Graph mode for the search/query results in Landing Zone is now available! You can switch to Graph mode for any search or query to get a focused visual or the entities and relationships from the results. The graph is interactive so that you can further expand for deeper analysis.
Much improved Search in Landing Zone that allows all of the following modes in one place:
- Keywords search to ask saved/packaged questions
- Full text search across all entities based on their property values
- JupiterOne query language (J1QL) for precise querying of entities and relationships
- Combining full text search with J1QL
New ingestion and analysis from AWS:
- S3 Bucket ACL processing and access mapping
- S3 Bucket public access block configuration
- Account password policy
- IAM User MFA devices and access keys
Added OR operator support on relationship keywords in J1QL. For example:
Find HostAgent that (PROTECTS|MANAGES|MONITORS) Host
Condensed quick filter by entity class icons in Asset Inventory app.
You can edit or delete an entity manually from the Asset Inventory app.
Web links are added to most entities ingested, allowing you to directly open in a new tab to view the resource in the source web console.
Added linking to Geolocation lookup of IP Address and CIDR of a Host or Network.
New packaged questions and queries added:
[general] What are my information assets?
[general] What are my production data stores and databases?
[general] What are my production resources?
[general] What are my production applications?
[general] Which devices have been disposed in the last 12 months?
[access] Who has been assigned permissions with 'Admin' access?
[access] Who owns which user accounts?
[access] What are the shared/generic/service accounts? (user accounts that are not individually owned)
[access] Show me the current password policy and compliance status.
[access] Find anything that allows public access to everyone.
[appdev] Were there any Code Repos added in the last 24 hours?
[data] Is my production or PHI/PII data stores encrypted?
[data] Are there any non-public data stores incorrectly configured with public access to everyone?
[endpoint] What is the configuration and compliance status of my endpoint devices?
[endpoint] Whose endpoint is out of compliance?
[endpoint] Is there malware protection for all endpoints?
[endpoint] Are there security agents monitoring and protecting my endpoint hosts/devices?
[endpoint] Are my servers and systems protected by hosted-based firewall?
[infra] Are there potential IP collisions among the networks/subnets in my environment?
[infra] What are directly connected to the Internet?
[infra] What network traffic is allowed between internal and external networks?
[infra] Is there proper segmentation/segregation of internal networks?
[infra] Are wireless networks segmented and protected by firewalls?
[infra] Are there VPN configured for remote access?
[infra] Show all inbound SSH firewall rules across my network environments.
[infra] Is inbound SSH allowed directly from an external host or network?
[aws] Is MFA enabled for the Account Root User for all my AWS accounts?
[aws] Are there root user access keys in use for any of my AWS accounts?
[aws] Is public access block configured for non-public S3 Buckets?
[aws] Is public read access enabled for any S3 Bucket?
[aws] Is public write access enabled for any S3 Bucket?
[aws] Is S3 bucket access granted to anybody outside of the account?
[aws] Is there any S3 bucket that grants full control access to anybody other than the owner?
[aws] What are the service roles in my AWS accounts (i.e. an IAM Role that has a trust policy to an AWS Service)?
[aws] Are all EBS volumes encrypted?
[aws] Is default server side encryption enabled for all S3 Buckets?
[aws] Who has been assigned full Administrator access?
[aws] Are there assume role trusts to external entities?
[aws] Are all the AWS Config rules complaint? (if AWS Config service is enabled)
[aws] Are there any noncompliant production resources in AWS per Config evaluation? (if AWS Config is enabled)
[aws] Are there EC2 instances exposed to the Internet?
[aws] Which EC2 instances may have external network connections?
Improvements and Bug Fixes
- Improved username display next to the user avatar.
- UI/UX improvements on Landing Zone search, with Clear, Save, and -Clear All* action buttons for query results.
- Improved accuracy of full-text search.
- Fixed missing column in some query/search results.
- Fixed account name tagging not enabled by default in certain integration configurations.
- Several stability and robustness improvements on backend services.
- New icons for several entity classes.