Changes and attribution

Below are some examples of how you might query your JupiterOne workspace data in order to identify changes that occurred in your environment.

What changes were made in environment, SG or VPC in last time period {}?

Find all changes in the last 24 hours:

Find * with _beginOn > date.now - 24 hours

Changes in the last 24 hours related to a particular VPC:

Find * with _beginOn > date.now - 24 hours
  that relates to aws_vpc with vpcId='{vpcId}' or name='{vpcName}'

Resources with a certain tag that change in the last 24 hours:

Find * with _beginOn > date.now - 24 hours
  and (tag.Environment = '{tagValue}' or tag.Project = '{tagValue}')

Which developer(s) most likely introduced vulnerabilities in recent code changes?

Requires integrations with Github or Bitbucket, and code scanning solutions like Veracode or WhiteHat.

Find User
  that OPENED PR with createdOn > date.now-7days
  that RELATES TO CodeRepo
  that HAS (Vulernability|Finding) with _createdOn > date.now-7days
return tree

What changes were made in environment, SG or VPC in last time period {}?​

Which developer(s) most likely introduced vulnerabilities in recent code changes?​

Contents

What changes were made in environment, SG or VPC in last time period {}?

Which developer(s) most likely introduced vulnerabilities in recent code changes?