JupiterOne's standardized entity labels indicate how an entity is ingested into the graph. The Metadata tab in J1 Assets provides this information, and it can be used to filter queries with the
_source property in a
The labels for ingestion sources are:
system-internalfor metadata about the JupiterOne instance.
integration-managedfor entities ingested by integrations.
system-mapperfor assets not ingested by an integration but exist another way, like inferred entity relationships or timing.
apifor entities created through JupiterOne's APIs.
sample-datafor entities created through the sample data feature.
For example, you could find AWS instances that were ingested by integrations and use a data store by running the following query:
WITH _source = 'integration-managed'
THAT USES DataStore
In JupiterOne, a
system-mapper entity is created when it's inferred that a certain entity should exist based on correlation data with other entities, but it hasn't been ingested yet by an integration. For example, a
HostAgent entity may require a corresponding
Host entity to exist in the graph, which the
system-mapper can create if it's missing.
Another use case for a
system-mapper entity is when an asset likely exists based on relationship data, but other integration sources haven't yet had a chance to add it to the JupiterOne graph. In such cases, JupiterOne uses an entity with a
_source value of
system-mapper to represent the asset.