2020-10-06
New Features
Added support for custom Jira Issue Collector in Compliance app such that you can create a Jira issue on-demand directly from a requirement view.
We plan to improve this on-demand Jira issue creation workflow in the future to support features like auto populating certain fields.
Added an entity count indicator to each integration instance. Clicking on the entity count chip wil run a query to show entity counts from that integration instance by entity
_type.
Customers can now start a trial themselves for apps they don't current have access to.
We have been secretly working on a compliance review workflow feature. It's now in internal testing. Stay tuned!
Integrations
AWS
- Added support to ingest Amazon Macie findings. Try:
Find aws_s3_bucket
with classification != 'public' and tag.Production=true
that has aws_macie_finding
with hasSensitiveData = true and detectionsCount > 0
return tree
This requires
macie2:GetFindingsandmacie2:ListFindingsIAM permissions to be added to the IAM policy attached to the JupiterOne integration IAM role.
Improved trust relationships mapping for IAM SAML federation to Google G Suite accounts.
Added
netmaskproperty toaws_vpcandaws_subnetentities so that users can easily find subnets, or security group rules pointing to subnets with large netmasks in a query -- e.g.netmask > 16.Improved relationship mapping between Route53
CNAMErecords to EC2 instance entities.Fixed missing relationships between
aws_security_groupandaws_elasticsearch_domainentities. This allows a query to determine if any ElasticSearch domain is publicly facing:
find Internet
that allows aws_security_group
that protects aws_elasticsearch_domain
that has aws_subnet with public=true
return TREE
- Changed the Lambda <> VPC relationships so that the
HASrelationship is built betweenaws_lambda_functionandaws_subnetentities. This was previously at theaws_vpclevel which was less accurate.
This is a potentially breaking change if you have existing queries between
aws_vpcandaws_lambda_functionentities.This query:
Find aws_vpc that HAS aws_lambda_functionNeeds to be updated to
Find aws_vpc that CONTAINS aws_subnet that HAS aws_lambda_functionThe
aws_lambda_functionentities will continue to havevpcIdproperty that can be used in query filters.
BambooHR
- Initial release
- See docs for more details
CloudFlare
- Add
DomainRecord.valueproperty containing the data of the record
GoDaddy
- Initial release
- See docs for more details
Google Cloud
Added ingestion of networking resources
google_compute_firewallgoogle_compute_networkgoogle_compute_subnetwork
Added ingestion of KMS resources
google_kms_key_ringgoogle_kms_crypto_key
Added new relationships
google_compute_firewall PROTECTS google_compute_networkgoogle_compute_network CONTAINS google_compute_subnetworkgoogle_compute_network HAS google_compute_firewallgoogle_compute_subnetwork HAS google_compute_instanceInternet ALLOWS google_compute_firewallInternet DENIES google_compute_firewallHost ALLOWS google_compute_firewallHost DENIES google_compute_firewallNetwork ALLOWS google_compute_firewallNetwork DENIES google_compute_firewallgoogle_kms_key_ring HAS google_kms_crypto_key
Fixed duplicate
_keydetected error when the Google Cloudserviceusage.services.listAPI returned a duplicate API service intermittently.Fixed
ComputeInstanceTrustsServiceAccountrelationship which allowed array relationships.Fixed potential for DUPLICATEKEYERROR in
fetchResourceManagerIamPolicy.
Google Workspace (formerly G Suite)
- Fixed an incorrect mapping of users to groups.
Other Improvements and Bug Fixes
In the query results table, metadata properties are shown with their actual name the column headers (e.g.
type->_type,class->_class).Resolved an issue where the table view Insights chart would clip information on smaller screens.
Changed the trend chart in Alerts to always starts at 0 for the Y-axis to avoid confusion.
Resolved an issue where compliance standards would throw a 500 error when being created.