Skip to main content

JupiterOne August 2023 Release


We have officially migrated our documentation to our new site here at! πŸ₯³

New Features and Improvements​


Natural Language Queries​

JupiterOne now supports natural language to generate J1QL (JupiterOne query language). You can now type questions like "What new IAM users have been created in the last week?" and "What s3 buckets do I have?" and J1 will convert these questions into J1QL syntax. This feature is currently only available in the Query Anywhere Search Box

Natural Language Query


The csv exporting experience has been upgraded to allow for larger downloads (1 million entity limit) and an email link to access your downloaded file.

CSV Export update

Properties Panel​

Your Properties Panel has been refreshed with a whole new look and new features to help you find what you are looking for faster in JupiterOne.

Properties updates

Properties Search

Property search and modified properties view


  • Added two new Insights dashboards corresponding to our new Alert Rule Packs for Device Management and Toxic Combinations.
    • The Device Management dashboard can be found under Assets and requires at least one integration that ingests devices
    • The Toxic Combinations dashboard can be found under Attack Surface category and requires integration into J1 of your Endpoint Detection & Response tools, Mobile Device Management, Cloud Service Provider, and Identity Provider systems

Alerts and Rules​

  • Released two new Alert Rule Packs: Device Management and Toxic Combinations, both of which are tagged in Alerts as DeviceManagement and ToxicCombinations respectively.

  • You can now preview your Alert Rule Action using the "preview" toggle. This allows you to see the json for the first 10 query results which power your alert. alert rule preview

    Learn more about installing rule packs β†’


New Integrations​


  • AWS: In the US environment of JupiterOne (, the Trust Relationship on the AWS IAM Role used by the AWS Integration has been changed to trust 5 additional JupiterOne-owned AWS accounts. In addition to the original JupiterOne AWS Account ID (612791702201), the role should be updated to trust the following 5 AWS Account IDs:

  • 592277296164

  • 543056157939

  • 688694159727

  • 248422699954

  • 703115985002

The public GitHub repository for CloudFormation & Terraform templates has been updated accordingly. This is change helps to reduce AWS rate limits and is highly encouraged, but not required–all AWS integrations will continue to function as expected without these changes. Please reach out to your account representatives with additional questions.

  • Azure: Added the ability to ingest MFA properties for the azure_user entity. New properties include:
    • mfaEnabled (boolean)
    • mfaType (string, the user preferred method)
    • mfaMethods (array of strings, includes all MFA methods the user has configured)

Your Azure instance API token will need to have the AuditLog.Read.All permission in order to ingest the MFA properties.

  • CrowdStrike: Our CrowdStrike integration now ingests information on applications with vulnerabilities with the following new entity:

    ResourceEntity _typeEntity _class

    With the addition of this entity, we have also updated the relationships:

Source Entity _typeRelationship _classTarget Entity _type