jupiterone_account <-OWNS- <ROOT> security_policy <-HAS- <ROOT> (Service|Control|Team) -IMPLEMENTS-> security_procedure Source Filters function = !null inUse = !false active = !false Target Filters function = source.function employee <-EMPLOYS- <ROOT> Domain <-OWNS- <ROOT> Organization -HAS-> Person Target Filters email = source.members Team -HAS-> Person Target Filters email = source.members Team <-MANAGES- Person Target Filters email = source.supervisor Team <-HAS- Organization Source Filters organization = !null Target Filters _key = source.organization Team <-HAS- <ROOT> Source Filters organization = null Document <-APPROVED- Person Target Filters email = source.approvedBy Document <-CREATED- Person Target Filters email = source.createdBy Document <-UPDATED- Person Target Filters email = source.updatedBy (Account|Application|Channel|Cluster|CodeRepo|Configuration|DataStore|Domain|Firewall|Function|Gateway|Host|Network|Organization|Product|Repository|Service) <-MANAGES- (Person|Team|UserGroup) Target Filters _key = [source.owner,source.tag.Owner] (Account|Application|Channel|Cluster|CodeRepo|Configuration|DataStore|Domain|Firewall|Function|Gateway|Host|Network|Organization|Product|Repository|Service) <-MANAGES- (Person|Team|UserGroup) Target Filters email = [toLowerCase(source.email),toLowerCase(source.owner),toLowerCase(source.tag.Owner)] Domain <-HAS- Organization Target Filters domains = source.name Domain <-MANAGES- Person Target Filters email = source.contactEmails DomainRecord -CONNECTS-> (Host|IpAddress|NetworkInterface|Gateway|Cluster) Source Filters type = (A|AAAA|CNAME) Target Filters publicIpAddress = source.value DomainRecord -CONNECTS-> (Gateway|Host|Cluster) Source Filters type = (A|AAAA|CNAME) Target Filters dnsName = source.value DomainRecord -CONNECTS-> (Gateway|Host|Cluster) Source Filters type = (A|AAAA|CNAME) Target Filters domainName = source.value DomainRecord -CONNECTS-> (Gateway|Host|Cluster) Source Filters type = (A|AAAA|CNAME) Target Filters aliases = source.value DomainRecord -CONNECTS-> (Gateway|Host|Cluster) Source Filters type = (A|AAAA|CNAME) Target Filters fqdn = source.value DomainRecord -CONNECTS-> DomainRecord Source Filters type = CNAME Target Filters name = source.value DomainZone <-HAS- Domain Target Filters name = source.parentDomain Application -USES-> DomainZone Target Filters domainName = source.name ApplicationEndpoint -USES-> DomainRecord Target Filters type = ("A"|"AAAA"|"CNAME") name = source.address Certificate <-HAS- (Domain|DomainZone|DomainRecord) Target Filters name = [source.domainName,source.alternativeNames] User -IS-> Person Target Filters email = toLowerCase(source.email) User -IS-> Person Target Filters username = toLowerCase(source.username) User -IS-> Person Target Filters aliases = toLowerCase(source.email) User -IS-> Person Source Filters _accountId = !(********-****-****-****-************|********-****-****-****-************) Target Filters name = source.name User -IS-> Person Source Filters _accountId = !(********-****-****-****-************|********-****-****-****-************) Target Filters displayName = source.displayName Person <-IS- User Target Filters email = source.email Person <-IS- User Target Filters username = source.email Person <-MANAGES- Person Target Filters employeeId = [toLowerCase(source.managerId),toLowerCase(source.manager)] Person <-MANAGES- Person Person <-MANAGES- Person Target Filters email = [toLowerCase(source.managerEmail),toLowerCase(source.manager)] Person <-MANAGES- Person Target Filters name = source.manager Person <-MANAGES- Person Target Filters displayName = source.manager (Finding|Vulnerability) <-HAS- Host Source Filters _integrationType = !qualys open = true Target Filters id = source.targets (Finding|Vulnerability) <-HAS- Host Source Filters _integrationType = !qualys open = true Target Filters name = source.targets (Finding|Vulnerability) <-HAS- Host Source Filters _integrationType = !qualys open = true Target Filters fqdn = source.targets (Finding|Vulnerability) <-HAS- Host Source Filters _integrationType = !qualys open = true Target Filters hostname = source.targets (Finding|Vulnerability) <-HAS- Host Source Filters _integrationType = !qualys open = true Target Filters address = source.targets (Finding|Vulnerability) <-HAS- Host Source Filters _integrationType = !qualys open = true Target Filters ipAddress = source.targets (Finding|Vulnerability) <-HAS- Host Source Filters _integrationType = !qualys open = true Target Filters publicIpAddress = source.targets (Finding|Vulnerability) <-HAS- Host Source Filters _integrationType = !qualys open = true Target Filters privateIpAddress = source.targets (Finding|Vulnerability) <-HAD- Host Source Filters _integrationType = !qualys open = false Target Filters id = source.targets (Finding|Vulnerability) <-HAD- Host Source Filters _integrationType = !qualys open = false Target Filters name = source.targets (Finding|Vulnerability) <-HAD- Host Source Filters _integrationType = !qualys open = false Target Filters fqdn = source.targets (Finding|Vulnerability) <-HAD- Host Source Filters _integrationType = !qualys open = false Target Filters hostname = source.targets (Finding|Vulnerability) <-HAD- Host Source Filters _integrationType = !qualys open = false Target Filters address = source.targets (Finding|Vulnerability) <-HAD- Host Source Filters _integrationType = !qualys open = false Target Filters ipAddress = source.targets (Finding|Vulnerability) <-HAD- Host Source Filters _integrationType = !qualys open = false Target Filters publicIpAddress = source.targets (Finding|Vulnerability) <-HAD- Host Source Filters _integrationType = !qualys open = false Target Filters privateIpAddress = source.targets (Finding|Vulnerability) <-HAS- (CodeRepo|Project|Application) Source Filters _integrationType = !qualys open = true Target Filters name = source.targets Finding <-HAS- (Application) Source Filters _integrationType = !qualys Target Filters id = source.targets (Finding|Vulnerability) <-HAD- (CodeRepo|Project|Application) Source Filters _integrationType = !qualys open = false Target Filters name = source.targets (Finding|Vulnerability) <-HAS- CodeRepo Source Filters _integrationType = !qualys open = true Target Filters fullName = source.targets (Finding|Vulnerability) <-HAD- CodeRepo Source Filters _integrationType = !qualys open = false Target Filters fullName = source.targets (Finding|Risk|Vulnerability) <-IDENTIFIED- Assessment Source Filters _integrationType = !(azure|qualys) Target Filters name = source.assessment (Finding|Risk|Vulnerability) <-IDENTIFIED- Assessment Source Filters _integrationType = !(azure|qualys) Target Filters _key = source.assessment ThreatIntel <-HAS- Vulnerability Target Filters qid = source.qid Assessment <-PERFORMED- Person Target Filters email = [source.assessor,source.assessors] Assessment -TARGETS-> Vendor Target Filters name = source.vendor Device <-OWNS- Person Target Filters email = [toLowerCase(source.owner),toLowerCase(source.email),toLowerCase(source.username)] Device <-OWNS- Person Target Filters userId = [toLowerCase(source.username),toLowerCase(source.userId)] Device <-HAS- Person Device <-HAS- Person Target Filters email = toLowerCase(source.users) Vendor <-MANAGES- Person Target Filters email = [source.owner,source.owners,source.admins] Vendor <-APPROVES- PR Target Filters webLink = source.approvalPRLink Vendor <-APPROVES- PR Target Filters displayName = source.approvalPRName Account <-HOSTS- Vendor Target Filters name = source.vendor Transferred Properties _type = toLowerCase(source.vendor) name = source.vendor displayName = source.vendor CodeRepo <-HAS- Application Target Filters name = source.application Transferred Properties name = source.application CodeRepo -DEFINES-> Function Target Filters name = [source.name,source.functions] Product -HAS-> Project Target Filters key = source.projectKey Module -REQUIRES-> Module Target Filters id = source.requires Domain -HAS-> User Source Filters domainName = !null custom_mapping_rule_load_test_custom_device -IS-> custom_mapping_rule_load_test_integration_device Source Filters _accountId = ********-****-****-****-************ integrationLinkId = !null Target Filters linkId = source.integrationLinkId user_endpoint <-MANAGES- crowdstrike_sensor Source Filters _accountId = ********-****-****-****-************ serialNumber = !null Target Filters serialNumber = source.serialNumber * <-HAS- * Source Filters _accountId = ********-****-****-****-************ tag.app = !null Target Filters displayName = toLowerCase(source.tag.app) Project -HAS-> * Source Filters _accountId = ********-****-****-****-************ Target Filters tag.app = toLowerCase(source.displayName) User -IS-> Person Target Filters userId = toLowerCase(source.email) User -IS-> Person Target Filters username = toLowerCase(source.email) Device <-PROTECTS- HostAgent Target Filters macAddress = source.macAddress Device <-PROTECTS- HostAgent Target Filters serialNumber = source.serial Device <-PROTECTS- HostAgent Target Filters hostname = source.deviceId Device <-PROTECTS- HostAgent Target Filters serialNumber = source._key Device <-PROTECTS- HostAgent Target Filters macAddress = source.altMacAddress (Application|Product|Software) <-SUPPLIES- Vendor Target Filters _key = source.vendor (Application|Product|Software) <-SUPPLIES- Vendor Target Filters name = source.vendor Document <-HAS- (Application|Product|Software) Target Filters _key = source.product Document <-HAS- (Application|Product|Software) Target Filters name = source.product flexera_device <-IS- tenable_asset Target Filters biosUuid = source.serial * <-DEFINES- CodeRepo Source Filters tag.CodeRepoName = !null Target Filters name = source.tag.CodeRepoName CodeRepo -DEFINES-> * Target Filters tag.CodeRepoName = source.name * <-DEFINES- CodeRepo Source Filters tag.CodeRepoFullName = !null Target Filters fullName = source.tag.CodeRepoFullName CodeRepo -DEFINES-> * Target Filters tag.CodeRepoFullName = source.fullName * <-DEFINES- PR Source Filters tag.PRName = !null Target Filters displayName = source.tag.PRName CodeRepo -DEFINES-> * Target Filters tag.PRName = source.displayName