Articles in this section

See more

2019.24 Release

Callisto (J1 Support Bot)
  • Updated
Follow

2019-06-11

New Features

  • Query language now supports group by aggregates based on entity attributes in addition to relationships. For example, try:

    // Count number of pull requests by repo and then state

Find PR as pr
  return pr.repository, pr.state, count(pr)

    or

    // Count unencrypted data stores by type

Find DataStore with encrypted=false as ds
  return ds._type, count(ds) as value

  • Updated AWS GuardDuty integration to better support threat analysis by parsing the threat intel list and attack source details. Try:

    Find Finding as f return f.threatList, count(f)

    or

    Find Finding as f return f.attackSource, count(f)

  • Alerts Trend and History Data:

    Each alert now displays a trend chart to visualize changes over time. Selecting a data point on the trend chart will show you the results data captured by the alert at that point in time.

    alerts-trend

  • Added capabilities in Compliance app that

    • allows you to import/upload any compliance framework, including your own custom security controls and best practices;

    • performs automated continuous gap analysis based on matching queries;

    • shows improved indicators to show status of policies, evidence collected, and gap analysis outcome; and

    • maps policies, procedures and evidences to controls in addition to requirements.

    compliance-view

  • Multi-factor authentication (MFA) can be enabled for JupiterOne user accounts (requires feature enablement per account)

    user-profile-mfa

  • Quick Search in Asset Inventory allows you to type in simple full text search strings to quick filter results based on entity property values.

    asset-quick-search

  • New packaged questions and queries added:

    • [aws] Show me correlation of instances impacted by Inspector findings and GuardDuty findings
    • [appdev] Are code changes reviewed and approved?
    • [appdev] Are there code commits by an unknown developer in a PR?
    • [grc] Are security policies and procedures updated or reviewed within the past 12 months?
    • [grc] Is vendor SLA being monitored? Is there regular status reporting for my vendors?
    • [general] What vendor software applications are in use?
    • [general] What operating systems are in use?
    • [general] What applications are we developing?

Improvements and Bug Fixes

  • Significant query performance improvements

  • Query result improvements:

    • common timestamp properties are parsed into human readable ISO datetime strings
    • URL / web link properties are parsed and hyperlinked
    • IP address properties are linked out to geolocation details

  • Bitbucket integration now allows you to selectively enable/disable ingestion of PR data for analysis. See details in this article.

  • Various small updates across all integrations.

  • Many updates to package questions/queries to support compliance gap analysis.

Related articles

Comments

0 comments

Please sign in to leave a comment.