JupiterOne 2018.14 Release

2018-12-18

New Features

  • Lots of features added to JupiterOne Query Language (J1QL)

    • Query now supports aggregations

      Example: FIND User as u return COUNT(u) to get a count of all users

    • Query now supports date comparison

      Example: FIND * with _beginOn > date.now-24hrs to find all resources that changed in the last 24 hours.

    • Query now supports simplified selection of multiple entities (OR)

      Example: Find (Host|Device) with ipAddress='10.50.2.17' is equivalent to Find * with _class='Host' or _class='Device' with ipAddress='10.50.2.17'

  • You can now manually add entities via the Asset Inventory app

  • You can see detailed properties in a side panel by selecting an entity in the Asset Inventory app

  • New Users and Access, My Profile and Invitations experience

  • JupiterOne now ingests AWS networking data and maps out detailed relationships to enable deep analysis of network traffic access permissions. This allows security teams to gain accurate insight into which host(s) or network(s) are truly accessible from an external network or host (e.g. the Internet).

  • JupiterOne now analysis AWS assume role policy to determine trust relationships between an IAM role and a service or another IAM principal either within the same account or from an external account.

  • Users can now sign on to JupiterOne via Google Sign On.

  • New packaged questions and queries added/updated by operational domain:

    • [general] Who are the new hires within the last 12 months?
    • [general] What business applications are we using?
    • [general] Which are my documented risks?
    • [general] Who are my vendors? Do I have a BAA/DPA/NDA/MSA with them?
    • [general] What changed in my environment in the last 24 hours?
    • [general] What was added to my environment in the last 24 hours?
    • [access] Are there external users with access to our systems?
    • [appdev] What are the code repos for a particular application or project?
    • [data] Which data stores do not have proper classification tags?
    • [data] Which production data stores do not have proper classification tags?
    • [data] Is there any known critical data outside of production?
    • [data] Show me evidence of data-at-rest encryption for production servers.
    • [data] Is my critical data in production encrypted?
    • [data] Is my production or PHI/PII data stores encrypted?
    • [data] Which production data stores do not have proper classification tags?
    • [data] Is there any known critical data outside of production?
    • [data] Is there unencrypted ePHI or PII?
    • [infra] Is there proper segmentation/segregation of internal networks?
    • [infra] Show listing of network layer firewall protection across all my environments.
    • [infra] Show listing of active firewall protection across all my environments.
    • [infra] Are there any active systems without host firewall protection?
    • [aws] Which IAM roles are assigned which IAM policies?
    • [aws] Who has access to my AWS accounts?
    • [aws] Who has access to my production AWS accounts?
    • [aws] Who has direct user access to my AWS accounts?
    • [aws] Who has direct user access to my production AWS accounts?
    • [aws] Who has access to my AWS accounts vis SSO?
    • [aws] Who has access to my production AWS accounts via SSO?
    • [aws] Who has access to my AWS accounts via SSO in a multi-account environment?
    • [aws] Who can assume which role across my AWS environment?
    • [aws] Are there assume role trusts to external entities?
    • [aws] Are there any EBS volumes not in use?
    • [aws] What Lambda functions are in my environment?
    • [aws] How are my Lambda functions invoked?
    • [aws] Which security group rules allow inbound traffic from a public network or host on the Internet?
    • [aws] Which security group rules allow outbound traffic to a public network or host on the Internet?
    • [aws] Which security group rules allow inbound traffic from the Internet?
    • [aws] Which security group rules allow outbound traffic to the Internet?

Improvements and Bug Fixes

  • Improvements on relationship mapping:

    • Support mapping to multiple targets from an array of source property values
    • Support mapping from multiple source properties to a single target property
    • Allow an integration to create target mapped entity from a relationship
    • Trigger mapper to run when mappings.json configuration changes
  • Added lots of documentation on data model, details of data ingestion from integrations, and data security.

  • Fixed “encrypted” property showing up as “undefined” for some AWS entities

  • Added AWS S3 region and improved encryption properties

    e.g. you can find data stores outside of EU with a query like FIND DataStore with region != 'eu-central-1'

  • A few other small bug fixes and UI improvements