2020.41 Release

2020-03-17

New Features

• Added evidence upload capability to Compliance app.

• Much improved Slack message formatting from JupiterOne alerts. See example alert below. The message title links to the alert in the JupiterOne web app.

  

  The alert above is configured with the following slackBody template and action:

  "templates": {
    "slackBody": "Function Name: {{item.functionName}}\nMemory size: {{item.memorySize}}\n\n"
  },
  ...
  "operations": [
    {
      ...
      "actions": [
        ...
        {
          "type": "SEND_SLACK_MESSAGE",
          "body": "{{queries.query0.data|mapTemplate('slackBody')|join(' ')}}",
          "webhookUrl": "https://hooks.slack.com/services/ABC/DEF"
        }
      ]
    }
  ]
  

  Additionally, {{alertWebLink}} is available as a variable that can be referenced in rule templating.

🤫 Don't tell anyone yet: a JupiterOne Slack app is coming soon!

Integrations

• [AWS] Added ingestion of tags on IAM users and roles; captured backupsCount, oldestBackupCreatedOn, and latestBackupCreatedOn properties to aws_dynamodb_table entities.

• [Jamf] Added properties from general details to computer entity.

• [Jira] Improved parsing of Jira description/text contents; created missing jira_account -> jira_user relationships.

• [Okta] Added raw data capture for Okta entities.

• [Tenable Cloud] Added additional fields to Finding and Vulnerability entities ingested from Tenable Cloud API, including description, synopsis, solution, priority, numericPriority, etc. when available. Also fixed incorrectly assigned values to severity and numericSeverity.

Improvements and Bug Fixes

• Improved auto-complete to not make suggestions after quotation marks.

  Note: Query auto-complete is now enabled by default for new users.

• Fixed an issue with the Github app installation flow during integration setup.

• Fixed an occasional timeout issue with Snyk integration.

• Minor content updates and fixes to security-policy-templates.

• Fixed an issue in Insights where adding a second widget to the board overwrites the one that was just added before it.

• Added more end-to-end testing and monitoring to improve platform health check.

Community Projects

• Added example script to leverage graph query results to enrich entity data:

  https://github.com/JupiterOne/graph-enrichment-examples

  And a corresponding blog post to describe a use case around checking user account MFA status:

  https://jupiterone.com/blog/reduce-noise-when-analyzing-user-mfa-status/

• Added a module to support running Microsoft's Playwright on AWS Lambda and Google Cloud Functions:

  https://github.com/JupiterOne/playwright-aws-lambda

  This was added about a month ago but never made it into the release note.