Sections in this category

2019.28 Release

  • Updated

2019-08-20

New Features

  • Several exciting capabilities added to the AWS Integration:

    • Analysis of S3 Bucket Policies and build out permission relationships between the bucket and the principals.

    This is in addition to parsing of bucket ACLs which was already supported.

    • Analysis of IAM Policy Documents and build out permission relationships between the IAM policy and target resources.

    This allows you to query and visualize the IAM permissions on a graph. For example queries, see this article.

    • Analysis of EC2 Instance IAM Role Profiles and mapping them to the IAM Role an EC2 Instance is allowed to assume.

    Combined with the policy document parsing above, this allows you to identify potential misconfigurations and permissions that may be too broad.

    Read this blog post to see how this helps quickly identify issues similar to the one contributed to the recent Capital One data breach.

    • Enabled parsing of addition attributes on Inspector Findings and set them as properties, including protocol, port, tcpPorts, udpPorts, eni, ruleType, instanceId, igw, vpc, securityGroup, and acl.
  • Collecting and displaying entity Raw Data:

    In some cases, data capture from an integration provider may not be suitable as properties assigned to an entity resource. For example, the actual policy document of an AWS IAM policy. In this case, that data is captured and stored in its raw format.

    You can view Raw Data in the Entity Properties Panel from either the -Asset Inventory* app or Graph View of query results in Landing.

  • From the Integrations page, you now have the option to manually trigger multiple integrations to run instead of one at a time (e.g. for multiple AWS accounts integrated with JupiterOne).

  • From the Alerts -> Open Vulns & Findings view, you now have the option to -tweak the vulnerability findings query* that generates the findings count and listing.

Community Projects

Community resources are provided AS IS. Code contributions and forks welcome.

This is the first time we are including community resources in release notes. There are a few previously published resources to mention:

Early Access Features

  • A number of fixes and improvements were made to the Question Trend Charts early access feature:

    • Different data series on the trend chart did not display different colors.

    • Updated the labels of data series on the trend chart to display the name of the stored query when available.

    • Added an option for users to enable/disable display of trends when editing a saved question in the library.

Improvements and Bug Fixes

  • Improved the UI display of properties in the Entity Properties Panel for array and JSON text properties.

  • Fixed an issue when editing custom properties of an entity in Asset Inventory, number values were saved as strings.

  • Fixed an issue where the unique keyword in certain queries did not correctly return all values.

  • Fixed an issue where Alert Rules were created without a Create Alert action or version for queries when using basic rule editor.

  • Fixed an issue where changes to a new Insights board immediately after it was created overrides the board that was previously opened.

  • Fixed the query generated by the Find Similar action from entity property panel when the selected property value was not a string.

  • Improved handling of streamed alerts processing.

  • Improved error messages for query error reporting in the Landing app.

  • Several other misc. backend and UI/UX improvements.

🔝

Was this article helpful?

2 out of 2 found this helpful