Kandji

Visualize Kandji devices and apps, and monitor changes through queries and alerts.

Installation guide

Installation

JupiterOne requires an Access Token and Organization API URL for this integration. You need permission to create users in Kandji that will be used to obtain the Access Token and API URL.

Configuration in Kandji

1. Log in to your Kandji subdomain, such as https://{subdomain}.kandji.io/.
2. Go to Settings > Access > API Token. If you do not see this, contact the server admin.
3. Click Add Token.
4. Optionally, enter a token name and description.
5. Copy the API Token. You will not see it again.
6. Configure these API permissions:
   • Device list GET /devices
   • Device details GET /devices/{device_id}/details
   • Application list GET /devices/{device_id}/apps

Upon completion of the configuration, you should to see the organization API URL under the API token section.

Use the organization API URL for API_URL and API token for ACCESS_TOKEN.

Configuration in JupiterOne

To install the Kandji integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Kandji. Click New Instance to begin configuring your integration, providing the following:

• Account Name used to identify the Kandji account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName option is enabled.

• Description to assist in identifying the integration instance, if desired.

• Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

• Kandji Access Token and Kandji API URL generated for use by JupiterOne. Ensure you enter Kandji API URL using the format https://{yourApiUrl}/api/v1/, adding https:// at the beginning and /api/v1/ at the end of the API URL.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.

Kandji data model

Data Model

Entities

The following entities are created:

Resources	Entity _type	Entity _class
Account	kandji_account	Account
App	kandji_app	Application
Blueprint	kandji_blueprint	Configuration
Custom_Profile	kandji_profile	Configuration
Device	kandji_device	Device
User	kandji_user	User

Relationships

The following relationships are created:

Source Entity _type	Relationship _class	Target Entity _type
kandji_account	HAS	kandji_device
kandji_device	INSTALLED	kandji_app
kandji_device	ASSIGNED	kandji_blueprint
kandji_device	ASSIGNED	kandji_profile
kandji_user	OWNS	kandji_device

Kandji types

Kandji Account

kandji_account inherits from Account

Property	Type	Description	Specifications
name *	string

---

Kandji App

kandji_app inherits from Application

Property	Type	Description	Specifications
bundleId *	string
appStoreVendable	string
deviceBasedVpp	string
source	string
process	string

---

Kandji Device

kandji_device inherits from Device

Property	Type	Description	Specifications
serialNumber	string | null
lastCheckinOn	number | null
user.id	number | null
user.name	string | null
user.email	string | null
user.isArchived	boolean | null
blueprintId	string
platform	string
blueprintName	string
mdmEnabled	boolean
agentInstalled	boolean
isMissing	boolean
isRemoved	boolean
agentVersion	string
firstEnrollmentOn	number
lastEnrollmentOn	number
general.systemVersion	string
general.bootVolume	string
general.timeSinceBoot	string
general.lastUser	string
general.assignedUserId	number
general.assignedUserName	string
general.assignedUserEmail	string
general.assignedUserIsArchived	boolean
general.blueprintName	string
general.blueprintUuid	string
mdm.mdmEnabled	string
mdm.installDate	string
mdm.lastCheckIn	string
mdm.mdmEnabledUser	array of strings
activationLock.bypassCodeFailed	boolean
activationLock.userActivationLockEnabled	boolean
activationLock.deviceActivationLockEnabled	boolean
activationLock.activationLockAllowedWhileSupervised	boolean | null
activationLock.activationLockSupported	boolean
filevault.filevaultEnabled	boolean
filevault.filevaultRecoverykeyType	string
filevault.filevaultPrkEscrowed	boolean
filevault.filevaultNextRotation	string
filevault.filevaultRegenRequired	boolean
kandjiAgent.agentInstalled	string
kandjiAgent.installDate	string
kandjiAgent.lastCheckIn	string
kandjiAgent.agentVersion	string
hardwareOverview.modelName	string
hardwareOverview.modelIdentifier	string
hardwareOverview.processorName	string
hardwareOverview.processorSpeed	string
hardwareOverview.numberOfProcessors	string
hardwareOverview.totalNumberOfCores	string
hardwareOverview.memory	string
volumes	array of strings
network.localHostname	string
network.macAddress	string	This property is deprecated and will be removed in future versions. Please use the macAddress property instead.
macAddress	string
network.ipAddress	string
network.publicIp	string
users.regularUsers	array of strings
users.systemUsers	array of strings
installedProfiles	array of strings

---

Kandji User

kandji_user inherits from User

Property	Type	Description	Specifications
id *	string
username *	string
email *	string
active	boolean
isArchived	boolean

---

Kandji Profile

kandji_profile inherits from Configuration

Property	Type	Description	Specifications
active	boolean
mdmIdentifier	string

---

Kandji Blueprint

kandji_blueprint inherits from Configuration

Property	Type	Description	Specifications
id *	string
name *	string
description *	string
computersCount *	string
enrollmentCodeActive *	boolean

---