Signal Sciences
Visualize Signal Sciences corps and users, and monitor changes through queries and alerts.
- Installation guide
- Signal Sciences data model
- Signal Sciences types
Installation
For this integration, JupiterOne requires a Signal Sciences API Access Token. This can be created by navigating to your user profile within Signal Sciences. See their documentation for additional information on managing API Access Tokens. Once created, save the key to a secure location for use in JupiterOne.
The API Access Token generated on Signal Sciences will inherit the same role as the user that generated it. For this integration, the role of Observer is sufficient for the ingestion of corps and users.
Configuration in JupiterOne
To install the Signal Sciences integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Signal Sciences. Click New Instance to begin configuring your integration.
Creating a configuration requires the following:
The Account Name used to identify the Signal Sciences account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled.Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.Your Signal Sciences user(the email associated to the Signal Sciences account that created the API access token).
The API access token generated in Signal Sciences for use with JupiterOne.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Agent | sigsci_agent | Firewall |
| Cloud WAF | sigsci_cloudwaf | Firewall |
| Corp | sigsci_corp | Organization |
| Site | sigsci_site | Application |
| User | sigsci_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
sigsci_agent | PROTECTS | sigsci_site |
sigsci_corp | HAS | sigsci_cloudwaf |
sigsci_corp | HAS | sigsci_site |
sigsci_corp | HAS | sigsci_user |
Sigsci Corp
sigsci_corp inherits from Organization
| Property | Type | Description | Specifications |
|---|---|---|---|
smallIconURI * | string | ||
siteLimit * | number | ||
sitesUri | string | ||
authType * | string | ||
logoutURI * | string | ||
samlCert * | string | ||
signRequestsUsingStoredCert * | boolean | ||
samlRequestCert * | string | ||
sessionMaxAgeDashboard * | number | ||
apiTokenMaxAge * | number | ||
restrictedAccessTokens * | boolean | ||
ssoProvisioningConfigured * | boolean |
Sigsci User
sigsci_user inherits from User
| Property | Type | Description | Specifications |
|---|---|---|---|
role * | string |
Sigsci Cloudwaf
sigsci_cloudwaf inherits from Firewall
| Property | Type | Description | Specifications |
|---|---|---|---|
description * | string | ||
region * | string | ||
tlsMinVersion * | string | ||
siteNames * | array of strings | ||
deployment.Status * | string | Please use deploymentStatus | deprecated: true |
deploymentStatus * | string | ||
deployment.Message | string | Please use deploymentMessage | deprecated: true |
deploymentMessage | string | ||
deployment.EgressIps * | array of strings | ||
deploymentEgressIps * | array of strings | ||
deployment.DnsEntry * | string | Please use deploymentDnsEntry | deprecated: true |
deploymentDnsEntry * | string | ||
useUploadedCertificates * | boolean | ||
createdBy * | string | ||
updatedBy * | string |
Sigsci Site
sigsci_site inherits from Application
| Property | Type | Description | Specifications |
|---|---|---|---|
agentLevel * | string | ||
blockHttpCode * | number | ||
blockDurationSeconds * | number |
Sigsci Agent
sigsci_agent inherits from Firewall
| Property | Type | Description | Specifications |
|---|---|---|---|
active * | boolean | Whether agent was seen in past 5 minutes | |
address * | string | RPC Address | |
arguments * | string | Command line arguments | |
buildId * | string | Commit SHA of current build | |
enabled * | boolean | Configuration flag for on/off | |
lastRuleUpdatedOn | number | Timestamp of last rules update | |
lastSeenOn | number | Timestamp of last heartbeat | |
maxProcs * | number | GOMAXPROCS setting | |
name * | string | ||
ruleUpdates * | number | Counter of rule updates | |
status * | string | Any of: onlineoffline | |
uptime * | number | Counter of uptime in seconds | |
version * | string |