Skip to main content


A user account/login to access certain systems and/or services. Examples include okta-user, aws-iam-user, ssh-user, local-user (on a host), etc.

User properties
activebooleanSpecifies whether user account is active or disabled.
emailstringThe primary email address associated with the user account
Format: email

emailDomainarray of stringsThe domain portion of the email addresses associated with the user account.
firstNamestringThe user's official first name in the system (such as HR database)
lastNamestringThe user's official last name in the system (such as HR database)
mfaEnabledbooleanSpecifies whether multi-factor authentication (MFA) is enabled for this user.
mfaTypestringSpecifies what type of multi-factor authentication (MFA) is being used by this user.
passwordChangedOnnumberThe timestamp (in milliseconds since epoch) of when the user's password was last rotated for this particular account.
Format: date-time

shortLoginIdstringThe shortened login Id. For example, if the username is the full email address (, the shortLoginId would be the part before @ (first.last).
Inherited properties
_class *
string |
array of strings
One or more classes conforming to a standard, abstract security data model. For example, an EC2 instance will have '_class':'Host'.
_key *
stringAn identifier unique within the scope containing the object. For example, for a Bitbucket repo, this will be the GUID of the repo as assigned by Bitbucket. For an IAM Role, this will be the ARN of the role.minLength: 10
_type *
stringThe type of object, typically reflecting the vendor and resource type. For example, 'aws_iam_user'. In some cases, a system knows about a type of entity that other systems know about, such as 'user_endpoint' or 'cve'.minLength: 3
displayName *
stringDisplay name, e.g. a person's preferred name or an AWS account alias
name *
stringName of this entity
classificationstring | nullThe sensitivity of the data; should match company data classification scheme

Examples: critical, confidential, internal, public
complianceStatusnumberThe compliance status of the entity, as a percentage of compliancy.minimum: 0, maximum: 1
createdBystringThe source/principal/user that created the entity
createdOnnumberThe timestamp (in milliseconds since epoch) when the entity was created at the source. This is different than _createdOn which is the timestamp the entity was first ingested into JupiterOne.
Format: date-time

criticalityintegerA number that represents the value or criticality of this entity, on a scale between 1-10.minimum: 1, maximum: 10
deletedBystringThe source/principal/user that deleted the entity
deletedOnnumberThe timestamp (in milliseconds since epoch) when the entity was deleted at the source.
Format: date-time

descriptionstringAn extended description of this entity.
discoveredBystringThe source/principal/user that discovered the entity
discoveredOnnumberThe timestamp (in milliseconds since epoch) when the entity was discovered.
Format: date-time

expiresOnnumberIf the entity is a temporary resource, optionally set the expiration date. For example, the expiration date of an SSL cert.
Format: date-time

idstring | arrayIdentifiers of this entity assigned by the providers. Values are expected to be unique within the provider scope.
notesarray of stringsUser provided notes about this entity
ownerstringThe owner of this entity. This could reference the name of the owner, or as reference ID/key to another entity in the graph as the owner.
publicbooleanIndicates if this is a public-facing resource (e.g. a public IP or public DNS record) or if the entity is publicly accessible. Default is false.
riskintegerThe risk level of this entity, on a scale between 1-10.minimum: 1, maximum: 10
statusstringStatus of this entity set by the external source system or by a user, e.g. Active, Inactive, Decommissioned

Examples: active, inactive, suspended, terminated, open, closed, pending, unknown, other
summarystringA summary / short description of this entity.
tagsarray of stringsAn array of unnamed tags
temporarybooleanIndicates if this node is a temporary resource, such as a lambda instance or an EC2 instance started by ECS.
trustintegerThe trust level of this entity, on a scale between 1-10.minimum: 1, maximum: 10
trustedbooleanIndicates if this is a trusted resource. For example, a trusted Network, Host, Device, Application, Person, User, or Vendor.
updatedBystringThe source/principal/user that updated the entity
updatedOnnumberThe timestamp (in milliseconds since epoch) when the entity was last updated at the source.
Format: date-time

validatedbooleanIndicates if this node has been validated as a known/valid Entity.
webLinkstringWeb link to the source. For example: This property is used by the UI to add a hyperlink to the entity.
Format: uri

Required properties
  • _key
  • _class
  • _type
  • name
  • displayName