Vendor
An external organization that is a vendor or service provider.
Vendor properties
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | string | array | The category of vendor. Examples: business-operations, cloud, facilities, finance, infrastructure, legal, purchasing, security, software, platform-development, platform-social-media, professional-services-staffing, professional-services-recruiting, professional-services-consulting, generic-service-provider, generic-subscription, CSP, ISP, MSP, MSSP, IdP, other | |
admins | array of strings | List of admin users to the vendor account, if applicable. If this vendor account is integrated directly to JupiterOne and its data is ingested, the admin users should be already mapped as User entities. | |
alternateContactAddress | string | Alternate/secondary physical/mailing address of the vendor. | |
alternateContactEmail | string | Email of the vendor's alternate/secondary point of contact person. | Format: email |
alternateContactName | string | The vendor's alternate/secondary point of contact person. | |
alternateContactPhone | string | Phone number of the vendor's alternate/secondary point of contact person. | |
alternateContactTitle | string | The title of the vendor's alternate/secondary point of contact. For example, 'CISO'. | |
breachResponseDays | integer | The number of days the vendor agrees to report an identified data breach, per vendor agreement and/or SLA. This is typically 3 to 30 days. Note that GDPR requires breach notification within 3 days / 72 hours. | |
departments | array of strings | List of business departments the vendor provides service for (e.g. IT, HR, Finance, Marketing, Development/Engineering, Security). | |
emailDomain | string | The email domain for the vendor (e.g. @jupiterone.io). | |
linkToBAA | string | Link to Business Associate Agreement (BAA) document - for HIPAA only. | Format: uri |
linkToDPA | string | Link to GDPR Data Processing Addendum (DPA) document - for GDPR only. | Format: uri |
linkToISA | string | Link to the external information security assessment (ISA) report. | Format: uri |
linkToMSA | string | Link to Master Service Agreement (MSA) document. | Format: uri |
linkToNDA | string | Link to Non-Disclosure Agreement (NDA) document. | Format: uri |
linkToSLA | string | Link to Service Level Agreement (SLA) document. | Format: uri |
linkToVTR | string | Link to the external vendor technology risk (VTR) report. | Format: uri |
mainContactAddress | string | Main physical/mailing address of the vendor. | |
mainContactEmail | string | Email of the vendor's point of contact person. | Format: email |
mainContactName | string | The vendor's point of contact person. | |
mainContactPhone | string | Phone number of the vendor's point of contact person. | |
mainContactTitle | string | The title of the vendor's main point of contact. For example, 'Manager of Operations'. | |
statusPage | string | Link to the vendor's service status page (e.g. https://status.aws.amazon.com/). | Format: uri |
validatedOn | number | The timestamp (in milliseconds since epoch) of when this vendor was last validated per the vendor management policy. | Format: date-time |
website | string | The vendor's main website URL. | Format: uri |
Inherited properties
| Property | Type | Description | Specifications |
|---|---|---|---|
_class * | string | array of strings | One or more classes conforming to a standard, abstract security data model. For example, an EC2 instance will have '_class':'Host'. | |
_key * | string | An identifier unique within the scope containing the object. For example, for a Bitbucket repo, this will be the GUID of the repo as assigned by Bitbucket. For an IAM Role, this will be the ARN of the role. | minLength: 10 |
_type * | string | The type of object, typically reflecting the vendor and resource type. For example, 'aws_iam_user'. In some cases, a system knows about a type of entity that other systems know about, such as 'user_endpoint' or 'cve'. | minLength: 3 |
displayName * | string | Display name, e.g. a person's preferred name or an AWS account alias | |
name * | string | Name of this entity | |
active | boolean | Indicates if this entity is currently active. | |
classification | string | null | The sensitivity of the data; should match company data classification scheme Examples: critical, confidential, internal, public | |
complianceStatus | number | The compliance status of the entity, as a percentage of compliancy. | minimum: 0, maximum: 1 |
createdBy | string | The source/principal/user that created the entity | |
createdOn | number | The timestamp (in milliseconds since epoch) when the entity was created at the source. This is different than _createdOn which is the timestamp the entity was first ingested into JupiterOne. | Format: date-time |
criticality | integer | A number that represents the value or criticality of this entity, on a scale between 1-10. | minimum: 1, maximum: 10 |
deletedBy | string | The source/principal/user that deleted the entity | |
deletedOn | number | The timestamp (in milliseconds since epoch) when the entity was deleted at the source. | Format: date-time |
description | string | An extended description of this entity. | |
discoveredBy | string | The source/principal/user that discovered the entity | |
discoveredOn | number | The timestamp (in milliseconds since epoch) when the entity was discovered. | Format: date-time |
expiresOn | number | If the entity is a temporary resource, optionally set the expiration date. For example, the expiration date of an SSL cert. | Format: date-time |
id | string | array | Identifiers of this entity assigned by the providers. Values are expected to be unique within the provider scope. | |
notes | array of strings | User provided notes about this entity | |
owner | string | The owner of this entity. This could reference the name of the owner, or as reference ID/key to another entity in the graph as the owner. | |
public | boolean | Indicates if this is a public-facing resource (e.g. a public IP or public DNS record) or if the entity is publicly accessible. Default is false. | |
risk | integer | The risk level of this entity, on a scale between 1-10. | minimum: 1, maximum: 10 |
status | string | Status of this entity set by the external source system or by a user, e.g. Active, Inactive, Decommissioned Examples: active, inactive, suspended, terminated, open, closed, pending, unknown, other | |
summary | string | A summary / short description of this entity. | |
tags | array of strings | An array of unnamed tags | |
temporary | boolean | Indicates if this node is a temporary resource, such as a lambda instance or an EC2 instance started by ECS. | |
trust | integer | The trust level of this entity, on a scale between 1-10. | minimum: 1, maximum: 10 |
trusted | boolean | Indicates if this is a trusted resource. For example, a trusted Network, Host, Device, Application, Person, User, or Vendor. | |
updatedBy | string | The source/principal/user that updated the entity | |
updatedOn | number | The timestamp (in milliseconds since epoch) when the entity was last updated at the source. | Format: date-time |
validated | boolean | Indicates if this node has been validated as a known/valid Entity. | |
webLink | string | Web link to the source. For example: https://console.aws.amazon.com/iam/home#/roles/Administrator. This property is used by the UI to add a hyperlink to the entity. | Format: uri |
Required properties
_key_class_typenamedisplayNamecategory