Devices
Devices
JupiterOne normalizes ingested asset data for devices and represents them as a single device within the Device view. To access the Device view, navigate to the Assets tab in JupiterOne and select the device icon in the top right of the asset table.
Currently, JupiterOne ingests and normalizes data for the following device types:
- Servers
- Laptops
- Workstations
- Mobile devices
Device data normalization
With the introduction of Devices, we now normalize data relating to devices. These changes apply to all entities from any _type in the _class=Device:
- Mac address normalization: Converts and collects MAC addresses of various formats to uppercase, colon delineated, into an array of MAC addresses associated with the device (
macAddress) - Vendor/make/manufacturer normalization: Pulls various fields to a single field and normalizes values (
make)- MAC Address to vendor OUI Normalization: Converts MAC addresses to vendor where the MAC address of a devices matches an IEEE registered OUI
- Operating system name/family/type: Normalizes operating systems from various formats and properties (
osType) - Operating system version: Normalizes OS version numbers from various formats and properties (
osVersion) - Encryption status: Normalizes the encryption status (boolean) of a consolidated device (
encryptionStatus) - Serials: Normalizes and collects serial numbers into an array of serials associated with the device (
serials)
You may see a preview of these normalizations in new, temporary properties with a j1_ prefix. These will be removed and the normalized values will be available in the base field. Some saved queries or rules may be affected. Our goal is to make your queries simpler and more accurate.
For more information see Entity Property Normalization
Data sources table
The data sources section showcases the integrations configured within your devices view for which data is being populated within the devices table. By toggling a data source, you can remove or populate that integration's device data within the table view. Each data source is represented as its own column within the table. By enabling a data source, you will append that data source's column on the table, and disabling a data source will remove that source's column from the table.
For example, if you have Automox and Microsoft integrations ingesting device assets, your device table would include devices associated to Automox, Microsoft, and both. To only view devices related to Automox, you could deselect Microsoft within the Data Sources panel, leaving only devices relating to Automox.
Device management
Much like our assets view, the device table supports a variety of actions that enable you to adjust the table and results to make meaningful discoveries. Most actions are found under the three dot icon found at the top right of the devices table.
Device properties panel
Selecting a device from within the table will bring up the device's property panel. This panel showcases all the different devices and their associated properties that make up the consolidated device. From here, you can also view the graph of the device, where you'll find each of the properties that it is comprised of, allowing you to explore the blast radius of each property.
Filter panel
You can filter the results within your device view a variety of ways, and the filtering panel on the left of the table provides a quick way to sort your data based on a variety of pre-configured filters:
- Operating system (OS)
- Last seen date
- Tags
- Device Encryption
- Critical asset
Full text search
From within the devices view, you are able to query the table via the search bar in order to filter down results to desired information. For example, you could search for a particular device, MAC address, or
At this point, querying your devices is limited to the full-text search. Querying your devices with J1QL is not supported.
Column selection
In addition to the table columns populated by each data source, you can add and remove additional columns in the table by accessing the three dots in the top right corner of the table and selecting Column selector
Heat map
The heat map allows you to visually assess the severity rankings of the duration of a particular device being last seen by a data source. The heat map is displayed within the Last seen column of the devices table.
Modify heat map
The heat map can be adjusted to suit your particular SLA, and is completely customizable. By clicking the three dots in the upper right of the table view and selecting Heat map settings, you are able to change and update the default heat map values. You can specify durations, their corresponding color on the table, and even add additional rules to expand the amount of heat map classifications on the device table.
Data Source Authority
With any device value that may show up as an array with multiple different values across integrations (such as a device display name), you are able to designate a specific integration as the highest authority to inform JupiterOne that the values for the designated data source authority should override other integration values and be displayed. You can access Data Source Authority configuration by selecting the three dots in the upper right-hand corner of the devices table.
This is configured in a ranking order, giving highest precedent to the primary designated data source. For example, if you want to utilize the Automox device property values, you would provide Automox the Highest authority value. Any data source ranked below Highest would only be populated should the ranking source above it in priority not provide that particular value.
Save as CSV
You are able to export your device list/table as a CSV be selecting the Save as button in the top-right of the device table. From there, you will be prompted to download the file.
Current limitations
With our first release of devices, there are a few areas of functionality that were not released initially. While this functionality will be released with our next update to devices, the following functionality is currently not available:
Unable to query the device matrix with J1QL. At this time, the device matrix cannot be queried with J1QL, and searches must be done via full-text search. With the current lack of J1QL support, filtering the matrix for relationships or graph traversals is also not supported.
Cannot use JupiterOne platform to extend your consolidated device use-cases to Insights, Alerts, and Questions. Right now the limitations on devices restricts viewing devices within Assets, preventing devices to be leveraged within other areas of the platform.
Each respective device that makes up a consolidated device will have its own properties panel listed within the consolidated device, meaning that you will need to filter properties for each device within the consolidated device separately.