PasswordPolicy
A password policy is a specific Ruleset. It is separately defined because of its pervasive usage across digital environments and the well known properties (such as length and complexity) unique to a password policy.
PasswordPolicy properties
| Property | Type | Description | Specifications |
|---|---|---|---|
autoUnlockMins | integer | Specifies the time interval (in minutes) a locked account remains locked before it is automatically unlocked (0 indicates no limit) | |
excludeAttributes | array of strings | The user profile attributes whose values must be excluded from the password | |
excludeCommonPasswords | boolean | Indicates whether to check passwords against a common/weak password dictionary | |
excludeUsername | boolean | Indicates if the username must be excluded from the password | |
expiryWarningDays | integer | Specifies the number of days prior to password expiration when a user will be warned to reset their password (0 indicates no warning) | |
hardExpiry | boolean | Specifies whether users are prevented from setting a new password after their password has expired | |
historyCount | integer | Specifies the number of previous passwords that users are prevented from reusing (0 indicates none) | |
lockoutAttempts | integer | Specifies the number of times users can attempt to log in to their accounts with an invalid password before their accounts are locked (0 indicates no limit) | |
maxAgeDays | integer | Specifies how long (in days) a password remains valid before it expires (0 indicates no limit - passwords do not expire) | |
minAgeMins | integer | Specifies the minimum time interval (in minutes) between password changes (0 indicates no limit) | |
minLength | integer | Minimum password length | |
preventReset | boolean | Indicates if the user is allowed/prevented to change their own password | |
requireLowercase | boolean | Indicates if a password must contain at least one lowercase character | |
requireMFA | boolean | Specifies whether multi-factor authentication (MFA) is required | |
requireNumbers | boolean | Indicates if a password must contain at least one number | |
requireSymbols | boolean | Indicates if a password must contain at least one symbol | |
requireUppercase | boolean | Indicates if a password must contain at least one uppercase character |
Inherited properties
| Property | Type | Description | Specifications |
|---|---|---|---|
_class * | string | array of strings | One or more classes conforming to a standard, abstract security data model. For example, an EC2 instance will have '_class':'Host'. | |
_key * | string | An identifier unique within the scope containing the object. For example, for a Bitbucket repo, this will be the GUID of the repo as assigned by Bitbucket. For an IAM Role, this will be the ARN of the role. | minLength: 10 |
_type * | string | The type of object, typically reflecting the vendor and resource type. For example, 'aws_iam_user'. In some cases, a system knows about a type of entity that other systems know about, such as 'user_endpoint' or 'cve'. | minLength: 3 |
displayName * | string | Display name, e.g. a person's preferred name or an AWS account alias | |
name * | string | Name of this entity | |
active | boolean | Indicates if this entity is currently active. | |
classification | string | null | The sensitivity of the data; should match company data classification scheme Examples: critical, confidential, internal, public | |
complianceStatus | number | The compliance status of the entity, as a percentage of compliancy. | minimum: 0, maximum: 1 |
createdBy | string | The source/principal/user that created the entity | |
createdOn | number | The timestamp (in milliseconds since epoch) when the entity was created at the source. This is different than _createdOn which is the timestamp the entity was first ingested into JupiterOne. | Format: date-time |
criticality | integer | A number that represents the value or criticality of this entity, on a scale between 1-10. | minimum: 1, maximum: 10 |
deletedBy | string | The source/principal/user that deleted the entity | |
deletedOn | number | The timestamp (in milliseconds since epoch) when the entity was deleted at the source. | Format: date-time |
description | string | An extended description of this entity. | |
discoveredBy | string | The source/principal/user that discovered the entity | |
discoveredOn | number | The timestamp (in milliseconds since epoch) when the entity was discovered. | Format: date-time |
expiresOn | number | If the entity is a temporary resource, optionally set the expiration date. For example, the expiration date of an SSL cert. | Format: date-time |
id | string | array | Identifiers of this entity assigned by the providers. Values are expected to be unique within the provider scope. | |
notes | array of strings | User provided notes about this entity | |
owner | string | The owner of this entity. This could reference the name of the owner, or as reference ID/key to another entity in the graph as the owner. | |
public | boolean | Indicates if this is a public-facing resource (e.g. a public IP or public DNS record) or if the entity is publicly accessible. Default is false. | |
risk | integer | The risk level of this entity, on a scale between 1-10. | minimum: 1, maximum: 10 |
status | string | Status of this entity set by the external source system or by a user, e.g. Active, Inactive, Decommissioned Examples: active, inactive, suspended, terminated, open, closed, pending, unknown, other | |
summary | string | A summary / short description of this entity. | |
tags | array of strings | An array of unnamed tags | |
temporary | boolean | Indicates if this node is a temporary resource, such as a lambda instance or an EC2 instance started by ECS. | |
trust | integer | The trust level of this entity, on a scale between 1-10. | minimum: 1, maximum: 10 |
trusted | boolean | Indicates if this is a trusted resource. For example, a trusted Network, Host, Device, Application, Person, User, or Vendor. | |
updatedBy | string | The source/principal/user that updated the entity | |
updatedOn | number | The timestamp (in milliseconds since epoch) when the entity was last updated at the source. | Format: date-time |
validated | boolean | Indicates if this node has been validated as a known/valid Entity. | |
webLink | string | Web link to the source. For example: https://console.aws.amazon.com/iam/home#/roles/Administrator. This property is used by the UI to add a hyperlink to the entity. | Format: uri |
Required properties
_key_class_typenamedisplayName