Sections in this category

2021.86 Release

  • Updated

December 16, 2021

New Features and Improvements

  • Organization administrators can now create account-level API keys, which links the key to the organization account instead of an individual user account.

  • Organization administrators can now parameterize sensitive values such as secrets for use in J1QL queries and questions without exposing the values.

  • Vendor data in the public vendor-stack repository on GitHub is automatically used to enrich the properties of the vendor asset when a new integration is enabled in your account. This action does not overwrite or replace any custom changes you have made directly to the vendor assets. Updates to the vendor-stack repository are welcome. This update was also published as a npm package.

  • On Monday, December 20th, JupiterOne will provide a new login experience for users:

Integrations

AWS

We are working on improvements to the logic for how we identify public: true, public: false and public: undefined on S3 buckets that are ingested to J1 so they more closely match what is displayed in the AWS Console. We expect to release these changes later this month. More details will be provided prior to the release.

GitHub

Issues can now discover outside collaborators for CREATED and ASSIGNED relationships. For example, to find outside collaborators that were assigned an issue in GitHub you can run the following J1QL query:

FIND github_user WITH role="OUTSIDE" AS user
THAT ASSIGNED github_issue AS issue
RETURN 
  user.username,
  issue.title,
  issue.state

Google Cloud

  • Properties added to entities:
Entity Property
google_storage_bucket versioningEnabled

  • Properties added to relationships:
Relationship Property
google_iam_binding_assigned_cloud_authenticated_users projectName
google_iam_binding_assigned_domain projectName
google_iam_binding_assigned_everyone projectName
google_iam_binding_assigned_group projectName
google_iam_binding_assigned_iam_role projectName
google_iam_binding_assigned_iam_service_account projectName
google_iam_binding_assigned_user projectName

  • Properties removed from entities:
Entity Property
google_cloud_folder projectId
google_cloud_organization projectId, folders
folder level google_iam_binding projectId
org level google_iam_binding projectId, folders

  • rawData is now stored for google_iam_binding

  • When determining which project's google_iam_bindings to ingest, if a projectId is not specified in the configuration, the service account projectId should be used instead.

  • When making google_iam_binding_allows_resource relationships, J1 no longer checks to see if a service is enabled when determining if the relationship should be mapped or direct. Because this verification is for non-organization integration instances, the Resource Manager API does not need to be enabled to ingest a google_cloud_project.

Google Workspace

  • Added support for ingesting the following new resources:
Resource Entity _type Entity _class
Mobile Device google_mobile_device Device

  • To import mobile device entities you need to adjust your permissions in your Google Workspace account:
  1. Click Security > API controls
  2. In the Domain wide delegation pane, select Manage Domain Wide Delegation.
  3. Click Edit near the JupiterOne Service Account and add a new entry under API scopes for https://www.googleapis.com/auth/admin.directory.device.mobile.readonly
  4. Click Account > Admin roles.
  5. Click the JupiterOne System role, and click Privileges
  6. Under Services, Mobile Device Management, enable Manage Devices and Settings
  • Added the following new relationship:
Source Entity '_type' Relationship _class Target Entity _type
google_account MANAGES google_mobile_device

Jamf

  • Added support for ingesting the following new resource:
Resource Entity _type Entity _class
Computer Group jamf_computer_group Group

  • Added the following new relationship:
Source Entity _type Relationship _class Target Entity _type
computer_group HAS user_endpoint

  • Now ingesting extension attributes as properties that are labeled as extensionAttribute.<name>. For example, deployment status is ingested as the extensionAttribute.Deployment Status.

Kubernetes

  • Added support for ingesting the following new resources:
Resource Entity _type Entity _class
Kubernetes Volume kube_volume Disk

  • Added the following new relationship:
Source Entity '_type' Relationship _class Target Entity _type
kube_container_spec USES kube_volume

OneLogin

Fixed an issue related to ingesting App entities.

Qualys

  • Added an option to include the first 300 bytes of detection results as Finding.details when the detection represents a vulnerability in the set of vmdrFindingResultQids provided in the configuration. If enabled, this adds to processing time due to the additional bytes transferred.

  • Fixed an issue where host_asset properties were not correctly transferrign to disovered_host entities

Fixes and Resolutions

  • MySecurity is removed from JupiterOne. In 2022, we expect to launch an improved version to guide you on which actions you own and need to take to improve your security posture.
🔝

Was this article helpful?

0 out of 0 found this helpful