Several exciting capabilities added to the AWS Integration:
- Analysis of S3 Bucket Policies and build out permission relationships between the bucket and the principals.
This is in addition to parsing of bucket ACLs which was already supported.
- Analysis of IAM Policy Documents and build out permission relationships between the IAM policy and target resources.
This allows you to query and visualize the IAM permissions on a graph. For example queries, see this article.
- Analysis of EC2 Instance IAM Role Profiles and mapping them to the IAM Role an EC2 Instance is allowed to assume.
Combined with the policy document parsing above, this allows you to identify potential misconfigurations and permissions that may be too broad.
Read this blog post to see how this helps quickly identify issues similar to the one contributed to the recent Capital One data breach.
- Enabled parsing of addition attributes on Inspector Findings and set
them as properties, including
Collecting and displaying entity Raw Data:
In some cases, data capture from an integration provider may not be suitable as properties assigned to an entity resource. For example, the actual policy document of an AWS IAM policy. In this case, that data is captured and stored in its raw format.
You can view Raw Data in the Entity Properties Panel from either the -Asset Inventory* app or Graph View of query results in Landing.
From the Integrations page, you now have the option to manually trigger multiple integrations to run instead of one at a time (e.g. for multiple AWS accounts integrated with JupiterOne).
From the Alerts -> Open Vulns & Findings view, you now have the option to -tweak the vulnerability findings query* that generates the findings count and listing.
Community resources are provided AS IS. Code contributions and forks welcome.
- Ever wondered what the dependency relationships look like among your own code
repos? We've added a new open source project
map-repo-dependenciesto help answer that. For more details, see: https://github.com/JupiterOne/map-repo-dependencies
This is the first time we are including community resources in release notes. There are a few previously published resources to mention:
jupiterone-client-nodejs: A node.js client wrapper and CLI utility for JupiterOne public API. https://github.com/JupiterOne/jupiterone-client-nodejs
secops-automation-examples: Examples on how to maintain security/compliance as code and to automate SecOps using the JupiterOne platform. https://github.com/JupiterOne/secops-automation-examples
security-policy-templates: A set of policies, standards and procedures with mapping to HIPAA, HITRUST CSF, PCI DSS, NIST, CIS Controls, etc. https://github.com/JupiterOne/security-policy-templates
jupiter-policy-builder: CLI for generating policies, standards and procedures (PSP) documentation in Markdown and publishing to JupiterOne. https://github.com/JupiterOne/jupiter-policy-builder
npm-enforce-age: A utility that reminds you when it is time to revoke your issued NPM tokens. https://github.com/JupiterOne/npm-enforce-age
A number of fixes and improvements were made to the Question Trend Charts early access feature:
Different data series on the trend chart did not display different colors.
Updated the labels of data series on the trend chart to display the name of the stored query when available.
Added an option for users to enable/disable display of trends when editing a saved question in the library.
Improved the UI display of properties in the Entity Properties Panel for array and JSON text properties.
Fixed an issue when editing custom properties of an entity in Asset Inventory, number values were saved as strings.
Fixed an issue where the
uniquekeyword in certain queries did not correctly return all values.
Fixed an issue where Alert Rules were created without a
Create Alertaction or
versionfor queries when using basic rule editor.
Fixed an issue where changes to a new Insights board immediately after it was created overrides the board that was previously opened.
Fixed the query generated by the
Find Similaraction from entity property panel when the selected property value was not a string.
Improved handling of streamed alerts processing.
Improved error messages for query error reporting in the Landing app.
Several other misc. backend and UI/UX improvements.