Sections in this category

02/10 Search Quickstart

  • Updated

You can quickly search and get insight across your entire digital environment integrated with JupiterOne, right here from the Landing Zone. There are three modes of search:

  1. Ask questions by typing in any keywords to search across all packaged/saved questions
  2. Full text search across all entities based on their property values
  3. JupiterOne query language (J1QL) for precise querying of entities and relationships

Results can be toggled in four different display modes: Table, Graph, Raw JSON, or Pretty JSON.

Note that for performance reasons, search results are limited to return up to 250 items. If you believe something is missing from a large result set, try tuning the query to generate more precise results.

Ask Questions

Just start typing any keyword (or combination of keywords) such as these (without quotes):

  • compliance
  • access
  • traffic
  • ssh
  • data encrypted
  • production

Or ask a question like:

  • Who are my vendors?
  • What lambda functions do I have in AWS?
  • What is connected to the Internet?
  • Who has access to …?

Full Text Search

Put your keywords in quotes (e.g. "keyword") to start a full text search. Or simply type in your keywords and hit "Enter". For example,

  • "sg-123ab45c" will find an AWS EC2 Security Group with that group ID
  • "Charlie" will find a Person and/or User with that first name, and potentially other resources related to that person/user
  • "jupiterone database" will find Database entities with property values that include the keyword "jupiterone"

JupiterOne Query Language (J1QL)

The JupiterOne Query Language (J1QL) is used here for searching for anything across all of your entities and relationships.

Here's the basic query structure:

  • Start with an entity:

    FIND {class or type of an Entity}

  • Optionally add some property filters:

    WITH {property}={value} AND|OR {property}={value}

  • Get its relationships:

    THAT {relationship_verb}|RELATES TO {class/type of another Entity}

For example:

FIND * WITH tag.Production='true'

(note the wildcard * above to include everything)

FIND User THAT IS Person

If you don't know the exact relationship, you can just use the keyword RELATES TO to cover any/all relationship:

FIND User THAT RELATES TO Person

You can name an entity or relationship with an alias with the AS {something}. The alias can then be used in WHERE for additional filtering or comparison, or in RETURN for returning specific properties.

For example:

FIND Firewall AS fw
  THAT ALLOWS AS rule (Network|Host) AS n
WHERE
  rule.ingress=true and rule.fromPort=22
RETURN
  fw._type, fw.displayName, fw.tag.AccountName,
  n._type, n.displayName, n.tag.AccountName

The query language is case insensitive except for the following:

  • TitleCase Entity keyword after Find and the {relationship verb} will search for entities of that Class. (e.g. CodeRepo)
  • lowercase Entity keyword after Find and the {relationship verb} will search for entities of that Type. An entity type with more than one word is generally in snake_case. (e.g. github_repo)
  • Entity property names and values, and alias names defined as part of the query, are case sensitive.

Checkout the J1QL query tutorial and the complete J1QL documentation with more advanced examples.

Combining full text search with J1QL

You can also start with a full text search and then use J1QL to further filter the results from the initial search. For example:

Find "Administrator" with _class='AccessPolicy' that ASSIGNED (User|AccessRole)
Find 'security officer' with _type='employee'
Find 'roles responsibilities' with _class=('Policy' or 'Procedure')

Note that either single quotes (') or double quotes (") will work for both full text search keywords and property string values.

🔝

Was this article helpful?

1 out of 1 found this helpful