Skip to main content

Security Content Release Notes

February 2025

Published a new 'SBOM & App Security' Managed Rule Pack

NOTE: Dependencies to keep in mind: GitHub, Snyk, SonarCloud, or similar managed integration, and potentially a custom J1 Integration for CycloneDX or similar SBOM Generating Tool

  • sbom-code-modules-in-code-repos-with-finding
  • sbom-workloads-defined-by-code-repo-with-finding
  • sbom-all-module-versions-used
  • sbom-nested-sboms
  • sbom-commonly-used-code-modules
  • sbom-recently-merged-PRs-for-repos-with-critical-findings
  • sbom-repositories-with-active-findings
  • sbom-package-dependencies-flows
  • sbom-package-dependencies

https://github.com/JupiterOne/jupiterone-alert-rules/blob/main/rule-packs/jupiterone-sbom.json

January 2025

Addition to JupiterOne Questions Library for Lansweeper integration. Checks basic configuration best practices. These will be useful for gaining more insight into your lansweeper environment.

  • integration-question-lansweeper-inactive-hosts
  • integration-question-lansweeper-hosts-outside-of-allowed-ip-range
  • integration-question-lansweeper-list-operating-system-types
  • integration-question-lansweeper-users-with-bad-status
  • integration-question-lansweeper-out-of-date-operating-systems

Additions to "MITRE ATT&CK: AWS Privilege Escalation" rule pack

  • integration-question-aws-search-for-secrets-in-lambda-functions

Addition to JupiterOne Questions Library. This question will allow an AWS user to search for keywords to ensure that there are no AWS exposed secrets in lambda function metadata. This will also enable a user to turn the question into an alert. https://ask.us.jupiterone.io/question/a4db06a7ae955bc6c22896c651bd5cb7f0cc32e8?search=lambda&tagFilter=all

  • privileges-unused-for-90-days

Addition to existing 'AWS Config' rule pack. Checks for aws role privileges that have been unused for 90 days or greater. It is recommended to review results returned and remove unused privileges.

  • aws-public-facing-resources-list

Addition to existing 'AWS Threat' rule pack. This alert returns all AWS resources that are public facing. Useful for delta detection and trending over time.

  • aws-high-privilege-lambda-function-wildcard
  • aws-high-privilege-lambda-function-lambda:*
  • aws-high-privilege-lambda-function-get-policy
  • aws-high-privilege-lambda-function-get-function
  • aws-high-privilege-lambda-function-get-function-configuration
  • aws-high-privilege-lambda-function-list-functions