Skip to main content

Device

A physical device or media, such as a server, laptop, workstation, smartphone, tablet, router, firewall, switch, wifi-access-point, usb-drive, etc. The exact data type is described in the _type property of the Entity.

Device properties
PropertyTypeDescriptionSpecifications
category *
string | nullThe device category

Examples: server, endpoint, storage-media, mobile, network, other
deviceId *
array of strings
| null
The unique device identifier, traditionally known as a UDID
displayName *
stringThe display name of the device
fqdn *
array of strings
| null
The fully qualified domain name of the Device
hostname *
string | nullThe primary/local hostname
ipv4Addresses *
array of strings
| null
The IPv4 Addresses associated with the Device
ipv6Addresses *
array of strings
| null
The IPv6 Addresses associated with the Device
lastSeenOn *
integer | nullThe timestamp (in milliseconds since epoch) when the device was either last checked in or was scanned.
macAddresses *
array of strings
| null
The MAC Addresses associated with the Device, lowercase colon delimited
make *
string | nullSame as hardwareVendor: The manufacturer or vendor of the device, e.g. Apple Inc., Generic
model *
string | nullSame as hardwareModel: The device hardware model, e.g. MacBookPro13,3
osDetails *
string | nullOperating System Full Details (e.g. macOS High Sierra version 10.13.6)
osName *
string | nullOperating System Name (e.g. macOS, Windows 10)
osType *
string | nullOperating System Platform
osVersion *
string | nullOperating System Version (e.g. 10.13.6)
privateIpAddresses *
array of strings
| null
The private IP addresses associated with the Device
publicIpAddresses *
array of strings
| null
The public IP addresses associated with the Device
serial *
string | nullSame as hardwareSerial: The device serial number
assetTagarray of stringsThe asset tag number/label that matches the identifier in asset tracking system, for company owned physical devicesuniqueItems: true,
autoSecurityPatchEnabledbooleanIndicates if security updates are auto-installeddefault: false
autoSystemPatchEnabledbooleanIndicates if operating system updates are auto-installeddefault: false
BYODbooleanIndicates if this is a BYOD device -- an employee-provided device that has access to company systems/resources.default: false
costnumberThe purchase cost of the device.
encryptedbooleanIndicates if the primary device storage is encrypteddefault: false
firewallEnabledbooleanIndicates if local/host firewall is enableddefault: false
hardwareModelstringThe device hardware model, e.g. MacBookPro13,3
hardwareSerialstringThe device serial number
hardwareVendorstringThe manufacturer or vendor of the device, e.g. Apple Inc., Generic
hardwareVersionstringThe device hardware version
locationstringSite where this device is located.
malwareProtectedbooleanIndicates if malware protection is enableddefault: false
remoteAccessEnabledbooleanIndicates if remote access/login to the device is enableddefault: false
screenLockEnabledbooleanIndicates if screen lock protection is enableddefault: false
screenLockTimeoutnumberScreen lock timeout in seconds
statusstring | nullStatus label of this deviceenum: assigned, archived, decommissioned, defective, deployed, disposed, locked, lost/stolen, pending, ready, unknown, other
userEmailsarray of stringsThe email addresses of the users this device is assigned to. Used if the device is shared by more than one user. Otherwise the 'owner' is the sole user. Leave empty/undefined if the device is unassigned.uniqueItems: true,
Format: email

valuenumberThe estimated business value of the device. The value is typically calculated as the monetary cost of the device + the value of data on the device.
versionstringSame as hardwareVersion: The device hardware version
Inherited properties
PropertyTypeDescriptionSpecifications
_class *
string |
array of strings
One or more classes conforming to a standard, abstract security data model. For example, an EC2 instance will have '_class':'Host'.
_key *
stringAn identifier unique within the scope containing the object. For example, for a Bitbucket repo, this will be the GUID of the repo as assigned by Bitbucket. For an IAM Role, this will be the ARN of the role.minLength: 10
_type *
stringThe type of object, typically reflecting the vendor and resource type. For example, 'aws_iam_user'. In some cases, a system knows about a type of entity that other systems know about, such as 'user_endpoint' or 'cve'.minLength: 3
name *
stringName of this entity
activebooleanIndicates if this entity is currently active.
classificationstring | nullThe sensitivity of the data; should match company data classification scheme

Examples: critical, confidential, internal, public
complianceStatusnumberThe compliance status of the entity, as a percentage of compliancy.minimum: 0, maximum: 1
createdBystringThe source/principal/user that created the entity
createdOnnumberThe timestamp (in milliseconds since epoch) when the entity was created at the source. This is different than _createdOn which is the timestamp the entity was first ingested into JupiterOne.
Format: date-time

criticalityintegerA number that represents the value or criticality of this entity, on a scale between 1-10.minimum: 1, maximum: 10
deletedBystringThe source/principal/user that deleted the entity
deletedOnnumberThe timestamp (in milliseconds since epoch) when the entity was deleted at the source.
Format: date-time

descriptionstringAn extended description of this entity.
discoveredBystringThe source/principal/user that discovered the entity
discoveredOnnumberThe timestamp (in milliseconds since epoch) when the entity was discovered.
Format: date-time

expiresOnnumberIf the entity is a temporary resource, optionally set the expiration date. For example, the expiration date of an SSL cert.
Format: date-time

idstring | arrayIdentifiers of this entity assigned by the providers. Values are expected to be unique within the provider scope.
notesarray of stringsUser provided notes about this entity
ownerstringThe owner of this entity. This could reference the name of the owner, or as reference ID/key to another entity in the graph as the owner.
publicbooleanIndicates if this is a public-facing resource (e.g. a public IP or public DNS record) or if the entity is publicly accessible. Default is false.
riskintegerThe risk level of this entity, on a scale between 1-10.minimum: 1, maximum: 10
summarystringA summary / short description of this entity.
tagsarray of stringsAn array of unnamed tags
temporarybooleanIndicates if this node is a temporary resource, such as a lambda instance or an EC2 instance started by ECS.
trustintegerThe trust level of this entity, on a scale between 1-10.minimum: 1, maximum: 10
trustedbooleanIndicates if this is a trusted resource. For example, a trusted Network, Host, Device, Application, Person, User, or Vendor.
updatedBystringThe source/principal/user that updated the entity
updatedOnnumberThe timestamp (in milliseconds since epoch) when the entity was last updated at the source.
Format: date-time

validatedbooleanIndicates if this node has been validated as a known/valid Entity.
webLinkstringWeb link to the source. For example: https://console.aws.amazon.com/iam/home#/roles/Administrator. This property is used by the UI to add a hyperlink to the entity.
Format: uri

Required properties
  • _key
  • _class
  • _type
  • name
  • displayName
  • category
  • ipv4Addresses
  • ipv6Addresses
  • macAddresses
  • publicIpAddresses
  • privateIpAddresses
  • hostname
  • fqdn
  • serial
  • deviceId
  • lastSeenOn
  • make
  • model
  • osName
  • osType
  • osDetails
  • osVersion