Skip to main content

Custom data ingestion

The first step in working with JupiterOne is to import the data for your cyber assets. If JupiterOne does not have an integration for a product in which your data is located, you can still import it into JupiterOne. You can also enrich current data in your JupiterOne account. There are three steps to importing: gather the data, classify the data, and import the data.

Gather the Data

The power of JupiterOne is that it stores the data in a graph database. Not only can you store an asset such as a user record with properties such as ID, first name, last name, email address, and manager, but you can also define relationships between assets in the database. For example, when you then look at user records, you see all the user data as well as which AWS profiles they are assigned, which applications they have access to, and other information.

The data you want to add to JupiterOne can come from different sources. You can:

  • Export it as a CSV file from another application to upload to JupiterOne.
  • Get the data from an API that a tool provides.
  • Generate the data by combining data from multiple sources.

The data should include the:

  • Assets you want to import to JupiterOne, such as a user or device.
  • Properties for each asset, such as user first name or device MAC address.
info

To learn more about asset and their properties, refer to our data model documentation.

Classify the Data

Classifying the data ensures that what you import is useful. Depending on the application from which you are importing, you must first identify which assets you want to import. In addition, you must identify the properties, type, and class of the assets. For example, when JupiterOne imports data from Salesforce, it imports the following assets: Group, PermissionSet, Profile, User, and UserRole.

You must also identify the relationships between the assets from the application. In the Salesforce example, some of the relationships J1 creates include:

  • salesforce_user ASSIGNED salesforce_permission_set
  • salesforce_user ASSIGNED salesforce_user_role
  • salesforce_group HAS salesforce_user

In addition, you may need to identify the relationships between assets in Salesforce and assets in other applications that you have in your JupiterOne account.

The JupiterOne data model is a reference model that, as an asset-relationship graph, describes the digital resources and complex interconnections among all the resources in a technology organization. It represents a reference model, not a strict or rigid structure.

Import the Data

There are several different ways to get data into JupiterOne:

  • Add or update a single asset using [JupiterOne Assets](link to that article). This method is useful for adding low volumes of data. You can add a new asset and its associated properties one at a time. You can also add or update the properties on an existing asset in the UI.
  • Bulk upload assets using JupiterOne Assets. You format your data in JSON or YAML and then upload the file to your JupiterOne account. You must have the Assets Admin and GraphViewer Admin roles.
  • Use the JupiterOne CLI with a script. This tool is for those knowledgeable with the command line and how to create scripts to import data to the JupiterOneNode.js API client wrapper.
  • Use the JupiterOne API, which is what JupiterOne uses in the integrations. You can access all the data in your account and add or update data using a graphQL endpoint.
  • Use the JupiterOne SDK. The SDK allows you to build a complete integration for JupiterOne. It is the most sophisticated way to import data into JupiterOne. It features the best practices that JupiterOne uses to build integrations with other applications.

JupiterOne also supports creating custom integrations to bring in data from particular sources. Read more about creating custom integrations in JupiterOne to curate your data ingestion for particular apps or services.

Contents