Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
JupiterOne Endpoint Compliance Agent with Stethoscope v4.0.0 - AskJ1 Community
<main> <article class="userContent"> <p>The JupiterOne Endpoint Compliance Agent with Stethoscope now supports Stethoscope v4.0.0.</p> <p>This version of the tool has improved support for the latest versions of MacOS, as well as supporting a new policy schema for verifying the installation status (or absence) of certain applications. See <a rel="nofollow" href="https://github.com/Netflix-Skunkworks/stethoscope-app/blob/master/CHANGELOG.md">the full CHANGELOG</a> here for changes since the 3.0.5 release.</p> <h2 data-id="endpoint-applications-policy">Endpoint applications policy</h2> <p>By using this version of Stethoscope, you will be able to specify endpoint policies that enforce the presence or absence of certain applications, or application versions. For example, using the following policy fragment, you can check to ensure that a recent version of Carbon Black is installed on MacOS and Windows devices.</p> <pre class="code codeBlock" spellcheck="false" tabindex="0"> "applications": [ { "name": "Confer", "description": "Confer.app is the Carbon Black agent for mac", "assertion": "ALWAYS", "version": ">2.0.0", "platform": { "darwin": ">=10.0.0" } }, { "name": "cb.exe", "description": "cb.exe is the Carbon Black agent for Windows", "assertion": "ALWAYS", "version": ">2.0.0", "platform": { "win32": ">=7.0.0" } } ] </pre> <p><strong>Note</strong>: support for <code class="code codeInline" spellcheck="false" tabindex="0">applications</code> checks like the above is not backwards compatible with previous versions of Stethoscope. You will want to ensure that all of your JupiterOne endpoint devices are using v4.0.0 or later before specifying a policy fragment like the above example in the JupiterOne Endpoint Power-Up configuration panel.</p> <h2 data-id="upgrading-from-a-previous-version">Upgrading from a previous version</h2> <p>To check to see how many endpoints currently need upgrading to v4.0.0, you can use a query like:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find stethoscope_agent with lastReport >= date.now - 7days and stethoscopeVersion != '4.0.0' as agent return count(agent) </pre> <p>When this count is zero, you may safely use the v4.0.0 policy schema. For more details on this schema, see the <a rel="nofollow" href="https://github.com/Netflix-Skunkworks/stethoscope-app/blob/master/docs/POLICIES.md">Stethoscope Policies Documentation</a>. To upgrade from a previous version of Stethoscope to v4.0.0, send an endpoint activation email from the <a rel="nofollow" href="https://apps.us.jupiterone.io/powerups/endpoint-agent">JupiterOne Endpoint Power-Up configuration panel</a><br> to all affected users, and have them reinstall and activate from the details provided in that email. You can get a copy/paste-able list of affected user emails with a query like:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">Find stethoscope_agent with lastReport >= date.now - 7days and stethoscopeVersion != '4.0.0' as agent return agent.email </pre> </article> </main>