Integration Mapping Rules

This document describes the automated mapping rules that connect integration entities to other entities in the graph.

AWS Rules

1. jupiterone_integration -INGESTS-> aws_account

Mapping Rule Conditions

• jupiterone_integration.id = aws_account._integrationInstanceId

_{Rule Id: igm-rule-a0017fd5-35ef-441e-bb05-cc15cb8ed525}

2. Person|Team|UserGroup -MANAGES-> aws_account

Mapping Rule Conditions

• Person | Team | UserGroup.email IN aws_account.operationsContactEmail
• Person | Team | UserGroup.email IN aws_account.securityContactEmail
• Person | Team | UserGroup.email IN aws_account.billingContactEmail
• Person | Team | UserGroup.email IN aws_account.email

_{Rule Id: igm-rule-31add946-1a33-48e1-8936-e0e78b3478c8}

3. aws_route53_record -CONNECTS-> aws_alb

Mapping Rule Conditions

• aws_route53_record.value = aws_alb.dualstackDnsName

_{Rule Id: igm-rule-696f31bd-845f-4020-92a6-cc0a4be6b674}

4. aws_ami -USES-> aws_autoscaling_launch_configuration

Mapping Rule Conditions

• aws_ami.imageId = aws_autoscaling_launch_configuration.imageId

_{Rule Id: igm-rule-2df898ba-26b5-4901-aab7-5cb977b202b8}

5. aws_cloudfront_distribution -CONNECTS-> aws_api_gateway_domain_name

Mapping Rule Conditions

• aws_cloudfront_distribution.origins IN aws_api_gateway_domain_name.domainName
• aws_cloudfront_distribution.origins IN aws_api_gateway_domain_name.regionalDomainName

_{Rule Id: igm-rule-33e6d176-7651-4f49-a767-906fbcc845a3}

6. aws_cloudfront_distribution -CONNECTS-> aws_route53_record

Mapping Rule Conditions

• aws_cloudfront_distribution.origins IN aws_route53_record.name

_{Rule Id: igm-rule-4bf61f3f-0ef6-4166-92cb-b4a41febd5f6}

7. aws_cloudfront_distribution -CONNECTS-> Internet

_{Rule Id: igm-rule-618661e0-49ea-4e27-846d-44d7ddb479d6}

8. aws_cloudfront_distribution_origin -CONNECTS-> aws_alb|aws_elb|aws_nlb

Mapping Rule Conditions

• aws_cloudfront_distribution_origin.domainName = aws_alb | aws_elb | aws_nlb.dnsName

_{Rule Id: igm-rule-c0fb6e72-7129-4448-8f73-2747216ace6b}

9. aws_instance -RUNS-> aws_ecs_container_instance

Mapping Rule Conditions

• aws_instance.instanceId = aws_ecs_container_instance.ec2InstanceId

_{Rule Id: igm-rule-6aa57e31-a2a0-421c-a565-4481fe2bbf79}

10. aws_ecs_service -TRIGGERS-> aws_ecs_task

Mapping Rule Conditions

• aws_ecs_service.deployments IN aws_ecs_task.startedBy

_{Rule Id: igm-rule-52068a54-42f7-43dc-a5a8-1445a71613c2}

11. aws_iam_access_key -HAS-> aws_guardduty_finding

Mapping Rule Conditions

• aws_iam_access_key.id = aws_guardduty_finding.accessKeyId

_{Rule Id: igm-rule-c8bbf641-9cc7-4001-939c-b7bc41527613}

12. aws_iam_role -HAS-> aws_guardduty_finding

Mapping Rule Conditions

• aws_iam_role.id = aws_guardduty_finding.roleId

_{Rule Id: igm-rule-a800d381-0118-43b4-b87c-676915bf4014}

13. aws_iam_user -HAS-> aws_guardduty_finding

Mapping Rule Conditions

• aws_iam_user.id = aws_guardduty_finding.userId

_{Rule Id: igm-rule-897ec90e-5b96-44df-a4ba-ea3c799ef2ea}

14. Person -HAS-> aws_guardduty_finding

Mapping Rule Conditions

• Person.userId IN aws_guardduty_finding.userName

_{Rule Id: igm-rule-9cb629a3-276d-4f0c-9474-4e515166a92b}

15. aws_instance -USES-> aws_iam_role

Mapping Rule Conditions

• aws_instance.iamInstanceProfileId = aws_iam_role.instanceProfileId

_{Rule Id: igm-rule-a59cd62c-408b-4709-9219-0415b9c63b02}

16. aws_internet_gateway -CONNECTS-> Internet

_{Rule Id: igm-rule-332bf443-6209-4ca9-a35a-9779d59081ce}

17. aws_route53_record -CONNECTS-> aws_alb

Mapping Rule Conditions

• aws_route53_record.value = aws_alb.dnsName

_{Rule Id: igm-rule-e4bd96bd-f98d-4feb-87c0-ffbda49b1852}

18. aws_route53_zone -USES-> aws_vpc

Mapping Rule Conditions

• aws_route53_zone.vpcIds IN aws_vpc.id

_{Rule Id: igm-rule-703b8bfa-ba7a-4620-9584-91249cc5e6c5}

19. aws_transfer_server -CONNECTS-> Internet

_{Rule Id: igm-rule-2ddebda4-f4ca-4c0e-acaf-d11b7c59a9bd}

20. aws_alb|aws_s3_bucket|aws_nlb|aws_elb|aws_redshift_cluster -LOGS-> aws_s3_bucket

Mapping Rule Conditions

• aws_alb | aws_s3_bucket | aws_nlb | aws_elb | aws_redshift_cluster.loggingTargetBucket = aws_s3_bucket.bucketName

_{Rule Id: igm-rule-cff0f85f-194e-40e7-876f-0f44a0314cc5}

BIGID Rules

21. bigid_datasource -IS-> aws_s3_bucket

Mapping Rule Conditions

• bigid_datasource.awsBucket = aws_s3_bucket.bucketName

_{Rule Id: igm-rule-139aca1f-b86d-4a9d-812b-82dc93a07feb}

22. bigid_datasource -IS-> aws_s3_bucket

Mapping Rule Conditions

• bigid_datasource.awsBucketv2 = aws_s3_bucket.bucketName

_{Rule Id: igm-rule-0c8e196e-a44c-4b27-aca4-9cbabb7bd3cc}

23. Person -OWNS-> bigid_datasource

Mapping Rule Conditions

• Person.email IN bigid_datasource.owners

_{Rule Id: igm-rule-e5195ef4-2b50-48e2-9f34-4c17fc760d32}

CISCO MERAKI Rules

24. user_endpoint -CONNECTS-> meraki_device

Mapping Rule Conditions

• user_endpoint.publicIp = meraki_device.publicIp

_{Rule Id: igm-rule-53f81e82-efe3-4828-bdb2-69f0e3994dec}

CROWDSTRIKE Rules

25. crowdstrike_aws_api_gateway_resource -IS-> aws_api_gateway_resource

Mapping Rule Conditions

• crowdstrike_aws_api_gateway_resource.arn = aws_api_gateway_resource.arn

_{Rule Id: igm-rule-e2c96f24-52f7-4a26-b39c-6b98d3cccdd6}

26. crowdstrike_aws_api_gateway_rest_api -IS-> aws_api_gateway_rest_api

Mapping Rule Conditions

• crowdstrike_aws_api_gateway_rest_api.arn = aws_api_gateway_rest_api.arn

_{Rule Id: igm-rule-b6c7d8e9-0314-2345-bcde-678901234567}

27. crowdstrike_aws_autoscaling_launch_configuration -IS-> aws_autoscaling_launch_configuration

Mapping Rule Conditions

• crowdstrike_aws_autoscaling_launch_configuration.arn = aws_autoscaling_launch_configuration.arn

_{Rule Id: igm-rule-ad477be7-d4f4-47f7-a7e4-a787855c6eac}

28. crowdstrike_aws_cloudformation_stack -IS-> aws_cloudformation_stack

Mapping Rule Conditions

• crowdstrike_aws_cloudformation_stack.arn = aws_cloudformation_stack.arn

_{Rule Id: igm-rule-1105a0f1-1903-4bf3-8293-1e697b416957}

29. crowdstrike_aws_cloudfront_domain -IS-> aws_cloudfront_distribution

Mapping Rule Conditions

• crowdstrike_aws_cloudfront_domain.arn = aws_cloudfront_distribution.arn

_{Rule Id: igm-rule-fb68b517-ea1d-479b-a5cd-25c3f42404e9}

30. crowdstrike_aws_cloudtrail -IS-> aws_cloudtrail

Mapping Rule Conditions

• crowdstrike_aws_cloudtrail.arn = aws_cloudtrail.arn

_{Rule Id: igm-rule-1dd4f45b-064f-4a49-8652-8a718b1c9f38}

31. crowdstrike_aws_codebuild_project -IS-> aws_codebuild_project

Mapping Rule Conditions

• crowdstrike_aws_codebuild_project.arn = aws_codebuild_project.arn

_{Rule Id: igm-rule-81e9cffb-4a2a-4f9b-8937-9b1b23d0ff36}

32. crowdstrike_aws_cognito_user_pool -IS-> aws_cognito_user_pool

Mapping Rule Conditions

• crowdstrike_aws_cognito_user_pool.arn = aws_cognito_user_pool.arn

_{Rule Id: igm-rule-6e316cfd-9379-464c-a6e0-27e061eb5fec}

33. crowdstrike_aws_config_account -IS-> aws_account

Mapping Rule Conditions

• crowdstrike_aws_config_account.arn = aws_account.arn

_{Rule Id: igm-rule-39e3055f-e440-427b-8ffe-b36ff6e52bad}

34. crowdstrike_aws_dynamodb_table -IS-> aws_dynamodb_table

Mapping Rule Conditions

• crowdstrike_aws_dynamodb_table.arn = aws_dynamodb_table.arn

_{Rule Id: igm-rule-b8c9d0e1-2536-4567-bcde-890123456789}

35. crowdstrike_aws_ebs_snapshot -IS-> aws_ebs_snapshot

Mapping Rule Conditions

• crowdstrike_aws_ebs_snapshot.arn = aws_ebs_snapshot.arn

_{Rule Id: igm-rule-25ed5301-c22a-4fe8-b600-d8ea5f4da4d5}

36. crowdstrike_aws_ebs_volume -IS-> aws_ebs_volume

Mapping Rule Conditions

• crowdstrike_aws_ebs_volume.arn = aws_ebs_volume.arn

_{Rule Id: igm-rule-e6729c53-60a4-45bd-8754-3ad9b3bf7cd6}

37. crowdstrike_aws_ec2_instance -IS-> aws_instance

Mapping Rule Conditions

• crowdstrike_aws_ec2_instance.arn = aws_instance.arn

_{Rule Id: igm-rule-b9b2a8a7-5c47-46c6-a4a1-3b7a0c9d8c1f}

38. crowdstrike_aws_ec2_network_acl -IS-> aws_network_acl

Mapping Rule Conditions

• crowdstrike_aws_ec2_network_acl.arn = aws_network_acl.arn

_{Rule Id: igm-rule-766c6af5-d768-4139-a8ec-40060bb9ddf5}

39. crowdstrike_aws_ec2_security_group -IS-> aws_security_group

Mapping Rule Conditions

• crowdstrike_aws_ec2_security_group.arn = aws_security_group.arn

_{Rule Id: igm-rule-3f7d2c56-9e8b-4a02-8c9b-7a6a1dfb2a34}

40. crowdstrike_aws_ecr_repository -IS-> aws_ecr_repository

Mapping Rule Conditions

• crowdstrike_aws_ecr_repository.arn = aws_ecr_repository.arn

_{Rule Id: igm-rule-15a9ab22-01e8-4003-b830-173d0a1bd1d2}

41. crowdstrike_aws_ecs_task_definition -IS-> aws_ecs_task_definition

Mapping Rule Conditions

• crowdstrike_aws_ecs_task_definition.arn = aws_ecs_task_definition.arn

_{Rule Id: igm-rule-12835efa-19da-4d1f-a380-127898009c95}

42. crowdstrike_aws_eks_cluster -IS-> aws_eks_cluster

Mapping Rule Conditions

• crowdstrike_aws_eks_cluster.arn = aws_eks_cluster.arn

_{Rule Id: igm-rule-5a633deb-f88f-41e6-8c10-0042ff90aefe}

43. crowdstrike_aws_elasticache_cluster -IS-> aws_elasticache_redis_cluster

Mapping Rule Conditions

• crowdstrike_aws_elasticache_cluster.arn = aws_elasticache_redis_cluster.arn

_{Rule Id: igm-rule-4b75304c-670c-44d9-b922-8f9b39226eec}

44. crowdstrike_aws_elb_load_balancer -IS-> aws_elb

Mapping Rule Conditions

• crowdstrike_aws_elb_load_balancer.arn = aws_elb.arn

_{Rule Id: igm-rule-b8153aa7-a1d7-4753-ba9b-a6a0d261d96c}

45. crowdstrike_aws_eventbridge_event_bus -IS-> aws_cloudwatch_event_rule

Mapping Rule Conditions

• crowdstrike_aws_eventbridge_event_bus.arn = aws_cloudwatch_event_rule.arn

_{Rule Id: igm-rule-2afb8bc1-5c37-41ce-82af-d33242be8049}

46. crowdstrike_aws_iam_account -IS-> aws_account

Mapping Rule Conditions

• crowdstrike_aws_iam_account.arn = aws_account.arn

_{Rule Id: igm-rule-f3b1c20f-c352-4cd4-b786-f060695249a3}

47. crowdstrike_aws_iam_group -IS-> aws_iam_group

Mapping Rule Conditions

• crowdstrike_aws_iam_group.arn = aws_iam_group.arn

_{Rule Id: igm-rule-f7c0872b-adb8-4644-b7d3-f9d74099b163}

48. crowdstrike_aws_iam_policy -IS-> aws_iam_policy

Mapping Rule Conditions

• crowdstrike_aws_iam_policy.arn = aws_iam_policy.arn

_{Rule Id: igm-rule-d6ecf11d-e915-4e8c-a6f7-9f346298250d}

49. crowdstrike_aws_iam_role -IS-> aws_iam_role

Mapping Rule Conditions

• crowdstrike_aws_iam_role.arn = aws_iam_role.arn

_{Rule Id: igm-rule-93d0f6db-3f36-4d1a-a36a-540a8b809abd}

50. crowdstrike_aws_iam_s3_policy -IS-> aws_iam_policy

Mapping Rule Conditions

• crowdstrike_aws_iam_s3_policy.arn = aws_iam_policy.arn

_{Rule Id: igm-rule-61c8743a-0968-49b5-86ac-1aafa7563fc1}

51. crowdstrike_aws_iam_user -IS-> aws_iam_user

Mapping Rule Conditions

• crowdstrike_aws_iam_user.arn = aws_iam_user.arn

_{Rule Id: igm-rule-21c728c4-3cf4-4ef4-a821-c80f48a4967d}

52. crowdstrike_aws_kinesis_stream -IS-> aws_kinesis_stream

Mapping Rule Conditions

• crowdstrike_aws_kinesis_stream.arn = aws_kinesis_stream.arn

_{Rule Id: igm-rule-164aae9d-6cc8-49c0-aa92-0a048d5d2beb}

53. crowdstrike_aws_kms_key -IS-> aws_kms_key

Mapping Rule Conditions

• crowdstrike_aws_kms_key.arn = aws_kms_key.arn

_{Rule Id: igm-rule-28a12b5a-5f14-4673-b917-f0fe4e104002}

54. crowdstrike_aws_lambda_function -IS-> aws_lambda_function

Mapping Rule Conditions

• crowdstrike_aws_lambda_function.arn = aws_lambda_function.arn

_{Rule Id: igm-rule-e930188f-471c-4355-a43a-c3e0dd242bd8}

55. crowdstrike_aws_nlb_alb_load_balancer -IS-> aws_alb

Mapping Rule Conditions

• crowdstrike_aws_nlb_alb_load_balancer.arn = aws_alb.arn

_{Rule Id: igm-rule-f1172121-2dfb-4a87-8d2b-7f9b2752118d}

56. crowdstrike_aws_rds_database -IS-> aws_db_instance

Mapping Rule Conditions

• crowdstrike_aws_rds_database.arn = aws_db_instance.arn

_{Rule Id: igm-rule-398666a3-b114-4314-9fd6-723b3b02ed9c}

57. crowdstrike_aws_route53_domain -IS-> aws_route53_domain

Mapping Rule Conditions

• crowdstrike_aws_route53_domain.arn = aws_route53_domain.arn

_{Rule Id: igm-rule-29278d53-90ae-4578-bca5-3d208f6dff59}

58. crowdstrike_aws_s3_bucket -IS-> aws_s3_bucket

Mapping Rule Conditions

• crowdstrike_aws_s3_bucket.arn = aws_s3_bucket.arn

_{Rule Id: igm-rule-a7b8c9d0-1425-3456-abcd-789012345678}

59. crowdstrike_aws_secrets_manager_secret -IS-> aws_secret

Mapping Rule Conditions

• crowdstrike_aws_secrets_manager_secret.arn = aws_secret.arn

_{Rule Id: igm-rule-a5b6c7d8-9203-1234-abcd-567890123456}

60. crowdstrike_aws_sns_topic -IS-> aws_sns_topic

Mapping Rule Conditions

• crowdstrike_aws_sns_topic.arn = aws_sns_topic.arn

_{Rule Id: igm-rule-7a07b65e-88db-4e3e-9c81-3b6360012f72}

61. crowdstrike_aws_sqs_queue -IS-> aws_sqs_queue

Mapping Rule Conditions

• crowdstrike_aws_sqs_queue.arn = aws_sqs_queue.arn

_{Rule Id: igm-rule-4bf0120f-45e3-440c-be72-6d9a411359bd}

62. crowdstrike_aws_ssm_parameter -IS-> aws_ssm_parameter

Mapping Rule Conditions

• crowdstrike_aws_ssm_parameter.arn = aws_ssm_parameter.arn

_{Rule Id: igm-rule-dc3746dd-5dd9-4d00-9714-371711e1d345}

63. crowdstrike_aws_vpc -IS-> aws_vpc

Mapping Rule Conditions

• crowdstrike_aws_vpc.arn = aws_vpc.arn

_{Rule Id: igm-rule-f4b70c18-6ee1-4fa8-9537-2481f08f39c7}

64. crowdstrike_aws_vpc_endpoint -IS-> aws_vpc_endpoint

Mapping Rule Conditions

• crowdstrike_aws_vpc_endpoint.arn = aws_vpc_endpoint.arn

_{Rule Id: igm-rule-d64a5a4e-c412-4f72-b1c5-bf39546394da}

65. crowdstrike_aws_vpc_route_table -IS-> aws_route_table

Mapping Rule Conditions

• crowdstrike_aws_vpc_route_table.arn = aws_route_table.arn

_{Rule Id: igm-rule-b50ce981-4bb7-4131-908a-246ffbfdb21d}

66. crowdstrike_aws_vpc_subnet -IS-> aws_subnet

Mapping Rule Conditions

• crowdstrike_aws_vpc_subnet.arn = aws_subnet.arn

_{Rule Id: igm-rule-1c5cb5b1-9567-4125-bdba-ee749cfa749e}

67. crowdstrike_aws_waf_vpc_endpoint -IS-> aws_vpc_endpoint

Mapping Rule Conditions

• crowdstrike_aws_waf_vpc_endpoint.arn = aws_vpc_endpoint.arn

_{Rule Id: igm-rule-0ad3b176-b193-46dc-a1bf-6be9bad98c50}

68. crowdstrike_azure_ad_domain_service -IS-> azure_ad_domain_service

Mapping Rule Conditions

• crowdstrike_azure_ad_domain_service.id = azure_ad_domain_service.id

_{Rule Id: igm-rule-f3e2a1c4-2d7b-4a8f-91b0-7e6d5c4b3a2f}

69. crowdstrike_azure_app_service -IS-> azure_function_app

Mapping Rule Conditions

• crowdstrike_azure_app_service.id = azure_function_app.id

_{Rule Id: igm-rule-234ad630-692b-4880-8126-5e5c8d6f111e}

70. crowdstrike_azure_cdn_profile -IS-> azure_cdn_profile

Mapping Rule Conditions

• crowdstrike_azure_cdn_profile.id = azure_cdn_profile.id

_{Rule Id: igm-rule-79d15aa2-740a-4fd1-8e67-c7bc67ed8854}

71. crowdstrike_azure_container_app -IS-> azure_container_app

Mapping Rule Conditions

• crowdstrike_azure_container_app.id = azure_container_app.id

_{Rule Id: igm-rule-b9d0c2a1-5f7b-4b9b-9d5e-2f3e8c4f2c5a}

72. crowdstrike_azure_cosmosdb_account -IS-> azure_cosmosdb_account

Mapping Rule Conditions

• crowdstrike_azure_cosmosdb_account.id = azure_cosmosdb_account.id

_{Rule Id: igm-rule-fdcbe5d2-35b5-4af4-a993-0c5546bad06a}

73. crowdstrike_azure_event_hub -IS-> azure_event_hub_namespace

Mapping Rule Conditions

• crowdstrike_azure_event_hub.id = azure_event_hub_namespace.id

_{Rule Id: igm-rule-b5811ae5-25c8-4eda-a0ab-f7e71874c286}

74. crowdstrike_azure_firewall -IS-> azure_network_firewall

Mapping Rule Conditions

• crowdstrike_azure_firewall.id = azure_network_firewall.id

_{Rule Id: igm-rule-a1c20a78-c067-4762-b19f-08308c0fd0ae}

75. crowdstrike_azure_key_vault -IS-> azure_keyvault_service

Mapping Rule Conditions

• crowdstrike_azure_key_vault.id = azure_keyvault_service.id

_{Rule Id: igm-rule-1494f590-b952-47e9-8445-9641ef45e557}

76. crowdstrike_azure_kubernetes_cluster -IS-> azure_kubernetes_cluster

Mapping Rule Conditions

• crowdstrike_azure_kubernetes_cluster.id = azure_kubernetes_cluster.id

_{Rule Id: igm-rule-62ab1fec-87d0-4503-a9b0-17feeb1848f2}

77. crowdstrike_azure_managed_disk -IS-> azure_managed_disk

Mapping Rule Conditions

• crowdstrike_azure_managed_disk.id = azure_managed_disk.id

_{Rule Id: igm-rule-6f626e1c-adcc-4fa0-9681-1bbfb2c738e7}

78. crowdstrike_azure_mysql_server -IS-> azure_mysql_server

Mapping Rule Conditions

• crowdstrike_azure_mysql_server.id = azure_mysql_server.id

_{Rule Id: igm-rule-c57ed702-8f21-4825-bbb3-393576652601}

79. crowdstrike_azure_security_group -IS-> azure_security_group

Mapping Rule Conditions

• crowdstrike_azure_security_group.id = azure_security_group.id

_{Rule Id: igm-rule-307ca2f4-ab1e-49f9-ae3f-f05d7058b09a}

80. crowdstrike_azure_storage_account -IS-> azure_storage_account

Mapping Rule Conditions

• crowdstrike_azure_storage_account.id = azure_storage_account.id

_{Rule Id: igm-rule-cc9d5f2d-c2c5-467c-8de2-f85601af26cd}

81. crowdstrike_azure_subscription -IS-> azure_subscription

Mapping Rule Conditions

• crowdstrike_azure_subscription.id = azure_subscription.id

_{Rule Id: igm-rule-d5c3e587-4a00-4dec-b40c-5249daa9a575}

82. crowdstrike_azure_vm -IS-> azure_vm

Mapping Rule Conditions

• crowdstrike_azure_vm.id = azure_vm.id

_{Rule Id: igm-rule-8a95c67e-aa09-4e68-a354-b740d3fef52a}

83. crowdstrike_azure_vnet -IS-> azure_vnet

Mapping Rule Conditions

• crowdstrike_azure_vnet.id = azure_vnet.id

_{Rule Id: igm-rule-ad55b4b1-8042-4789-9967-ee86529c5b6c}

84. crowdstrike_azure_web_app -IS-> azure_function_app

Mapping Rule Conditions

• crowdstrike_azure_web_app.id = azure_function_app.id

_{Rule Id: igm-rule-1001f1f6-0940-4e2b-a3b8-9e9252015711}

85. crowdstrike_sensor -PROTECTS-> aws_instance

Mapping Rule Conditions

• crowdstrike_sensor.ec2InstanceArn = aws_instance._key

_{Rule Id: igm-rule-1652c792-fc60-41fb-af6e-58c425c252c4}

86. crowdstrike_sensor -PROTECTS-> azure_vm

Mapping Rule Conditions

• crowdstrike_sensor.instanceId = azure_vm.vmId

_{Rule Id: igm-rule-69bd8f24-faba-410f-86c0-c6cdaa467562}

87. crowdstrike_sensor -PROTECTS-> Device&!unified_device

Mapping Rule Conditions

• crowdstrike_sensor.macAddress IN Device&!unified_device.macAddress

_{Rule Id: igm-rule-d4a56fa5-7d2b-43b2-9a83-ae96475a9379}

88. crowdstrike_sensor -PROTECTS-> Device&!unified_device

Mapping Rule Conditions

• crowdstrike_sensor.macAddress = Device&!unified_device.macAddress

_{Rule Id: igm-rule-41db719f-2da4-49cd-aa45-656f099d10e4}

89. crowdstrike_sensor -PROTECTS-> google_compute_instance

Mapping Rule Conditions

• crowdstrike_sensor.instanceId = google_compute_instance.id

_{Rule Id: igm-rule-e94163ae-9746-11ed-a8fc-0242ac120002}

90. crowdstrike_sensor -PROTECTS-> oci_compute_instance

Mapping Rule Conditions

• crowdstrike_sensor.instanceId = oci_compute_instance._key

_{Rule Id: igm-rule-a8f3b2c1-5d4e-4a9b-8c7f-1e2d3f4a5b6c}

91. crowdstrike_sensor -PROTECTS-> vsphere_vm

Mapping Rule Conditions

• crowdstrike_sensor.macAddress IN vsphere_vm.macAddress
• crowdstrike_sensor.connectionIp = vsphere_vm.ipAddress
• crowdstrike_sensor.hostname = vsphere_vm.host

_{Rule Id: igm-rule-350e504d-18d8-4f71-b9ca-37765e0dd09e}

JAMF Rules

92. crowdstrike_sensor -PROTECTS-> user_endpoint

Mapping Rule Conditions

• crowdstrike_sensor.macAddress = user_endpoint.macAddress

_{Rule Id: igm-rule-8f7bf995-5356-4425-a78e-713d186ca176}

KUBERNETES Rules

93. kube_container_spec -USES-> aws_ecr_image

Mapping Rule Conditions

• kube_container_spec.image IN aws_ecr_image.fullName

_{Rule Id: igm-rule-65a1103a-1207-4cbe-8899-1f3f49be19ca}

MICROSOFT ENDPOINT DEFENDER Rules

94. microsoft_defender_machine -PROTECTS-> aws_instance

Mapping Rule Conditions

• microsoft_defender_machine.computerDnsName IN aws_instance.fqdn

_{Rule Id: igm-rule-923ad033-1da2-497f-b75d-a0d03ff6541a}

OKTA Rules

95. okta_application -CONNECTS-> azure_account

Target Filters

• appAccountType = "office365_account"
• isSAMLApp = true
• ssoEnabled = true

Mapping Rule Conditions

• okta_application.appVendorName = azure_account.vendor
• okta_application.appDomain = azure_account.verifiedDomains
• okta_application.appAccountId = azure_account.displayName

_{Rule Id: igm-rule-99de2f2a-23d5-4299-ae53-066881436340}

ORCA Rules

96. aws_lambda_function -HAS-> orca_asset

Target Filters

• type = "function"
• cloudProvider = "aws"

Mapping Rule Conditions

• aws_lambda_function.arn = orca_asset.assetVendorId

_{Rule Id: igm-rule-c2180448-f0be-4091-9596-642661432917}

97. aws_instance -IS-> orca_asset

Target Filters

• type = "vm"
• cloudProvider = "aws"

Mapping Rule Conditions

• aws_instance.instanceId = orca_asset.assetVendorId

_{Rule Id: igm-rule-0f4bd643-e1c1-425c-b2d2-228358be68ad}

98. azure_vm -IS-> orca_asset

Target Filters

• type = "vm"
• cloudProvider = "azure"

Mapping Rule Conditions

• azure_vm.vmId = orca_asset.assetVendorId

_{Rule Id: igm-rule-014f01d5-4059-4ae5-88dd-5e587d05079a}

RAPID7 Rules

99. insightvm_host -IS-> aws_instance

Mapping Rule Conditions

• insightvm_host.sourceAWS = aws_instance.id

_{Rule Id: igm-rule-ad4da876-f247-4fb0-a0eb-70edff0c1135}

SENTINELONE Rules

100. sentinelone_agent -PROTECTS-> user_endpoint

Mapping Rule Conditions

• sentinelone_agent.uuid = user_endpoint.deviceId
• sentinelone_agent.serial = user_endpoint.serial

_{Rule Id: igm-rule-a241f3e8-39b5-4c4a-bb03-6a57cfb56e54}

SNYK Rules

101. snyk_project -SCANS-> CodeRepo

Target Filters

• snyk_project = "github"
• snyk_project = "github-enterprise"
• snyk_project = "bitbucket"
• snyk_project = "gitlab"

Mapping Rule Conditions

• snyk_project.repoOrganization = CodeRepo.owner
• snyk_project.repoName = CodeRepo.name

_{Rule Id: igm-rule-79e7b53f-7fec-43f0-8aa2-25d86d1f630d}

TENABLE CLOUD Rules

102. tenable_asset -IS-> user_endpoint

Mapping Rule Conditions

• user_endpoint.macAddress IN tenable_asset.macAddresses

_{Rule Id: igm-rule-dd10f855-f7ea-4344-94dd-029b5e66a89f}

103. user_endpoint -HAS-> tenable_vulnerability_finding

Mapping Rule Conditions

• user_endpoint.macAddress = tenable_vulnerability_finding.macAddress

_{Rule Id: igm-rule-16059bc4-b30d-48c7-a817-ff1d5820ae0d}

TREND MICRO Rules

104. trend_micro_sensor -PROTECTS-> aws_instance

Target Filters

• cloudProvider = "AWS"

Mapping Rule Conditions

• trend_micro_sensor.ec2InstanceId = aws_instance.instanceId

_{Rule Id: igm-rule-74cb8e41-c566-4cd3-b68a-89edea7099a1}

105. trend_micro_sensor -PROTECTS-> user_endpoint

Mapping Rule Conditions

• trend_micro_sensor.hostname = user_endpoint.hostname

_{Rule Id: igm-rule-041a190d-25c2-47a7-a0ac-da70304a7475}

WIZ Rules

106. Entity -HAS-> wiz_vulnerability_finding

Target Filters

• assetCloudPlatform = "AWS"

Mapping Rule Conditions

• Entity._key = wiz_vulnerability_finding.assetProviderUniqueId

_{Rule Id: igm-rule-71f137fd-43f6-4b57-ad41-1f55d16a0714}