Skip to main content

Entity ingestion labels

JupiterOne's standardized entity labels indicate how an entity is ingested into the graph. The Metadata tab in J1 Assets provides this information, and it can be used to filter queries with the _source property in a WITH clause.

Ingestion labels

The labels for ingestion sources are:

  • system-internal for metadata about the JupiterOne instance.
  • integration-managed for entities ingested by integrations.
  • system-mapper for assets not ingested by an integration but exist another way, like inferred entity relationships or timing.
  • api for entities created through JupiterOne's APIs.
  • sample-data for entities created through the sample data feature.

Example query

For example, you could find AWS instances that were ingested by integrations and use a data store by running the following query:

Which of my aws instances were ingested by an integration using a data store?
FIND aws_instance
WITH _source = 'integration-managed'
THAT USES DataStore
RETURN TREE

system-mapper behavior

In JupiterOne, a system-mapper entity is created when it's inferred that a certain entity should exist based on correlation data with other entities, but it hasn't been ingested yet by an integration. For example, a HostAgent entity may require a corresponding Host entity to exist in the graph, which the system-mapper can create if it's missing.

Another use case for a system-mapper entity is when an asset likely exists based on relationship data, but other integration sources haven't yet had a chance to add it to the JupiterOne graph. In such cases, JupiterOne uses an entity with a _source value of system-mapper to represent the asset.

Contents