Sections in this category

2021.70 Release

  • Updated

2021-05-05

New Features and Improvements

  • Added compliance controls library, users can now customize their SOC 2 framework by importing/creating their own controls through the UI

  • Users are now able to edit any property on an entity via the entity drawer, even if it was imported from an integration

  • Users can now report issues/suggestions through the J1 app by clicking the help icon and then selecting “Report an Issue”

Integrations

AWS

  • Added config fields useRoleChaining, intermediateRoleArn, and intermediateExternalId to support Role Chaining. This allows customers to maintain a single role for JupiterOne that is then used to assume different roles across many accounts. See the integration configuration UI for more details.

  • Allow customers to provide externalId when creating integration instances through the API. The value will be limited to use within a single JupiterOne account.

  • Parse IAM username from policy conditions.

  • Add support for custom target filter keys in policy principal entity mapping to more accurately map permissions to existing entities if they exist.

  • Account for policy statements with Condition but no Principal when building resource permission relationships.

  • Set normalized retentionPeriod property on DataStore entities to simplify querying.

  • Began adding accountId property to all entities. New integration instances benefit immediately, existing integrations will see the property added to types in the coming weeks.

  • Parse SNS Topic Policy and build permission relationships.

  • Stopped calling listTagsForResource on RDS resources - tags are already returned with the resource.

  • Fixed missing IAM managed policy relationships to user, groups, and roles.

  • Fixed bug in Route53 step that prevented ingestion of large zones.

  • Various improvements to Route53 ingestion to improve performance for large zones.

  • Use ResourceGroupsTaggingAPI service to fetch tags for Route53 hosted zones, instead of calling getTagsForResouce for every resource, to reduce number of API calls.

Azure

  • Fixed 404 error handling ingesting policy sets and policies.

  • Fixed DuplicateKeyError creating relationships between policy sets and policy definitions.

  • Improved processing of policy definition IDs that are sourced from management groups.

  • Fixed errors ingesting tables/queues/fileShares of Premium tier storageV1/storageV2 accounts (only Standard tier storage accounts support tables/queues/fileShares).

Cobalt

  • Finding.open is set to false when status is wont_fix

Google Cloud

  • New properties added to resources:

    • google_compute_instance
    • hostname
  • Publish integration job log event when fetching alert monitoring policies fails due to project/{PROJECT_ID} is not a workspace

  • Publish integration job log event when when some buckets are configured with "requestor pays". These buckets' policies cannot be read, so the isPublic property cannot be determined.

  • Report an error when storage bucket policy could not be fetched

  • Fixed memoryUsage and diskUsageBytes App Engine properties having NaN values

Jamf

  • Fixed error creating duplicate relationships between jamf_computer and jamf_osx_configuration_profile.

OneLogin

  • Fixed broken pagination that limited ingestion of large collections (/groups, /roles, and /apps).

PagerDuty

  • Improved messaging for errors from validateInvocation.
  • Fixed broken pagination that limited ingestion of large collections.

Qualys

  • Only host detections with severities 3,4,5 are ingested by default. It is recommended to avoid ingesting lower severity detections until you're ready to process them in a meaningful way. See the configuration UI to make a change.

Bug Fixes

  • Resolved some alignment issues with the compliance app
  • Resolved an issue where the client was generating the vanity URL for new accounts and would sometimes run into naming conflicts with existing accounts
  • Version suffixes are no longer shown on the name for compliance frameworks
  • Resolved an issue where rule packs would fail to import when importing on new accounts
  • Resolved an issue where certain users were only seeing partial mapping of evidence on SOC 2 frameworks
🔝

Was this article helpful?

1 out of 1 found this helpful