-testing-acls<br>* jupiterone-infra-environments<br>* jupiterone-dev-core-lb-logs<br>* cf-templates-1040uek7azqe1-eu-central-1<br>* jupiterone-dev-query-language-service-lb-logs\",\n \"recipients\": [\n \"tony.ramirez@jupiterone.com\"\n ]\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": true\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"THIRTY_MINUTES\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 4\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"29311291-f1a3-40d1-882e-3d66068597e4\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1614126442376,\n \"dismissedOn\": 1614968177610,\n \"id\": \"04b1f241-4e41-4564-a4ff-377c72c7c2fa\",\n \"lastEvaluationBeginOn\": 1614257440893,\n \"lastEvaluationEndOn\": 1614257441755,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.query0.total\",\n \"value\": 79\n },\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 79\n }\n ]\n },\n \"lastUpdatedOn\": 1614968177610,\n \"level\": \"CRITICAL\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"0448a37d-ddd7-4826-85a8-8657d4569f2f\",\n \"latest\": true,\n \"latestAlertId\": null,\n \"latestAlertIsActive\": false,\n \"name\": \"s3-bucket-logging-enabled\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"CRITICAL\",\n \"id\": \"1\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"1\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"queries.query0.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 12\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"0448a37d-ddd7-4826-85a8-8657d4569f2f\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1617979188262,\n \"dismissedOn\": 1625712890669,\n \"id\": \"04eeecd0-89f5-4f4a-bcb5-b9fa39d1fb7e\",\n \"lastEvaluationBeginOn\": 1617979184458,\n \"lastEvaluationEndOn\": 1617979188262,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.query0.total\",\n \"value\": 259\n },\n {\n \"name\": \"alertLevel\",\n \"value\": \"INFO\"\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 259\n }\n ]\n },\n \"lastUpdatedOn\": 1625712890669,\n \"level\": \"INFO\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"70d63d0d-ffe6-4d29-8fa7-ababe60c4a28\",\n \"latest\": true,\n \"latestAlertId\": null,\n \"latestAlertIsActive\": false,\n \"name\": \"lambda-function-logging-enabled\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"INFO\",\n \"id\": \"1\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"1\"\n },\n {\n \"id\": \"ea8e6825-0def-4715-932a-a0b13c48b9e6\",\n \"type\": \"SEND_EMAIL\",\n \"body\": \"Affected Items: <br><br>* testPureSec<br>* auth-service<br>* janitor<br>* jupiter-compliance-standard-evaluator<br>* jupiter-integration-okta-step<br>* jupiter-search-indexer<br>* test-service<br>* jupiter-integration-sentinelone<br>* jupiter-mapper-rebuild<br>* invitation-service-deleter<br>* jupiter-rule-service-persister-outgoing-consumer<br>* jupiter-web<br>* jupiter-integration-bitbucket-action-queue<br>* jupiter-integration-whitehat<br>* user-service-dynamo<br>* jupiter-integration-okta-end<br>* custom-test--runtime<br>* jupiter-questions-service<br>* platform-usage-transform<br>* billing-service<br>* backup-dynamodb-tables<br>* step-functions-iterator<br>* jupiter-compliance-standard-trigger<br>* jupiter-rule-service-evaluator<br>* jupiter-integration-cbdefense<br>* post_authentication_trigger<br>* account-service-dynamo-listener<br>* jupiter-rule-trigger<br>* jupiter-rule-service-notification-daily-alert-email-report<br>* user-service<br>* jupiter-graphql-proxy<br>* testSecurityBounty<br>* jupiter-integration-snyk<br>* jupiter-query-service<br>* jupiter-integration-jira<br>* test-service-stream-processor<br>* jupiter-mapper<br>* jupiter-integration-threatstack-end<br>* jupiter-reporting-service<br>* jupiter-persister-api<br>* jupiter-integration-tenable-cloud<br>* jupiter-integration-threatstack-step<br>* get-deploy-job-status<br>* jupiter-integration-aws<br>* jupiter-lambda-warmer<br>* jupiter-integration-aws-api<br>* jupiter-integration-github<br>* account-service<br>* jupiter-integration-bitbucket<br>* jupiter-compliance-service<br>* jupiter-csv-builder<br>* jupiter-settings-service-api<br>* track-usage<br>* jupiter-integration-aws-prune-external-ids<br>* jupiter-integration-wazuh<br>* post_confirmation_trigger<br>* jupiter-integration-threatstack<br>* jupiter-rule-service-api<br>* jupiter-integration-veracode<br>* apps-cloudfront-origin-response-lambda-edge<br>* jupiter-send-activation-email<br>* history-service-api<br>* jupiter-compliance-evidence-collector<br>* prune-dynamodb-backups<br>* slack-app<br>* launch-deploy-job<br>* user-service-deleter<br>* jupiter-persister-raw-data-persister-api<br>* jupiter-persister-raw-data-persister<br>* jupiter-integration-github-api<br>* TestCustomRuntime<br>* scheduler-service<br>* jupiter-persister<br>* jupiter-integration-zeit<br>* create_auth_challenge_trigger<br>* jupiter-integration-jira-step<br>* jupiter-integration-service<br>* jupiter-rule-service-manual-evaluator<br>* jupiter-questions-evaluator-api<br>* jupiter-rule-service-search-indexer<br>* pre_signup_trigger<br>* account-service-trials<br>* jupiter-csv-state-file-generator<br>* jupiter-integration-azure<br>* feature-toggle-service<br>* jupiter-integration-jira-end<br>* invitation-service<br>* jupiter-endpoint-compliance-service<br>* jupiter-questions-indexer<br>* jupiter-integration-okta<br>* jupiter-integration-knowbe4<br>* apps-cloudfront-origin-request-lambda-edge<br>* jupiter-integration-hackerone<br>* verify_auth_challenge_response_trigger<br>* jupiter-integration-google<br>* custom_message_trigger<br>* jupiter-endpoint-compliance-admin-service<br>* jupiter-questions-evaluator<br>* user-service-group-dynamo<br>* jupiter-question-trigger<br>* jupiter-integration-trigger<br>* define_auth_challenge_trigger<br>* jupiter-questions-service-account-change-handler<br>* jupiter-question-ingester<br>* jupiter-integration-jamf<br>* jupiter-integration-onelogin<br>* jupiter-compliance-requirement-evaluator<br>* enqueue-scheduled-jobs<br>* authorizer<br>* jupiter-policy-builder<br>* jupiter-integration-jumpcloud<br>* jupiter-integration-crowdstrike-step<br>* jupiter-integration-crowdstrike<br>* jupiter-integration-okta-events<br>* prune-ebs-snapshots<br>* jupiter-integration-crowdstrike-end<br>* jupiter-integration-crowdstrike-failure<br>* backup-ebs-volumes<br>* apps-cloudfront-origin-response-default-lambda-edge<br>* jupiter-graphdb-maintenance<br>* oauth-apps-service<br>* jupiter-integration-tenable-cloud-step<br>* jupiter-search-indexer-indexing-slow-log-formatter<br>* jupiter-etl-service-export-query<br>* jupiter-internal-service-api<br>* jupiter-ml-service-api<br>* jupiter-e2e-policies<br>* jupiter-etl-service-export-question<br>* jupiter-provision-rule-test-sns-handler<br>* jupiter-e2e-landing<br>* jupiter-integration-tenable-cloud-end<br>* jupiter-e2e-inventory<br>* jupiter-integration-okta-failure<br>* jupiter-integration-github-install<br>* jupiter-e2e-rules<br>* jupiter-e2e-integrations<br>* jupiter-integration-tenable-cloud-failure<br>* jupiter-e2e-compliance<br>* history-service-kinesis-stream<br>* jupiter-integration-jira-failure<br>* jupiter-integration-airwatch<br>* jupiter-integration-npm<br>* jupiter-integration-pagerduty<br>* public-feature-toggle-service<br>* jupiter-integration-slack-v2<br>* jupiter-integration-jupiterone-group-membership-event-ingester<br>* jupiter-integration-jupiterone-synchronizer<br>* jupiter-integration-qualys<br>* jupiter-integration-github-failure<br>* jupiter-integration-github-step<br>* jupiter-integration-duo<br>* security-credential-cleaner<br>* jupiter-compliance-upload-change-listener<br>* jupiter-integration-slack-authorized-api<br>* jupiter-integration-whois<br>* jupiter-integration-cisco-meraki<br>* jupiter-integration-slack<br>* jupiter-integration-github-end<br>* jupiter-integration-trend-micro<br>* account-service-delete<br>* metrics-service-metric-data<br>* jupiter-integration-digicert<br>* jupiter-monitor-backend-query-performance<br>* jupiter-integration-snowflake<br>* metrics-service-metric-data-log-handler<br>* jupiter-integration-aws-event<br>* html-pdf-service<br>* jupiter-integration-heroku<br>* jupiter-monitor-backend-entities<br>* jupiter-persister-relationships-api<br>* jupiter-integration-detectify<br>* jupiter-integration-nowsecure<br>* jupiter-rule-service-alert-change-handler<br>* jupiter-monitor-backend-relationships<br>* jupiter-integration-gitlab<br>* jupiter-integration-cloudflare<br>* eventbridge-connection<br>* jupiter-persister-entities-api<br>* jupiter-integration-bugcrowd<br>* jupiter-integration-cisco-amp<br>* jupiter-usage-reporter-sqs-message-producer<br>* jupiter-integration-snipe-it<br>* jupiter-integration-jupiterone-trigger<br>* jupiter-usage-reporter-sqs-message-consumer<br>* html-pdf-service-api<br>* vpn-console-access-opener<br>* provision-backup-cognito-user-pools-step-function<br>* jupiter-usage-reporter-api<br>* policy-service-api<br>* jupiter-integration-google-cloud<br>* provision-pager-duty-notify-slack<br>* lambda-cloudwatch-slack<br>* pritunl-temp-https-access<br>* access-token-validator<br>* jupiter-integration-feroot<br>* entitlement-service-api<br>* dashboard-service<br>* jupiter-integration-fastly<br>* task-service-api<br>* token-service<br>* jupiter-integration-artifactory<br>* task-service-recurring-task-worker<br>* jupiter-integration-bamboohr<br>* jupiter-integration-godaddy<br>* jupiter-scheduler-job<br>* S3BucketNotEncrypted<br>* task-service-notification-worker<br>* ecs-cluster-asg-lifecycle-hook<br>* ecs-cluster-asg-lifecycle-retry<br>* provision-api-gateway-origin-request<br>* provision-api-gateway-root-resource<br>* jupiter-shortener-api-2<br>* policy-service-graph-worker<br>* query-language-deferred-executor<br>* query-language-api<br>* jupiter-persister-post-deploy<br>* error-reporting-service-sns-topic-consumer<br>* policy-service-initialization-worker<br>* policy-service-zipper-worker<br>* jupiter-integration-rapid7<br>* jupiter-integration-malwarebytes<br>* jupiter-monitor-backend-query-language-service-private<br>* jupiter-monitor-backend-query-language-service-public<br>* jupiter-persister-sync-sample-data-task<br>* billing-service-v2-api<br>* jupiter-internal-service-hubspot-sqs-producer<br>* jupiter-internal-service-hubspot-sqs-consumer<br>* jupiter-monitor-backend-rules<br>* jupiter-search-indexer-account-change-handler<br>* jupiter-monitor-backend-query<br>* jupiter-monitor-backend-questions<br>* jupiter-search-indexer-search-slow-log-formatter<br>* jupiter-monitor-backend-compliance<br>* jupiter-monitor-backend-integrations<br>* jupiter-integration-aws-end<br>* jupiter-integration-aws-step<br>* jupiter-integration-aws-failure<br>* jupiter-autocomplete-service-incoming-stream<br>* jupiter-autocomplete-service-api<br>* callisto-backend<br>* login-backend<br>* billing-service-v2-webhook-worker<br>* billing-service-v2-webhook-api<br>* jupiter-integration-microsoft-365<br>* jupiter-integration-threatstack-failure<br>* asset-service-api<br>* jupiter-integration-microsoft-365-oauth-authorize-api<br>* jupiter-integration-microsoft-365-oauth-gen-auth-url-api<br>* login-api<br>* jupiter-integration-servicenow<br>* jupiter-integration-checkmarx<br>* jupiter-integration-atspoke<br>* jupiter-mapper-start-remap<br>* jupiter-persister-start-migration-job<br>* jupiter-integration-azure-devops<br>* issue-collector-service-api<br>* jupiter-integration-benchmark<br>* notification-service-worker<br>* notification-service-api\",\n \"recipients\": [\n \"security-911@capitalmarketsgateway.pagerduty.com\",\n \"security@cmgx.io\"\n ]\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"queries.query0.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 3\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"70d63d0d-ffe6-4d29-8fa7-ababe60c4a28\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1611017052551,\n \"dismissedOn\": 1614968179070,\n \"id\": \"04f6f03e-57d0-4870-8dc6-9e81e1c790ac\",\n \"lastEvaluationBeginOn\": 1611103203884,\n \"lastEvaluationEndOn\": 1611103204839,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.query0.total\",\n \"value\": 0\n },\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 0\n }\n ]\n },\n \"lastUpdatedOn\": 1614968179070,\n \"level\": \"HIGH\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"d2bcc52d-3000-4fec-b107-d6c8dba222d2\",\n \"latest\": true,\n \"latestAlertId\": \"e0681045-d5e6-4656-9af2-871a598e68ed\",\n \"latestAlertIsActive\": false,\n \"name\": \"high-severity-finding\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"HIGH\",\n \"id\": \"1\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"1\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"queries.query0.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"d2bcc52d-3000-4fec-b107-d6c8dba222d2\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1654531603073,\n \"dismissedOn\": 1654531620146,\n \"id\": \"04f7a71d-1226-47db-9008-575f75b7480e\",\n \"lastEvaluationBeginOn\": 1654531601631,\n \"lastEvaluationEndOn\": 1654531603073,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": \"INFO\"\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"noQueue\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 55\n },\n {\n \"name\": \"wrongQueue\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 42\n }\n ]\n },\n \"lastUpdatedOn\": 1654531620146,\n \"level\": \"INFO\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"5b81af4c-42c8-49ba-9d44-297ed21fde49\",\n \"latest\": true,\n \"latestAlertId\": \"b5063dbb-1550-4fbe-be88-b4a64bd8f8ae\",\n \"latestAlertIsActive\": false,\n \"name\": \"Test Thrashing\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"INFO\",\n \"id\": \"e647e94b-16bf-44c1-9a79-32606eaadb46\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"b831d976-4de6-42f5-b58c-d74605be08e1\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"OR\",\n [\n \"queries.noQueue.total\",\n \">\",\n 0\n ],\n [\n \"queries.wrongQueue.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_HOUR\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 2\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"5b81af4c-42c8-49ba-9d44-297ed21fde49\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1616075716601,\n \"dismissedOn\": 1616075796949,\n \"id\": \"056d9906-02fd-4d8d-b7c7-f236fa7fe987\",\n \"lastEvaluationBeginOn\": 1616075715806,\n \"lastEvaluationEndOn\": 1616075716601,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"queries.query0.total\",\n \"value\": 1\n },\n {\n \"name\": \"alertLevel\",\n \"value\": \"HIGH\"\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 1\n }\n ]\n },\n \"lastUpdatedOn\": 1616075796949,\n \"level\": \"HIGH\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"59b25b3e-faa4-40a1-9ee7-57ee732e58b7\",\n \"latest\": true,\n \"latestAlertId\": \"cf365502-450f-4092-8c41-6b0add3537cd\",\n \"latestAlertIsActive\": false,\n \"name\": \"slack-alert-test\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"HIGH\",\n \"id\": \"a5f9591b-35b4-4d00-b1c3-8f3d6cd5f7a3\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"6155170b-88b3-49e2-878b-56568d8ec87d\"\n },\n {\n \"integrationInstanceId\": \"1e575d9b-a088-4710-8bb9-4a58cb2816da\",\n \"id\": \"ff34c15f-4c50-4ea9-b563-30047b400324\",\n \"channels\": [\n \"#random\"\n ],\n \"type\": \"SEND_SLACK_MESSAGE\",\n \"body\": \"JupiterOne Account: JupiterOne, Inc.\\n\\n\"\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": true\n }\n }\n ],\n \"outputs\": [\n \"queries.query0.total\",\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {\n \"slackBody\": \"JupiterOne Account: {{item.displayName}}\\n\\n\"\n },\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"59b25b3e-faa4-40a1-9ee7-57ee732e58b7\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1651859674088,\n \"dismissedOn\": 1651859736074,\n \"id\": \"059a6362-0df5-41a4-bb92-8563ce6bf376\",\n \"lastEvaluationBeginOn\": 1651859728423,\n \"lastEvaluationEndOn\": 1651859729228,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 2\n }\n ]\n },\n \"lastUpdatedOn\": 1651859747889,\n \"level\": \"INFO\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"7586be18-7d77-44d9-9f04-c32f0a7538ba\",\n \"latest\": true,\n \"latestAlertId\": null,\n \"latestAlertIsActive\": false,\n \"name\": \"test-webhook-tony2\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"INFO\",\n \"id\": \"ec4eabc9-a274-4bc9-8044-06a1ea44ba57\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"7b09a775-f77a-4ce1-8c12-8286e9120705\"\n },\n {\n \"headers\": {\n \"Authorization \": \"Basic eY==\"\n },\n \"endpoint\": \"https://webhook.site/886aad16-d45b-47bb-b4e0-ff7c9a730e16\",\n \"id\": \"3212d629-4e97-41a8-ba6d-2f873eba31cd\",\n \"type\": \"WEBHOOK\",\n \"method\": \"POST\",\n \"body\": {\n \"QueryJSON\": [\n {\n \"UnencryptedDataStores\": \"vol-0efb2b9e057705fb2\",\n \"Account\": \"jupiterone-demo\",\n \"Type\": \"aws_ebs_volume\",\n \"Encrypted\": false\n },\n {\n \"UnencryptedDataStores\": \"vol-02c9440de6a4e8218\",\n \"Account\": \"jupiterone-demo\",\n \"Type\": \"aws_ebs_volume\",\n \"Encrypted\": false\n }\n ]\n }\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_WEEK\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {},\n \"type\": \"QUESTION\",\n \"version\": 1\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"7586be18-7d77-44d9-9f04-c32f0a7538ba\",\n \"status\": \"DISMISSED\"\n },\n {\n \"accountId\": \"j1dev\",\n \"createdOn\": 1646146416347,\n \"dismissedOn\": 1646945951523,\n \"id\": \"05c7e894-3063-4256-919a-d13357864ef4\",\n \"lastEvaluationBeginOn\": 1646760023706,\n \"lastEvaluationEndOn\": 1646760024601,\n \"lastEvaluationResult\": {\n \"outputs\": [\n {\n \"name\": \"alertLevel\",\n \"value\": null\n }\n ],\n \"rawDataDescriptors\": [\n {\n \"name\": \"query0\",\n \"persistedResultType\": \"JSON\",\n \"recordCount\": 2\n }\n ]\n },\n \"lastUpdatedOn\": 1646945951523,\n \"level\": \"INFO\",\n \"questionRuleInstance\": {\n \"accountId\": \"j1dev\",\n \"deleted\": false,\n \"id\": \"5b01d9b5-c31d-44e5-a138-dcf6c265a259\",\n \"latest\": true,\n \"latestAlertId\": \"b6575e57-8757-4a11-ac35-dff5cfe861a5\",\n \"latestAlertIsActive\": false,\n \"name\": \"Test-Ramirez\",\n \"operations\": [\n {\n \"actions\": [\n {\n \"targetValue\": \"INFO\",\n \"id\": \"169710c0-d6e0-49ae-89ad-b0e96f07e03e\",\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"85f4dddd-1fb7-4588-8351-f77105114a4c\"\n },\n {\n \"id\": \"697187fa-a48f-4e07-8e38-7788cfee4036\",\n \"type\": \"SEND_EMAIL\",\n \"body\": \"Affected Items: <br><br>* tony.ramirez@jupiterone.com, Tony Ramirez<br>* crystal.ramirez@jupiterone.com, Crystal Ramirez\",\n \"recipients\": [\n \" tony.ramirez@jupiterone.com,crystal.ramirez@jupiterone.com\"\n ]\n }\n ],\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.query0.total\",\n \">\",\n 0\n ]\n ]\n }\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ],\n \"pollingInterval\": \"ONE_DAY\",\n \"specVersion\": 1,\n \"tags\": [],\n \"templates\": {\n \"mapTemp\": \"{{item.email}}, {{item.name}}\"\n },\n \"type\": \"QUESTION\",\n \"version\": 3\n },\n \"reportRuleInstance\": null,\n \"ruleId\": \"5b01d9b5-c31d-44e5-a138-dcf6c265a259\",\n \"status\": \"DISMISSED\"\n }\n ],\n \"pageInfo\": {\n \"endCursor\": \"eyJhY2NvdW50SWQiOiJqMWRldiIsImlkIjoiMDVjN2U4OTQtMzA2My00MjU2LTkxOWEtZDEzMzU3ODY0ZWY0In0=\",\n \"hasNextPage\": true\n }\n }\n }\n}"
}
]
},
{
"name": "Delete Alert Rule",
"request": {
"auth": {
"type": "bearer"
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation DeleteRuleInstance ($id: ID!) {\n deleteRuleInstance (\n id: $id\n ) {\n id\n }\n}",
"variables": "{\n \"id\": \"087275dc-4c26-419c-99d3-0a9dc96b709c\"\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"response": [
{
"name": "Delete Alert Rule",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation DeleteRuleInstance ($id: ID!) {\n deleteRuleInstance (\n id: $id\n ) {\n id\n }\n}",
"variables": "{\n \"id\": \"84a6237f-5d00-4f0d-a370-39918eaeb508\"\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Date",
"value": "Tue, 14 Mar 2023 15:00:10 GMT"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "78"
},
{
"key": "Connection",
"value": "keep-alive"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
},
{
"key": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"key": "Expect-CT",
"value": "max-age=0"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=15552000; includeSubDomains"
},
{
"key": "X-Download-Options",
"value": "noopen"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Origin-Agent-Cluster",
"value": "?1"
},
{
"key": "X-Permitted-Cross-Domain-Policies",
"value": "none"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "vary",
"value": "Origin"
},
{
"key": "access-control-allow-credentials",
"value": "true"
},
{
"key": "ratelimit-limit",
"value": "1000"
},
{
"key": "ratelimit-remaining",
"value": "999"
},
{
"key": "ratelimit-reset",
"value": "1"
},
{
"key": "ratelimit-requested",
"value": "1"
}
],
"cookie": [],
"body": "{\n \"data\": {\n \"deleteRuleInstance\": {\n \"id\": \"84a6237f-5d00-4f0d-a370-39918eaeb508\"\n }\n }\n}"
}
]
},
{
"name": "Update Alert Rule",
"request": {
"auth": {
"type": "bearer"
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation UpdateQuestionRuleInstance (\n $instance: UpdateQuestionRuleInstanceInput!\n) {\n updateQuestionRuleInstance (\n instance: $instance\n ) {\n id\n name\n description\n specVersion\n pollingInterval\n question {\n queries {\n query\n version\n }\n }\n operations {\n when\n actions\n }\n outputs\n }\n}",
"variables": "{\n \"instance\": {\n \"id\": \"087275dc-4c26-419c-99d3-0a9dc96b709c\",\n \"name\": \"unencrypted-prod-data\",\n \"description\": \"Data stores in production tagged critical and unencrypted\",\n \"version\": 1,\n \"specVersion\": 0,\n \"pollingInterval\": \"ONE_DAY\",\n \"outputs\": [\n \"alertLevel\"\n ],\n \"operations\": [\n {\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [ \"queries.unencryptedCriticalData.total\", \"!=\", 0 ]\n ]\n },\n \"actions\": [\n {\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\",\n \"targetValue\": \"CRITICAL\"\n },\n {\n \"type\": \"CREATE_ALERT\"\n }\n ]\n }\n ],\n \"question\": {\n \"queries\": [\n {\n \"query\": \"Find DataStore with (production=true or tag.Production=true) and classification='critical' and encrypted!=true as d return d.tag.AccountName as Account, d.displayName as UnencryptedDataStores, d._type as Type, d.encrypted as Encrypted\",\n \"version\": \"v1\",\n \"name\": \"unencryptedCriticalData\"\n }\n ]\n }\n }\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"response": [
{
"name": "Update Alert Rule",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation UpdateQuestionRuleInstance (\n $instance: UpdateQuestionRuleInstanceInput!\n) {\n updateQuestionRuleInstance (\n instance: $instance\n ) {\n id\n name\n description\n specVersion\n pollingInterval\n question {\n queries {\n query\n version\n }\n }\n operations {\n when\n actions\n }\n outputs\n }\n}",
"variables": "{\n \"instance\": {\n \"id\": \"8df1b2e8-329e-48d7-a5f6-859d8e5b8714\",\n \"name\": \"mantest1\",\n \"description\": \"Data stores in production tagged critical and unencrypted\",\n \"version\": 1,\n \"specVersion\": 0,\n \"pollingInterval\": \"ONE_DAY\",\n \"outputs\": [\n \"alertLevel\"\n ],\n \"operations\": [\n {\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [ \"queries.unencryptedCriticalData.total\", \"!=\", 0 ]\n ]\n },\n \"actions\": [\n {\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\",\n \"targetValue\": \"CRITICAL\"\n },\n {\n \"type\": \"CREATE_ALERT\"\n }\n ]\n }\n ],\n \"question\": {\n \"queries\": [\n {\n \"query\": \"Find DataStore with (production=true or tag.Production=true) and classification='critical' and encrypted!=true as d return d.tag.AccountName as Account, d.displayName as UnencryptedDataStores, d._type as Type, d.encrypted as Encrypted\",\n \"version\": \"v1\",\n \"name\": \"unencryptedCriticalData\"\n }\n ]\n }\n }\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Date",
"value": "Tue, 14 Mar 2023 14:49:06 GMT"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "864"
},
{
"key": "Connection",
"value": "keep-alive"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
},
{
"key": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"key": "Expect-CT",
"value": "max-age=0"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=15552000; includeSubDomains"
},
{
"key": "X-Download-Options",
"value": "noopen"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Origin-Agent-Cluster",
"value": "?1"
},
{
"key": "X-Permitted-Cross-Domain-Policies",
"value": "none"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "vary",
"value": "Origin"
},
{
"key": "access-control-allow-credentials",
"value": "true"
},
{
"key": "ratelimit-limit",
"value": "1000"
},
{
"key": "ratelimit-remaining",
"value": "999"
},
{
"key": "ratelimit-reset",
"value": "1"
},
{
"key": "ratelimit-requested",
"value": "1"
}
],
"cookie": [],
"body": "{\n \"data\": {\n \"updateQuestionRuleInstance\": {\n \"id\": \"8df1b2e8-329e-48d7-a5f6-859d8e5b8714\",\n \"name\": \"mantest1\",\n \"description\": \"Data stores in production tagged critical and unencrypted\",\n \"specVersion\": 0,\n \"pollingInterval\": \"ONE_DAY\",\n \"question\": {\n \"queries\": [\n {\n \"query\": \"Find DataStore with (production=true or tag.Production=true) and classification='critical' and encrypted!=true as d return d.tag.AccountName as Account, d.displayName as UnencryptedDataStores, d._type as Type, d.encrypted as Encrypted\",\n \"version\": \"v1\"\n }\n ]\n },\n \"operations\": [\n {\n \"when\": {\n \"type\": \"FILTER\",\n \"specVersion\": 1,\n \"condition\": [\n \"AND\",\n [\n \"queries.unencryptedCriticalData.total\",\n \"!=\",\n 0\n ]\n ]\n },\n \"actions\": [\n {\n \"type\": \"SET_PROPERTY\",\n \"targetProperty\": \"alertLevel\",\n \"targetValue\": \"CRITICAL\",\n \"id\": \"52304ad2-e78a-4b6c-84b4-849bd419f0dd\"\n },\n {\n \"type\": \"CREATE_ALERT\",\n \"id\": \"f5bb0247-8548-4a08-a58e-7fc8be414c6a\"\n }\n ]\n }\n ],\n \"outputs\": [\n \"alertLevel\"\n ]\n }\n }\n}"
}
]
}
]
},
{
"name": "Questions",
"item": [
{
"name": "Create Question",
"request": {
"auth": {
"type": "bearer"
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": " mutation CreateQuestion($question: CreateQuestionInput!) {\n createQuestion(question: $question) {\n id\n title\n description\n queries {\n name\n query\n version\n resultsAre\n }\n variables {\n name\n required\n default\n }\n compliance {\n standard\n requirements\n }\n accountId\n integrationDefinitionId\n }\n }",
"variables": "{\n \"question\": {\n \"title\": \"What are my production data stores and their encryption status?\",\n \"tags\": [\"SecOps\"],\n \"description\": \"Returns a list of all production entities.\",\n \"queries\": [\n {\n \"name\": \"prod-datastores-encrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted=true\",\n \"resultsAre\": \"GOOD\"\n },\n {\n \"name\": \"prod-datastores-unencrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted!=true\",\n \"resultsAre\": \"BAD\"\n }\n ],\n \"compliance\": [\n {\n \"standard\": \"NIST CSF\",\n \"requirements\": [\"ID.AM-1\"]\n }\n ]\n }\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"response": [
{
"name": "Create Question",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": " mutation CreateQuestion($question: CreateQuestionInput!) {\n createQuestion(question: $question) {\n id\n title\n description\n queries {\n name\n query\n version\n resultsAre\n }\n variables {\n name\n required\n default\n }\n compliance {\n standard\n requirements\n }\n accountId\n integrationDefinitionId\n }\n }",
"variables": "{\n \"question\": {\n \"title\": \"What are my production data stores and their encryption status?\",\n \"tags\": [\"SecOps\"],\n \"description\": \"Returns a list of all production entities.\",\n \"queries\": [\n {\n \"name\": \"prod-datastores-encrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted=true\",\n \"resultsAre\": \"GOOD\"\n },\n {\n \"name\": \"prod-datastores-unencrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted!=true\",\n \"resultsAre\": \"BAD\"\n }\n ],\n \"compliance\": [\n {\n \"standard\": \"NIST CSF\",\n \"requirements\": [\"ID.AM-1\"]\n }\n ]\n }\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Date",
"value": "Tue, 14 Mar 2023 14:43:15 GMT"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "621"
},
{
"key": "Connection",
"value": "keep-alive"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
},
{
"key": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"key": "Expect-CT",
"value": "max-age=0"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=15552000; includeSubDomains"
},
{
"key": "X-Download-Options",
"value": "noopen"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Origin-Agent-Cluster",
"value": "?1"
},
{
"key": "X-Permitted-Cross-Domain-Policies",
"value": "none"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "vary",
"value": "Origin"
},
{
"key": "access-control-allow-credentials",
"value": "true"
},
{
"key": "ratelimit-limit",
"value": "1000"
},
{
"key": "ratelimit-remaining",
"value": "999"
},
{
"key": "ratelimit-reset",
"value": "1"
},
{
"key": "ratelimit-requested",
"value": "1"
}
],
"cookie": [],
"body": "{\n \"data\": {\n \"createQuestion\": {\n \"id\": \"3e1c02b1-6048-4dfe-9b52-28f02c0465fb\",\n \"title\": \"What are my production data stores and their encryption status?\",\n \"description\": \"Returns a list of all production entities.\",\n \"queries\": [\n {\n \"name\": \"prod-datastores-encrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted=true\",\n \"version\": null,\n \"resultsAre\": \"GOOD\"\n },\n {\n \"name\": \"prod-datastores-unencrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted!=true\",\n \"version\": null,\n \"resultsAre\": \"BAD\"\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"standard\": \"NIST CSF\",\n \"requirements\": [\n \"ID.AM-1\"\n ]\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n }\n }\n}"
}
]
},
{
"name": "List Questions",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "{{{{api_key}}}}",
"type": "string"
}
]
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "query ListQuestions(\n $mustTags: [String]\n $shouldTags: [String]\n $type: ListQuestionsType\n $limit: Int\n $cursor: String\n) {\n questions(\n mustTags: $mustTags\n shouldTags: $shouldTags\n type: $type\n limit: $limit\n cursor: $cursor\n ) {\n questions {\n id\n title\n description\n tags\n queries {\n name\n query\n version\n resultsAre\n }\n variables {\n name\n required\n default\n }\n compliance {\n type\n standard\n requirements\n controls\n details {\n name\n description\n }\n }\n accountId\n integrationDefinitionId\n }\n totalHits\n pageInfo {\n endCursor\n hasNextPage\n }\n }\n}",
"variables": "{\n \"limit\": 50, \n \"type\": \"ACCOUNT_ONLY\", \n \"cursor\": \"\"\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"response": [
{
"name": "List Questions",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "query ListQuestions(\n $mustTags: [String]\n $shouldTags: [String]\n $type: ListQuestionsType\n $limit: Int\n $cursor: String\n) {\n questions(\n mustTags: $mustTags\n shouldTags: $shouldTags\n type: $type\n limit: $limit\n cursor: $cursor\n ) {\n questions {\n id\n title\n description\n tags\n queries {\n name\n query\n version\n resultsAre\n }\n variables {\n name\n required\n default\n }\n compliance {\n type\n standard\n requirements\n controls\n details {\n name\n description\n }\n }\n accountId\n integrationDefinitionId\n }\n totalHits\n pageInfo {\n endCursor\n hasNextPage\n }\n }\n}",
"variables": "{\n \"limit\": 50, \n \"type\": \"ACCOUNT_ONLY\", \n \"cursor\": \"\"\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Date",
"value": "Tue, 14 Mar 2023 14:42:40 GMT"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "27302"
},
{
"key": "Connection",
"value": "keep-alive"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
},
{
"key": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"key": "Expect-CT",
"value": "max-age=0"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=15552000; includeSubDomains"
},
{
"key": "X-Download-Options",
"value": "noopen"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Origin-Agent-Cluster",
"value": "?1"
},
{
"key": "X-Permitted-Cross-Domain-Policies",
"value": "none"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "vary",
"value": "Origin"
},
{
"key": "access-control-allow-credentials",
"value": "true"
},
{
"key": "ratelimit-limit",
"value": "1000"
},
{
"key": "ratelimit-remaining",
"value": "999"
},
{
"key": "ratelimit-reset",
"value": "1"
},
{
"key": "ratelimit-requested",
"value": "1"
}
],
"cookie": [],
"body": "{\n \"data\": {\n \"questions\": {\n \"questions\": [\n {\n \"id\": \"ffdabe2f-0bbf-40ef-abb5-9ccc61748e3b\",\n \"title\": \"Problems associated with critical devices over time\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": \"Problems\",\n \"query\": \"Find Problem \\nthat has #CriticalAsset Device\",\n \"version\": null,\n \"resultsAre\": \"BAD\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"ff80fa81-744a-4f8d-b5fe-cbecd5655f3e\",\n \"title\": \"Blast radius of a compromised host (e.g. EC2 instance)\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": \"Connected Resources\",\n \"query\": \"Find \\\"{{enter hostname}}\\\" \\n with _class=('Device' or 'Host' or 'Function' or 'Database')\\n that relates to * \\nreturn tree\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n },\n {\n \"name\": \"Blast Radius\",\n \"query\": \"Find \\\"{{i-0600ee5168992e376}}\\\" \\n with _class=('Device' or 'Host' or 'Function' or 'Database') as e1\\n that relates to (AccessRole|Application|Cluster|CodeRepo|DataStore|Firewall|Gateway|Group|Key|Network|Project|User|UserGroup)\\n that relates to * as e2\\nwhere e1._class=e2._class\\nreturn TREE\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n },\n {\n \"name\": \"Internet Path\",\n \"query\": \"Find \\\"{{i-0600ee5168992e376}}\\\"\\n with _class=('Device' or 'Host' or 'Function' or 'Database')\\n (that (has|contains) Network)?\\n (that (has|contains) Network)?\\n that relates to (Gateway|Firewall)\\n that allows Internet\\nreturn TREE\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n },\n {\n \"name\": \"Privileged Access\",\n \"query\": \"Find \\\"{{i-0600ee5168992e376}}\\\"\\n with _class=('Device' or 'Host' or 'Function' or 'Database')\\n (that has * with _class!=('Problem' or 'Alert'))?\\n (that has Account)?\\n (that has (Group|Organization))?\\n that allows as permissions AccessPolicy\\n (that (allows|assigned) AccessRole)?\\n that (trusts|allows|assigned) (User|UserGroup|AccessRole|Account)\\nwhere permissions.admin=true or permissions.admin=undefined\\nreturn TREE\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n },\n {\n \"name\": \"Data Access\",\n \"query\": \"Find \\\"{{i-0600ee5168992e376}}\\\"\\n with _class=('Device' or 'Host' or 'Function' or 'Database')\\n (that (assigned|uses) AccessRole)?\\n (that (assigned|uses) AccessPolicy)?\\n that (allows|uses) DataStore\\nreturn TREE\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"fb72c503-64dd-4bc3-a4be-80094b690727\",\n \"title\": \"Data stores, hosts and devices by classification\",\n \"description\": null,\n \"tags\": [\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": \"count\",\n \"query\": \"Find (DataStore|Host|Device) as asset return asset.classification, count(asset)\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n },\n {\n \"name\": \"critical\",\n \"query\": \"Find (DataStore|Host|Device) with classification='critical'\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n },\n {\n \"name\": \"confidential\",\n \"query\": \"Find (DataStore|Host|Device) with classification='confidential'\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n },\n {\n \"name\": \"internal\",\n \"query\": \"Find (DataStore|Host|Device) with classification='internal'\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n },\n {\n \"name\": \"public\",\n \"query\": \"Find (DataStore|Host|Device) with classification='public'\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n },\n {\n \"name\": \"unclassified\",\n \"query\": \"Find (DataStore|Host|Device) with classification=undefined\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.78\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"f9c59f69-8dbf-4b4f-b5b4-5df0a78070f1\",\n \"title\": \"Host Protection Status\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": \"Protected Hosts\",\n \"query\": \"FIND HostAgent THAT PROTECTS Host\",\n \"version\": null,\n \"resultsAre\": \"GOOD\"\n },\n {\n \"name\": \"Unprotected Hosts\",\n \"query\": \"FIND HostAgent THAT !PROTECTS Host\",\n \"version\": null,\n \"resultsAre\": \"BAD\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"f990b770-1e77-40ff-9a1e-4a1d9ba24b90\",\n \"title\": \"Device by common open ports\",\n \"description\": null,\n \"tags\": [\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": \"22-ssh\",\n \"query\": \"find (Device|Host) with openPorts=22\",\n \"version\": null,\n \"resultsAre\": null\n },\n {\n \"name\": \"53-dns\",\n \"query\": \"find (Device|Host) with openPorts=53\",\n \"version\": null,\n \"resultsAre\": null\n },\n {\n \"name\": \"80-http\",\n \"query\": \"find (Device|Host) with openPorts=80\",\n \"version\": null,\n \"resultsAre\": null\n },\n {\n \"name\": \"443-https\",\n \"query\": \"find (Device|Host) with openPorts=443\",\n \"version\": null,\n \"resultsAre\": null\n },\n {\n \"name\": \"3389-rdp\",\n \"query\": \"find (Device|Host) with openPorts=3389\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.95\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"f789ea60-ebd1-453d-b8ac-f52397fd1e84\",\n \"title\": \"Find Device by Serial number\",\n \"description\": null,\n \"tags\": [\n \"demo\",\n \"interactive\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find Device with serial='{{R28JC0E1CRL}}'\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"f3d98253-5b1e-4f58-9d04-a4de733e11c8\",\n \"title\": \"george test 3\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"\\\"fimd * limit 3\\\"\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"HIPAA\",\n \"requirements\": [\n \"cp-data-protection\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"f33875bb-cc77-4511-a945-bcf1e604e048\",\n \"title\": \"EC2 instances and its related entities\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"'{{instance-id}}' that relates to * return tree\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"f23ccab0-46c9-4a31-a2e0-cb2092cfb95b\",\n \"title\": \"Vulnerable code deployed to data stores\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find Finding with numericSeverity > 9\\nthat has CodeRepo\\nthat DEFINES Function with tag.Production=true\\nthat assigned AccessRole\\nthat assigned AccessPolicy\\nthat allows DataStore with classification!='public'\\nreturn tree\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"f09b9686-1bda-4878-be4c-17097635f22c\",\n \"title\": \"Who has access to a particular resource?\",\n \"description\": \"Input the key words and see all users that have access and their specific permissions\",\n \"tags\": [\n \"permissions\",\n \"privileges\",\n \"iam\",\n \"access\",\n \"aws\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find '{{key-words}}' as resource\\n that has Service as service\\n (that has Account)?\\n that allows as rule AccessPolicy as policy\\n (that assigned AccessRole)? as role\\n that (assigned|uses) *\\n with _class!=\\\"AccessPolicy\\\" and _class!=\\\"AccessRole\\\" as accessible\\nReturn\\n accessible.displayName, accessible._type, rule.actions,\\n resource.displayName, resource._key, service.displayName,\\n policy.displayName, policy._key,\\n role.displayName, role._key\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"ef701c04-d814-441c-ba2b-a9cc366f259a\",\n \"title\": \"Are my assets tracked? How many entities are there?\",\n \"description\": \"Returns the current count of total assets/entities tracked in JupiterOne - either automatically ingested via integrations or manually entered through the Asset Inventory app or API.\",\n \"tags\": [\n \"compliance\",\n \"CIS Controls\",\n \"HIPAA\",\n \"PCI DSS\"\n ],\n \"queries\": [\n {\n \"name\": \"entityCount\",\n \"query\": \"Find * as e return count(e)\",\n \"version\": null,\n \"resultsAre\": \"GOOD\"\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"CIS Controls\",\n \"requirements\": [\n \"1.1\",\n \"1.2\",\n \"1.4\",\n \"1.5\",\n \"2.1\",\n \"2.3\",\n \"2.4\",\n \"2.5\"\n ],\n \"controls\": null,\n \"details\": null\n },\n {\n \"type\": null,\n \"standard\": \"HITRUST CSF\",\n \"requirements\": [\n \"07.a\"\n ],\n \"controls\": null,\n \"details\": null\n },\n {\n \"type\": null,\n \"standard\": \"HITRUST CSF\",\n \"requirements\": [\n \"2.4\"\n ],\n \"controls\": null,\n \"details\": null\n },\n {\n \"type\": null,\n \"standard\": \"MyFramework\",\n \"requirements\": [\n \"1.4\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"ee2dda3f-524f-4b3a-bd3e-292c27a38820\",\n \"title\": \"User Endpoint to Cloud Access Diagram\",\n \"description\": null,\n \"tags\": [\n \"uar\",\n \"aws\",\n \"endpoint\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find HostAgent\\n that PROTECTS Device\\n that OWNS Person\\n that Is User\\n that ASSIGNED AccessRole\\n that ASSIGNED AccessPolicy\\n that ALLOWS (Service|Account)\\nreturn tree\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"ed6390e6-cde6-487d-8fed-3ac43904607a\",\n \"title\": \"Find AWS ELB gateways (Application and Network load balancers)\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find (aws_alb|aws_nlb)\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.90\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"ed4d323c-1e42-4cb3-8310-74fc7434153a\",\n \"title\": \"Which user has been granted access to EC2?\",\n \"description\": null,\n \"tags\": [\n \"demo\",\n \"interactive\"\n ],\n \"queries\": [\n {\n \"name\": \"access-to-service\",\n \"query\": \"Find User that assigned AccessRole that ASSIGNED AccessPolicy\\n that allows aws_ec2\\n that has aws_instance\\n with instanceId='{{instanceId}}'\",\n \"version\": null,\n \"resultsAre\": null\n },\n {\n \"name\": \"access-to-instance\",\n \"query\": \"Find User that assigned AccessRole that ASSIGNED AccessPolicy\\n that allows aws_instance\\n with instanceId='{{instanceId}}'\",\n \"version\": null,\n \"resultsAre\": null\n },\n {\n \"name\": \"access-to-account\",\n \"query\": \"Find User that assigned AccessRole that ASSIGNED AccessPolicy\\n that allows aws_account\\n that has aws_ec2\\n that has aws_instance\\n with instanceId='{{instanceId}}'\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"eac6f97c-c33a-4996-b6e0-289decb6c0e7\",\n \"title\": \"Find ECS container instances\",\n \"description\": null,\n \"tags\": [\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": \"instances\",\n \"query\": \"find aws_ecs_container_instance\",\n \"version\": null,\n \"resultsAre\": null\n },\n {\n \"name\": \"graph\",\n \"query\": \"find aws_ecs_container_instance that (has|runs) * return tree\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.82\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"e8fb64e3-f237-47cd-80df-425cc4cfa3ea\",\n \"title\": \"Erkang's AWS Okta access\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find Host that OWNS Person that IS okta_user with email~='erkang.zheng@lifeomic.com' as user that has okta_user_group as group that assigned aws_iam_role as role that assigned AccessPolicy as policy that allows as permission * as resource return tree\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"e87364cb-3300-4a9a-950a-c767c44d9595\",\n \"title\": \"Find Route53 records\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"find * that is aws_route53_record\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"e5ab0ce0-a321-46c6-9eca-97fa5e4e48df\",\n \"title\": \"All EC2 instances\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find aws_instance \",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.84\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"e55880bc-11cd-4f22-b921-f9e9ab6f9e5b\",\n \"title\": \"i-0600ee5168992e376\",\n \"description\": \"i-0600ee5168992e376\",\n \"tags\": [\n \"IR\",\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"\\\"i-0600ee5168992e376\\\" that relates to * return tree\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"e3eeb2b8-2272-44e2-8417-6fb65e9db7a2\",\n \"title\": \"Production DataStores not supposed to be public, not encrypted\",\n \"description\": null,\n \"tags\": [\n \"data\",\n \"encryption\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find DataStore with encrypted!=true and tag.Production=true and classification!='public'\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"e115643b-6700-45c8-806c-9b7c09df995d\",\n \"title\": \"Craigs list of backed up datastores\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find DataStore with tag.Production=true and hasBackup=true\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"dff8a1f4-041d-4e63-8d6a-8d0d6c4d8b99\",\n \"title\": \"Kubernetes 'cluster-admin' role usage\",\n \"description\": null,\n \"tags\": [],\n \"queries\": [\n {\n \"name\": \"cluster-admin role\",\n \"query\": \"FIND kube_cluster_role_binding WITH displayName = 'cluster-admin'\",\n \"version\": null,\n \"resultsAre\": \"BAD\"\n }\n ],\n \"variables\": null,\n \"compliance\": null,\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"db3004cc-cdd8-4bb4-a423-c53e92e1ee9e\",\n \"title\": \"Which end-user devices do not have CrowdStrike sensor installed?\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find (user_endpoint|workstation|laptop|desktop|computer) that !PROTECTS crowdstrike_sensor\",\n \"version\": null,\n \"resultsAre\": \"BAD\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"d977e441-11ca-4e29-bc09-09f046b6c0ad\",\n \"title\": \"Unknown external hosts allowed access to non-dev AWS environments\",\n \"description\": null,\n \"tags\": [\n \"demo\",\n \"threat\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"find mapped_entity with _class='Host' and publicIpAddress!=undefined\\n and validated!=true and trusted!=true that ALLOWS * with tag.AccountName !~= '-dev' and _integrationType='aws'\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"d960742c-0ad9-4e76-b352-5a3728903104\",\n \"title\": \"Find device by installed application\",\n \"description\": null,\n \"tags\": [\n \"demo\",\n \"interactive\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find Device that installed Application with name~='{{Adobe}}' return tree\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"d8a7a04b-203c-4275-8fa9-613b83b3967b\",\n \"title\": \"Very long query\",\n \"description\": null,\n \"tags\": [\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"FIND DomainRecord \\nTHAT has DomainZone \\nthat has Service \\nthat has Account \\nthat OWNS root \\nthat OWNS Account \\nthat OWNS Project \\nthat HAS CodeRepo \\n(that has PR)? \\n(that approved User)? \\n(that has Finding)? \\nthat defines Function \\nthat has Network \\nthat has Host \\n(that has Finding)? \\nreturn TREE\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"d66b2b7f-8a80-49f2-b1a8-b120fd35c01f\",\n \"title\": \"Unencrypted critical data stores in production\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"find DataStore with encrypted!=true and tag.Production=true and public=false and classification='critical'\",\n \"version\": null,\n \"resultsAre\": \"BAD\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"d4ecb5a1-9c3f-4975-89e1-29dca2f2aaef\",\n \"title\": \"TestQuestion1 - GCP Prop\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find User with mfaEnabled=true that relates to * with _type~=\\\"google\\\"\",\n \"version\": null,\n \"resultsAre\": \"GOOD\"\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"CIS Google Cloud Foundations 1.1\",\n \"requirements\": [\n \"1.2\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"d1e50889-3f35-463e-9a7c-8c12185b6d0f\",\n \"title\": \"Who has installed non-compliance software on their user devices?\",\n \"description\": null,\n \"tags\": [\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": \"bad\",\n \"query\": \"find Person that owns Device that installed as installation Application with approved != true\\nreturn\\n Person.email, Device.displayName, Application.displayName, installation.version\\norder by Device.displayName\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.65\"\n ],\n \"controls\": null,\n \"details\": null\n },\n {\n \"type\": null,\n \"standard\": \"Demo\",\n \"requirements\": [\n \"A5.65\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"ceb5bb64-f514-4332-9222-6bdd00fc50c1\",\n \"title\": \"Find everything\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": \"All\",\n \"query\": \"Find *\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"CIS AWS Foundations\",\n \"requirements\": [],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"cd123823-b953-4c8e-ae98-7ac16e714dc3\",\n \"title\": \"User Accounts\",\n \"description\": null,\n \"tags\": [\n \"demo\",\n \"access\",\n \"interactive\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find Person with email~='{{userId or email}}'\\n that is User as user\\nreturn \\n user._type,\\n user.tag.AccountName, user.username, user.email, user.admin\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"cc183038-c8c5-469e-b8c8-1b2bcf7f4415\",\n \"title\": \"Find an s3 bucket with a given displayname\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"FIND aws_s3_bucket with displayName={{'display_name'}}\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"cbbe6af3-f6ed-4a0e-8413-d1489509d0f7\",\n \"title\": \"Internet facing EC2 instances and public VPC\",\n \"description\": null,\n \"tags\": [\n \"vpc\",\n \"aws\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find aws_vpc with public=true\\n that contains aws_subnet with public=true as n \\n that HAS aws_instance as i \\n that PROTECTS aws_security_group as sg \\n that ALLOWS as rule Internet\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"cadba505-83e7-4a38-b9f5-07a9c8d2bbdc\",\n \"title\": \"Prod EC2 Internet Report\",\n \"description\": \"These are Prod EC2 that are running and have Internet Access\",\n \"tags\": null,\n \"queries\": [\n {\n \"name\": \"Ingress\",\n \"query\": \"fInd aws_instance with (tag.Production=true or displayName~=\\\"prod\\\") AND state=\\\"running\\\" as ec2\\nTHAT PROTECTS aws_security_group as sg\\nTHAT ALLOWS << as rule Internet\\nRETURN ec2.id as \\\"ID of EC2\\\", sg.displayName as Name, rule.groupId as groupId, rule.ipProtocol as Protocol\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n },\n {\n \"name\": \"Egress\",\n \"query\": \"fInd aws_instance with (tag.Production=true or displayName~=\\\"prod\\\") AND state=\\\"running\\\" as ec2\\nTHAT PROTECTS aws_security_group as sg\\nTHAT ALLOWS >> as rule Internet\\nRETURN ec2.id as \\\"ID of EC2\\\", sg.displayName as Name, rule.groupId as groupId, rule.ipProtocol as Protocol\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"ca666d86-1042-4291-b848-1a4c3ea9c249\",\n \"title\": \"Azure Function Apps on non-approved service plans\",\n \"description\": \"Function apps must use approved app service plans premium, isolated, or dedicated only\",\n \"tags\": [\n \"hsbc\",\n \"azure\"\n ],\n \"queries\": [\n {\n \"name\": \"Azure Function Apps on non-approved service plans\",\n \"query\": \"find \\n azure_function_app that uses\\n azure_app_service_plan with \\n sku.name != ('P1' AND 'P2' AND 'P3' AND 'I1' AND 'I2' AND 'I1v2' AND 'I2v2' AND 'P1v2' AND 'P2v2' AND 'P3v2' AND 'P1v3' AND 'P2v3' AND 'P3v3')\\nreturn tree\",\n \"version\": null,\n \"resultsAre\": \"BAD\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"c9544d6d-412a-4eca-aa9e-4620b8cd1b1c\",\n \"title\": \"Mike's billable entity count for specific integrations\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find * with\\n _source !^= 'system-' and\\n _integrationName = '{{your_integration_name}}' and\\n _class != ('Finding' OR 'PR' OR 'Image' OR 'NetworkInterface' OR 'IpAddress' OR 'Record' OR 'DomainRecord') as e\\nreturn\\n count(e) as entityCount\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"c7a39188-12b4-443e-9a15-de24e5d4437c\",\n \"title\": \"Find Internet\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": \"Internet\",\n \"query\": \"Find Internet\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"CIS AWS Foundations 1.4\",\n \"requirements\": [],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"c702cf37-5b07-4cd6-a726-9431f4b7b0c6\",\n \"title\": \"A test question\",\n \"description\": null,\n \"tags\": [\n \"test\"\n ],\n \"queries\": [\n {\n \"name\": \"1\",\n \"query\": \"Find *\",\n \"version\": null,\n \"resultsAre\": \"UNKNOWN\"\n }\n ],\n \"variables\": null,\n \"compliance\": null,\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"c4967519-4b2f-44ec-a630-f7273dea80dd\",\n \"title\": \"Potentially sensitive data stores\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"FIND Internet\\n that allows aws_security_group\\n that protects Function\\n that assigned AccessRole\\n that assigned AccessPolicy\\n that allows DataStore with classification != 'public'\\n that has Finding with hasSensitiveData=true\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"c3ca8671-4140-40ec-b532-aa6a89c1e928\",\n \"title\": \"Which user endpoint devices are missing required software?\",\n \"description\": null,\n \"tags\": [\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": \"bad\",\n \"query\": \"find Application with required=true that !installed user_endpoint\\nreturn \\n Application.displayName, user_endpoint.displayName, user_endpoint.username, user_endpoint.email\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.66\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"c38f63c9-4527-4ce8-9af3-7d7e7e55f328\",\n \"title\": \"Example query\",\n \"description\": \"Example\",\n \"tags\": null,\n \"queries\": [\n {\n \"name\": \"Example Delete\",\n \"query\": \"find DataStore with encrypted != true and accountId = '195479668431'\\nand tag.Production = true and tag.classification != \\\"public\\\"\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"c2c10d5f-7b09-48ad-b6fc-36df3ef28d57\",\n \"title\": \"Which devices are not using the latest (version 83) of Google Chrome\",\n \"description\": null,\n \"tags\": [\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": \"bad\",\n \"query\": \"find Person that owns Device that installed as installation Application with name^='Google Chrome'\\nwhere installation.version !^= '83'\\nreturn\\n Person.email, Device.displayName, Application.displayName, installation.version\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.67\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"c1fe80c8-f701-4b6b-a642-d0727e80fe4c\",\n \"title\": \"Erkang's user devices\",\n \"description\": null,\n \"tags\": [\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find Person with firstName='Erkang' that owns Device RETURN TREE\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"c1551576-b704-4b5b-a08a-4c00d6d790bf\",\n \"title\": \"Which hosts have an access role attached?\",\n \"description\": null,\n \"tags\": [\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find Host that assigned AccessRole return TREE\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.99\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"c0be3ae5-259e-4ec7-89b8-ba75035008d5\",\n \"title\": \"What privileges does a specific user have in the cloud? *\",\n \"description\": \"Input a full or partial email address and see that user's cloud access.\",\n \"tags\": [\n \"iam\",\n \"access\",\n \"aws\",\n \"privileges\",\n \"permissions\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find User with email ~= '{{email.handle}}' as user\\n (that assigned AccessRole)? as role\\n that assigned AccessPolicy as policy\\n that allows as rule * as service\\nReturn\\n user.displayName, service.displayName, rule.actions,\\n policy.displayName, policy._key,\\n role.displayName, role._key\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"bdb94333-fb4f-4be0-bad5-66a251f122b2\",\n \"title\": \"My Users\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find User with email='{{me.email}}'\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"bd86be48-7a75-45fa-88ad-f429e6aa3821\",\n \"title\": \"Route53 records not pointing to an internal resource\",\n \"description\": null,\n \"tags\": [\n \"demo\",\n \"dns\"\n ],\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"find aws_route53_record with \\n (resourceRecords!=undefined or aliasTarget!=undefined) and \\n type=('A' or 'AAAA' or 'CNAME')\\nthat !connects *\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.103\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"ba2ab711-3da7-4fba-b0b8-acff1096fcf9\",\n \"title\": \"Okta User Report (60 days inactive)\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"FIND okta_user with lastLoginOn < date.now - 60 day and status=\\\"ACTIVE\\\" as u1 THAT IS Person THAT IS User with active = true as u2\\n\\nRETURN \\nu1.lastLoginOn, u1.email, u2._type\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"b86c37db-6a62-479c-8cda-2227b630494a\",\n \"title\": \"example prompt\",\n \"description\": null,\n \"tags\": null,\n \"queries\": [\n {\n \"name\": null,\n \"query\": \"Find User with email ~= '{{email}}' as user\\n (that assigned AccessRole)? as role\\n that assigned AccessPolicy as policy\\n that allows as rule * as service\\nReturn\\n user.displayName, service.displayName, rule.actions,\\n policy.displayName, policy._key,\\n role.displayName, role._key\",\n \"version\": null,\n \"resultsAre\": \"INFORMATIVE\"\n }\n ],\n \"variables\": null,\n \"compliance\": [],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n },\n {\n \"id\": \"b4e4b047-0287-4182-8c98-5887d603f0cb\",\n \"title\": \"Group devices by OS name\",\n \"description\": null,\n \"tags\": [\n \"demo\"\n ],\n \"queries\": [\n {\n \"name\": \"count\",\n \"query\": \"find Device return Device.osName, count(Device)\",\n \"version\": null,\n \"resultsAre\": null\n },\n {\n \"name\": \"windows\",\n \"query\": \"find Device with platform='windows'\",\n \"version\": null,\n \"resultsAre\": null\n },\n {\n \"name\": \"linux\",\n \"query\": \"find Device with platform='linux'\",\n \"version\": null,\n \"resultsAre\": null\n },\n {\n \"name\": \"mac\",\n \"query\": \"find Device with platform=('darwin' or 'mac')\",\n \"version\": null,\n \"resultsAre\": null\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"type\": null,\n \"standard\": \"Alexion Demo\",\n \"requirements\": [\n \"A5.69\"\n ],\n \"controls\": null,\n \"details\": null\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n }\n ],\n \"totalHits\": 190,\n \"pageInfo\": {\n \"endCursor\": \"WzAsImI0ZTRiMDQ3LTAyODctNDE4Mi04Yzk4LTU4ODdkNjAzZjBjYiJd\",\n \"hasNextPage\": true\n }\n }\n }\n}"
}
]
},
{
"name": "Delete Question",
"request": {
"auth": {
"type": "bearer"
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation DeleteQuestion($id: ID!) {\n deleteQuestion(id: $id) {\n id\n title\n description\n queries {\n query\n name\n version\n }\n variables {\n name\n required\n default\n }\n tags\n accountId\n integrationDefinitionId\n }\n }",
"variables": "{\n \"id\": \"f1eb816c-2a5c-4656-bb71-725bea7ab0de\"\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"response": [
{
"name": "Delete Question",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation DeleteQuestion($id: ID!) {\n deleteQuestion(id: $id) {\n id\n title\n description\n queries {\n query\n name\n version\n }\n variables {\n name\n required\n default\n }\n tags\n accountId\n integrationDefinitionId\n }\n }",
"variables": "{\n \"id\": \"770ef6f8-ca2a-4cd6-a72a-db2147f4e1a9\"\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Date",
"value": "Tue, 14 Mar 2023 14:51:22 GMT"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "534"
},
{
"key": "Connection",
"value": "keep-alive"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
},
{
"key": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"key": "Expect-CT",
"value": "max-age=0"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=15552000; includeSubDomains"
},
{
"key": "X-Download-Options",
"value": "noopen"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Origin-Agent-Cluster",
"value": "?1"
},
{
"key": "X-Permitted-Cross-Domain-Policies",
"value": "none"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "vary",
"value": "Origin"
},
{
"key": "access-control-allow-credentials",
"value": "true"
},
{
"key": "ratelimit-limit",
"value": "1000"
},
{
"key": "ratelimit-remaining",
"value": "999"
},
{
"key": "ratelimit-reset",
"value": "1"
},
{
"key": "ratelimit-requested",
"value": "1"
}
],
"cookie": [],
"body": "{\n \"data\": {\n \"deleteQuestion\": {\n \"id\": \"770ef6f8-ca2a-4cd6-a72a-db2147f4e1a9\",\n \"title\": \"What are my production data stores and their encryption status?\",\n \"description\": \"Returns a list of all production entities.\",\n \"queries\": [\n {\n \"query\": \"Find * with tag.Production=true and encrypted=true\",\n \"name\": \"prod-datastores-encrypted\",\n \"version\": null\n },\n {\n \"query\": \"Find * with tag.Production=true and encrypted!=true\",\n \"name\": \"prod-datastores-unencrypted\",\n \"version\": null\n }\n ],\n \"variables\": null,\n \"tags\": [\n \"SecOps\"\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n }\n }\n}"
}
]
},
{
"name": "Create Question",
"request": {
"auth": {
"type": "bearer"
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": " mutation CreateQuestion($question: CreateQuestionInput!) {\n createQuestion(question: $question) {\n id\n title\n description\n queries {\n name\n query\n version\n resultsAre\n }\n variables {\n name\n required\n default\n }\n compliance {\n standard\n requirements\n }\n accountId\n integrationDefinitionId\n }\n }",
"variables": "{\n \"question\": {\n \"title\": \"What are my production data stores and their encryption status?\",\n \"tags\": [\"SecOps\"],\n \"description\": \"Returns a list of all production entities.\",\n \"queries\": [\n {\n \"name\": \"prod-datastores-encrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted=true\",\n \"resultsAre\": \"GOOD\"\n },\n {\n \"name\": \"prod-datastores-unencrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted!=true\",\n \"resultsAre\": \"BAD\"\n }\n ],\n \"compliance\": [\n {\n \"standard\": \"NIST CSF\",\n \"requirements\": [\"ID.AM-1\"]\n }\n ]\n }\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"response": [
{
"name": "Create Question",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "Authorization",
"type": "text",
"value": "Bearer {{api_key}}"
},
{
"key": "Jupiterone-Account",
"type": "text",
"value": "{{account_id}}"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": " mutation CreateQuestion($question: CreateQuestionInput!) {\n createQuestion(question: $question) {\n id\n title\n description\n queries {\n name\n query\n version\n resultsAre\n }\n variables {\n name\n required\n default\n }\n compliance {\n standard\n requirements\n }\n accountId\n integrationDefinitionId\n }\n }",
"variables": "{\n \"question\": {\n \"title\": \"What are my production data stores and their encryption status?\",\n \"tags\": [\"SecOps\"],\n \"description\": \"Returns a list of all production entities.\",\n \"queries\": [\n {\n \"name\": \"prod-datastores-encrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted=true\",\n \"resultsAre\": \"GOOD\"\n },\n {\n \"name\": \"prod-datastores-unencrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted!=true\",\n \"resultsAre\": \"BAD\"\n }\n ],\n \"compliance\": [\n {\n \"standard\": \"NIST CSF\",\n \"requirements\": [\"ID.AM-1\"]\n }\n ]\n }\n}"
}
},
"url": {
"raw": "https://graphql.us.jupiterone.io",
"protocol": "https",
"host": [
"graphql",
"us",
"jupiterone",
"io"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Date",
"value": "Tue, 14 Mar 2023 14:41:31 GMT"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "621"
},
{
"key": "Connection",
"value": "keep-alive"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
},
{
"key": "X-DNS-Prefetch-Control",
"value": "off"
},
{
"key": "Expect-CT",
"value": "max-age=0"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Strict-Transport-Security",
"value": "max-age=15552000; includeSubDomains"
},
{
"key": "X-Download-Options",
"value": "noopen"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Origin-Agent-Cluster",
"value": "?1"
},
{
"key": "X-Permitted-Cross-Domain-Policies",
"value": "none"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "vary",
"value": "Origin"
},
{
"key": "access-control-allow-credentials",
"value": "true"
},
{
"key": "ratelimit-limit",
"value": "1000"
},
{
"key": "ratelimit-remaining",
"value": "999"
},
{
"key": "ratelimit-reset",
"value": "1"
},
{
"key": "ratelimit-requested",
"value": "1"
}
],
"cookie": [],
"body": "{\n \"data\": {\n \"createQuestion\": {\n \"id\": \"5d8467ac-9e0b-485b-bc9a-0a8604845bea\",\n \"title\": \"What are my production data stores and their encryption status?\",\n \"description\": \"Returns a list of all production entities.\",\n \"queries\": [\n {\n \"name\": \"prod-datastores-encrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted=true\",\n \"version\": null,\n \"resultsAre\": \"GOOD\"\n },\n {\n \"name\": \"prod-datastores-unencrypted\",\n \"query\": \"Find * with tag.Production=true and encrypted!=true\",\n \"version\": null,\n \"resultsAre\": \"BAD\"\n }\n ],\n \"variables\": null,\n \"compliance\": [\n {\n \"standard\": \"NIST CSF\",\n \"requirements\": [\n \"ID.AM-1\"\n ]\n }\n ],\n \"accountId\": \"j1dev\",\n \"integrationDefinitionId\": null\n }\n }\n}"
}
]
}
]
}
]
}
.png)