Device

A physical device or media, such as a server, laptop, workstation, smartphone, tablet, router, firewall, switch, wifi-access-point, usb-drive, etc. The exact data type is described in the _type property of the Entity.

Device properties

Property	Type	Description	Specifications
category *	string | null	The device category Examples: server, endpoint, storage-media, mobile, network, other
deviceId *	array of strings | null	The unique device identifier, traditionally known as a UDID
displayName *	string	The display name of the device
fqdn *	array of strings | null	The fully qualified domain name of the Device
hostname *	string	The primary/local hostname	pattern: ^[a-zA-Z0-9-]+$
ipv4Addresses *	array of strings | null	The IPv4 Addresses associated with the Device
ipv6Addresses *	array of strings | null	The IPv6 Addresses associated with the Device
lastSeenOn *	integer | null	The timestamp (in milliseconds since epoch) when the device was either last checked in or was scanned.
macAddresses *	array of strings | null	The MAC Addresses associated with the Device, lowercase colon delimited
make *	string | null	Same as hardwareVendor: The manufacturer or vendor of the device, e.g. Apple Inc., Generic
model *	string | null	Same as hardwareModel: The device hardware model, e.g. MacBookPro13,3
osDetails *	string | null	Operating System Full Details (e.g. macOS High Sierra version 10.13.6)
osName *	string | null	Operating System Name (e.g. macOS, Windows 10)
osType *	string | null	Operating System Platform	enum: darwin, linux, unix, windows, android, ios, chromeos, legacy, embedded, other
osVersion *	string | null	Operating System Version (e.g. 10.13.6)
privateIpAddresses *	array of strings | null	The private IP addresses associated with the Device
publicIpAddresses *	array of strings | null	The public IP addresses associated with the Device
serial *	string | null	Same as hardwareSerial: The device serial number
assetTag	array of strings	The asset tag number/label that matches the identifier in asset tracking system, for company owned physical devices	uniqueItems: true,
autoSecurityPatchEnabled	boolean	Indicates if security updates are auto-installed	default: false
autoSystemPatchEnabled	boolean	Indicates if operating system updates are auto-installed	default: false
BYOD	boolean	Indicates if this is a BYOD device -- an employee-provided device that has access to company systems/resources.	default: false
cost	number	The purchase cost of the device.
encrypted	boolean	Indicates if the primary device storage is encrypted	default: false
firewallEnabled	boolean	Indicates if local/host firewall is enabled	default: false
hardwareModel	string	The device hardware model, e.g. MacBookPro13,3
hardwareSerial	string	The device serial number
hardwareVendor	string	The manufacturer or vendor of the device, e.g. Apple Inc., Generic
hardwareVersion	string	The device hardware version
location	string	Site where this device is located.
malwareProtected	boolean	Indicates if malware protection is enabled	default: false
remoteAccessEnabled	boolean	Indicates if remote access/login to the device is enabled	default: false
screenLockEnabled	boolean	Indicates if screen lock protection is enabled	default: false
screenLockTimeout	number	Screen lock timeout in seconds
status	string | null	Status label of this device	enum: assigned, archived, decommissioned, defective, deployed, disposed, locked, lost/stolen, pending, ready, unknown, other
userEmails	array of strings	The email addresses of the users this device is assigned to. Used if the device is shared by more than one user. Otherwise the 'owner' is the sole user. Leave empty/undefined if the device is unassigned.	uniqueItems: true, Format: email
value	number	The estimated business value of the device. The value is typically calculated as the monetary cost of the device + the value of data on the device.
version	string	Same as hardwareVersion: The device hardware version

Inherited properties

Property	Type	Description	Specifications
_class *	string | array of strings	One or more classes conforming to a standard, abstract security data model. For example, an EC2 instance will have '_class':'Host'.
_key *	string	An identifier unique within the scope containing the object. For example, for a Bitbucket repo, this will be the GUID of the repo as assigned by Bitbucket. For an IAM Role, this will be the ARN of the role.	minLength: 10
_type *	string	The type of object, typically reflecting the vendor and resource type. For example, 'aws_iam_user'. In some cases, a system knows about a type of entity that other systems know about, such as 'user_endpoint' or 'cve'.	minLength: 3
name *	string	Name of this entity
active	boolean	Indicates if this entity is currently active.
classification	string | null	The sensitivity of the data; should match company data classification scheme Examples: critical, confidential, internal, public
complianceStatus	number	The compliance status of the entity, as a percentage of compliancy.	minimum: 0, maximum: 1
createdBy	string	The source/principal/user that created the entity
createdOn	number	The timestamp (in milliseconds since epoch) when the entity was created at the source. This is different than _createdOn which is the timestamp the entity was first ingested into JupiterOne.	Format: date-time
criticality	integer	A number that represents the value or criticality of this entity, on a scale between 1-10.	minimum: 1, maximum: 10
deletedBy	string	The source/principal/user that deleted the entity
deletedOn	number	The timestamp (in milliseconds since epoch) when the entity was deleted at the source.	Format: date-time
description	string	An extended description of this entity.
discoveredBy	string	The source/principal/user that discovered the entity
discoveredOn	number	The timestamp (in milliseconds since epoch) when the entity was discovered.	Format: date-time
expiresOn	number	If the entity is a temporary resource, optionally set the expiration date. For example, the expiration date of an SSL cert.	Format: date-time
id	string | array	Identifiers of this entity assigned by the providers. Values are expected to be unique within the provider scope.
notes	array of strings	User provided notes about this entity
owner	string	The owner of this entity. This could reference the name of the owner, or as reference ID/key to another entity in the graph as the owner.
public	boolean	Indicates if this is a public-facing resource (e.g. a public IP or public DNS record) or if the entity is publicly accessible. Default is false.
risk	integer	The risk level of this entity, on a scale between 1-10.	minimum: 1, maximum: 10
summary	string	A summary / short description of this entity.
tags	array of strings	An array of unnamed tags
temporary	boolean	Indicates if this node is a temporary resource, such as a lambda instance or an EC2 instance started by ECS.
trust	integer	The trust level of this entity, on a scale between 1-10.	minimum: 1, maximum: 10
trusted	boolean	Indicates if this is a trusted resource. For example, a trusted Network, Host, Device, Application, Person, User, or Vendor.
updatedBy	string	The source/principal/user that updated the entity
updatedOn	number	The timestamp (in milliseconds since epoch) when the entity was last updated at the source.	Format: date-time
validated	boolean	Indicates if this node has been validated as a known/valid Entity.
webLink	string	Web link to the source. For example: https://console.aws.amazon.com/iam/home#/roles/Administrator. This property is used by the UI to add a hyperlink to the entity.	Format: uri

Required properties

• _key
• _class
• _type
• name
• displayName
• category
• ipv4Addresses
• ipv6Addresses
• macAddresses
• publicIpAddresses
• privateIpAddresses
• hostname
• fqdn
• serial
• deviceId
• lastSeenOn
• make
• model
• osName
• osType
• osDetails
• osVersion