JupiterOne 2019.16 Release

2019-02-21

New Features

  • New ingestion and analysis from AWS:

    • RDS clusters and instances

      Try Find aws_rds_cluster that CONTAINS aws_db_instance return tree

    • DynamoDB tables

      Try Find aws_dynamodb_table that relates to * return tree

    • S3 bucket public access settings

      Try Find aws_s3_bucket with BlockPublicAcls != true

    • AMI images - note that only custom AMI images are currently ingested, not public or marketplace AMIs.

      Try Find aws_ami that relates to * return tree

  • SAML Single Sign On (SSO) now generally available to enterprise customers

  • Endpoint Compliance Agent powered by Stethoscope app released for macOS devices. Access it from the “Power Ups” menu, and send invite to your users by email. The agent checks the following endpoint configuration with the default policy:

    • OS version
    • Patching/update status
    • Host firewall status
    • Disk encryption status
    • Screensaver / screen lock protection
    • Remote login status
  • Veracode Integration first iteration - supports ingestion of Vulnerability findings.

  • Google Integration first iteration - supports ingestion of Users and User Groups.

  • Sharing URL is added to query results from Landing Zone.

  • New packaged questions and queries added:

    • [aws] Find all the IAM user access keys in production AWS accounts.
    • [aws] Find all the SSH key pairs in production AWS accounts.
    • [aws] Are there SSH keys not in use?
    • [aws] Is there anything that connects to an external AWS account that is not part of my organization?
    • [access] Did we remove all access from employees who left?
    • [access] Which user accounts do not have multi-factor authentication enabled?
    • [appdev] Who are the most recent contributors to this repo?
    • [appdev] Which PRs did this developer open in the last 5 days?
    • [data] What is the inventory of my sensitive data stores?
    • [endpoint] Is operating system patching and auto update enabled on endpoint hosts?
    • [endpoint] Is application patching and auto update enabled on endpoint hosts?
    • [endpoint] What are the approved server/system images?
    • [endpoint] Are all system images updated in the past six months?
    • [endpoint] Which hosts are (or are not) using approved standard images?
    • [infra] What production resources are directly connected/exposed to the Internet/everyone?
    • [general] What applications and operating systems are in use?
    • [general] Who are my software vendors? Do I have proper vendor support for my software applications?

Improvements and Bug Fixes

  • Added column sorting of query results from Landing Zone.
  • Continued improvements of backend services.
  • Several bug fixes of indexer, mapper, persister and integrations.
  • Fixed action and display bugs associated with adding/editing an entity in Asset Inventory.
  • Lots of improvements made to the managed SDK to support open source integration development.
  • Updated timestamp properties for AWS integration to number instead of string so that queries can use them for date/time comparison.
  • Renamed AWS entity _type definitions to be more consistent with the Terraform type naming convention.