Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
atSpoke Integration with JupiterOne - AskJ1 Community
<main> <article class="userContent"> <h2 data-id="atspoke-jupiterone-integration-benefits">atSpoke + JupiterOne Integration Benefits</h2> <ul><li>Visualize atSpoke users, teams, requests and webhooks in the JupiterOne graph.</li> <li>Map atSpoke users to employees in your JupiterOne account.</li> <li>Maintain awareness of systems atSpoke is interacting with through webhooks.</li> <li>Monitor changes to atSpoke users using JupiterOne alerts.</li> <li>Correlate atSpoke request types and volume with other security events.</li> </ul><h2 data-id="how-it-works">How it Works</h2> <ul><li>JupiterOne periodically fetches users, teams, and webhooks from atSpoke to update the graph. Optionally, requests and request types are also fetched.</li> <li>Write JupiterOne queries to review and monitor updates to the graph.</li> <li>Configure alerts to take action when JupiterOne graph changes.</li> </ul><h2 data-id="requirements">Requirements</h2> <ul><li>You need a Business or Enterprise level atSpoke account in order to create an API key for JupiterOne to access the system.</li> <li>You must have permission in JupiterOne to install new integrations.</li> </ul><h2 data-id="support">Support</h2> <p>If you need help with this integration, please contact <a rel="nofollow" href="https://community.askj1.com">JupiterOne Support</a>.</p> <h2 data-id="integration-walkthrough">Integration Walkthrough</h2> <h3 data-id="in-atspoke">In atSpoke</h3> <ol><li>Log into atSpoke on a Business-level or Enterprise-level account (Teams-level accounts do not provide API functionality).</li> <li>Go to My Profile.</li> <li>Select the API tab.</li> <li>Generate a token at the bottom of the page. Note that you can only have one token for the whole atSpoke account, and it allows access to all things.</li> </ol><h3 data-id="in-jupiterone">In JupiterOne</h3> <ol><li>From the configuration <strong>Gear Icon</strong>, select <strong>Integrations</strong>.</li> <li>Scroll to the <strong>atSpoke</strong> integration tile and click it.</li> <li>Click the <strong>Add Configuration</strong> button.</li> <li>Enter the <strong>Account Name</strong> by which you'd like to identify this atSpoke account in JupiterOne. Ingested entities will have this value stored in <code class="code codeInline" spellcheck="false" tabindex="0">tag.AccountName</code> when <strong>Tag with Account Name</strong> is checked.</li> <li>Enter a <strong>Description</strong> that will further assist your team when identifying the integration instance.</li> <li>Select a <strong>Polling Interval</strong> that you feel is sufficient for your monitoring needs. You may leave this as <code class="code codeInline" spellcheck="false" tabindex="0">DISABLED</code> and manually execute the integration.</li> <li>Enter the <strong>atSpoke API Key</strong> generated on the atSpoke site.</li> <li>Enter the number of <strong>num atSpoke requests</strong> according to your preference. See below for details on this feature.</li> <li>Click <strong>Create Configuration</strong> once all values are provided.</li> </ol><h3 data-id="atspoke-request-tracking">atSpoke Request Tracking</h3> <p>Tracking atSpoke requests in the JupiterOne graph is optional. If you do not<br> want to track requests and request-types, set <strong>num atSpoke requests</strong> to 0.</p> <p>Any number above 0 will tell JupiterOne to retrieve that many requests, starting<br> with the most recently updated, at each polling interval. These requests will be<br> Record entities in the JupiterOne graph, and the collection size will grow<br> indefinitely (ie. old Records will not be deleted, unlike users, teams, and<br> webhooks which only show current in the J1 graph).</p> <p>Consider setting this number to a value that correlates to the execution<br> interval of the integration and the expected number of requests that would have<br> been created/changed between executions. Setting it on the higher side of that<br> estimate is not a problem (Records will not be duplicated), but setting it<br> unnecessarily high could have performance impacts with frequent polling.</p> <h1 data-id="how-to-uninstall">How to Uninstall</h1> <ol><li>From the configuration <strong>Gear Icon</strong>, select <strong>Integrations</strong>.</li> <li>Scroll to the <strong>atSpoke</strong> integration tile and click it.</li> <li>Identify and click the <strong>integration to delete</strong>.</li> <li>Click the <strong>trash can</strong> icon.</li> <li>Click the <strong>Remove</strong> button to delete the integration.</li> </ol><p><br></p> <h2 data-id="data-model">Data Model</h2> <h3 data-id="entities">Entities</h3> <p>The following entities are created:</p> <table><thead><tr><th>Resources</th> <th>Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Entity <code class="code codeInline" spellcheck="false" tabindex="0">_class</code></th> </tr></thead><tbody><tr><td>atSpoke Account</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_account</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Account</code></td> </tr><tr><td>atSpoke Request</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_request</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Record</code></td> </tr><tr><td>atSpoke Request Type</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_requesttype</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Configuration</code></td> </tr><tr><td>atSpoke Team</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_team</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">UserGroup</code></td> </tr><tr><td>atSpoke User</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_user</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">User</code></td> </tr><tr><td>atSpoke Webhook</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_webhook</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">ApplicationEndpoint</code></td> </tr></tbody></table><h3 data-id="relationships">Relationships</h3> <p>The following relationships are created/mapped:</p> <table><thead><tr><th>Source Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Relationship <code class="code codeInline" spellcheck="false" tabindex="0">_class</code></th> <th>Target Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> </tr></thead><tbody><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_request</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_requesttype</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_team</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_user</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_webhook</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_request</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_requesttype</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_team</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">atspoke_user</code></td> </tr></tbody></table><p><br></p> </article> </main>