Inventory and configuration
What Workloads are in my environment?
Find Workload
Find Workload with tag.AccountName='{accountName}'
What are my production systems and servers?
(and what are those systems there to do?)
Find (Host|Database) with tag.Production=true
Find (Host|Database) with tag.AccountName='{accountName}'
What are my production resources?
Filter using production tag:
Find (Application|CodeRepo|Workload|Function|Task|Host|Device|Database|DataStore)
with tag.Production=true
Filter using account name:
Find (Application|CodeRepo|Workload|Function|Task|Host|Device|Database|DataStore)
with tag.AccountName='{accountName}'
You can also use Find * to cover everything but the results could be overwhelming.
What are my production data stores and databases?
Find (DataStore|Database) with tag.Production=true
Find (DataStore|Database) with tag.AccountName='{accountName}'
What are my production applications?
Find Application with tag.Production = true
Find Application with tag.AccountName='{accountName}'
What are my network assets?
Find Network with _type!='mapped_entity'
Entities that are of type 'mapped_entity' are resources that are not directly from the integrations.
You can use _type='mapper_entity' or _source='system-mapper' to find external resources:
Find Network with _source='system-mapper'
Find (Gateway|Firewall) with category='network'
Which devices are/are not auto-scaling?
Find aws_instance that has aws_autoscaling_group
Find aws_instance that !has aws_autoscaling_group
What information assets are missing metadata for data classification, tier of service or architectural tier?
Find (Host|DataStore|Workload|Task) with tag.Classification = undefined
What applications and operating systems are in use?
Find Host as h return h.platform
A 'Group By' capability will be added to J1QL soon to return objects or count by unique property values.
Who owns a production system in account/zone/tier/layer/ VPC/SG?
Find (Host|DataStore|Workload|Task|Application)
with tag.AccountName = '{accountName}' as system
return system.displayName, system.owner
Find (Host|DataStore|Workload|Task|Application) as system
that relates to aws_vpc with vpcId='{vpcId}' or name='{vpcName}'
return system.displayName, system.owner
Find (Host|DataStore|Workload|Task|Application) as system
that relates to aws_security_group with groupId='{sgId}' or name='{sgName}'
return system.displayName, system.owner
How many systems were added to environment {} in last time period?
Example for last 24 hours time period:
Find * with _tag.AccountName='{accountName}' and _createdOn > date.now - 24hrs
How many resources were added to manually vs automated?
Count entities added by its source:
Find * as e return e._source, count(e)
Source (_source) can be one of the following:
integration-managed: added via a provider integrationpowerup-managed: added via a JupiterOne Powerup (currently endpoint compliance stethoscope agent)system-mapper: added by the JupiterOne mapper (derived entities or external entities)api: added manually by a JupiterOne user from either the webapp or API
What container images, VM images, and software packages are available in my production environments?
Container entities/relationships are to be added when we support ECS, EKS, ECR and Fargate.
What are the tags assigned to a particular inventory asset?
This is best viewed in the Asset app by selecting an entity and going to the Tags tab in the properties panel.