Sections in this category

Hardware/software inventory and configuration

  • Updated

What Workloads are in my environment?

Find Workload
Find Workload with tag.AccountName='{accountName}'

What are my production systems and servers?

(and what are those systems there to do?)

Find (Host|Database) with tag.Production=true
Find (Host|Database) with tag.AccountName='{accountName}'

What are my production resources?

Filter using production tag:

Find (Application|CodeRepo|Workload|Function|Task|Host|Device|Database|DataStore)
  with tag.Production=true

Filter using account name:

Find (Application|CodeRepo|Workload|Function|Task|Host|Device|Database|DataStore)
  with tag.AccountName='{accountName}'

You can also use Find * to cover everything but the results could be overwhelming.

What are my production data stores and databases?

Find (DataStore|Database) with tag.Production=true
Find (DataStore|Database) with tag.AccountName='{accountName}'

What are my production applications?

Find Application with tag.Production = true
Find Application with tag.AccountName='{accountName}'

What are my network assets?

Find Network with _type!='mapped_entity'

Entities that are of type 'mapped_entity' are resources that are not directly from the integrations.

You can use _type='mapper_entity' or _source='system-mapper' to find "external" resources:

Find Network with _source='system-mapper'
Find (Gateway|Firewall) with category='network'

Which devices are/are not auto-scaling?

Find aws_instance that has aws_autoscaling_group
Find aws_instance that !has aws_autoscaling_group

What are the tiers of infrastructure?

To be added.

How many devices are in each service priority?

To be added.

What are the TTL of devices in each service priority or architectural tier or with tag type {}?

To be added.

What information assets are missing metadata for data classification, tier of service or architectural tier?

Find (Host|DataStore|Workload|Task) with tag.Classification = undefined

What applications and operating systems are in use?

Find Host as h return h.platform

A 'Group By' capability will be added to J1QL soon to return objects or count by unique property values.

Who owns a production system in account/zone/tier/layer/VPC/SG?

Find (Host|DataStore|Workload|Task|Application)
  with tag.AccountName = '{accountName}' as system
return system.displayName, system.owner
Find (Host|DataStore|Workload|Task|Application) as system
  that relates to aws_vpc with vpcId='{vpcId}' or name='{vpcName}'
return system.displayName, system.owner
Find (Host|DataStore|Workload|Task|Application) as system
  that relates to aws_security_group with groupId='{sgId}' or name='{sgName}'
return system.displayName, system.owner

How many systems were added to environment {} in last time period?

Example for last 24 hours time period:

Find * with _tag.AccountName='{accountName}' and _createdOn > date.now - 24hrs

How many systems were added to a source environment (e.g. AWS account) interactively vs automated?

To be added.

How many resources were added to manually vs automated?

Count entities added by its source:

Find * as e return e._source, count(e)

Source (_source) can be one of the following:

  • integration-managed: added via a provider integration
  • powerup-managed: added via a JupiterOne Powerup (currently endpoint compliance stethoscope agent)
  • system-mapper: added by the JupiterOne mapper (derived entities or external entities)
  • api: added manually by a JupiterOne user from either the webapp or API

What container images, VM images, and software packages are available in my production environments?

Container entities/relationships are to be added when we support ECS, EKS, ECR and Fargate.

What are the tags assigned to a particular inventory asset?

This is best viewed in the Asset Inventory app by selecting an entity and going to the "Tags" tab in the properties panel.

🔝

Was this article helpful?

5 out of 7 found this helpful