Query language now supports group by aggregates based on entity attributes in addition to relationships. For example, try:// Count number of pull requests by repo and then state Find PR as pr return pr.repository, pr.state, count(pr)
or// Count unencrypted data stores by type Find DataStore with encrypted=false as ds return ds._type, count(ds) as value
Updated AWS GuardDuty integration to better support threat analysis by parsing the threat intel list and attack source details. Try:Find Finding as f return f.threatList, count(f)
orFind Finding as f return f.attackSource, count(f)
Alerts Trend and History Data:
Each alert now displays a trend chart to visualize changes over time. Selecting a data point on the trend chart will show you the results data captured by the alert at that point in time.
Added capabilities in Compliance app that
allows you to import/upload any compliance framework, including your own custom security controls and best practices;
performs automated continuous gap analysis based on matching queries;
shows improved indicators to show status of policies, evidence collected, and gap analysis outcome; and
maps policies, procedures and evidences to controls in addition to requirements.
Multi-factor authentication (MFA) can be enabled for JupiterOne user accounts (requires feature enablement per account)
Quick Search in Asset Inventory allows you to type in simple full text search strings to quick filter results based on entity property values.
New packaged questions and queries added:
- [aws] Show me correlation of instances impacted by Inspector findings and GuardDuty findings
- [appdev] Are code changes reviewed and approved?
- [appdev] Are there code commits by an unknown developer in a PR?
- [grc] Are security policies and procedures updated or reviewed within the past 12 months?
- [grc] Is vendor SLA being monitored? Is there regular status reporting for my vendors?
- [general] What vendor software applications are in use?
- [general] What operating systems are in use?
- [general] What applications are we developing?
Significant query performance improvements
Query result improvements:
- common timestamp properties are parsed into human readable ISO datetime strings
- URL / web link properties are parsed and hyperlinked
- IP address properties are linked out to geolocation details
Bitbucket integration now allows you to selectively enable/disable ingestion of PR data for analysis. See details in this article.
Various small updates across all integrations.
Many updates to package questions/queries to support compliance gap analysis.