Skip to main content

June 2023

Platform Updates

  • Effective Friday, July 14th, query results will be delivered via a jupiterone.io URL. The new domains used for data retrieval will be download.us.jupiterone.io and download.eu.jupiterone.io. Please ensure these new domains are added to your allow list as a result of this update.

New Features and Improvements

Queries

  • J1 now offers the field j1_severity on Findings which presents a normalized severity for most Integrated tools that provide findings to JupiterOne. For example, you can now the following queries to return findings across multiple sources of findings data:

    • find Finding with j1_severity = "high": This returns a list of all findings with a normalized severity of “high”.

    • find Finding with j1_severity != undefined as f RETURN f.[j1_severity], count (f): This returns a count of all findings in j1 grouped by j1_severity.

      Note: The following _types do not currently support the j1_severity field. Please let us know if you would benefit from any of these being included:

      KubernetesPolicyReportFindings
      appomni_policy_issue
      appomni_policy_issue_target
      assessment_finding
      aws_ecr_image_scan_finding
      bava_finding
      cast_finding
      csw_workload_finding
      feroot_alert
      flexera_instance_finding
      insightvm_finding
      intune_noncompliance_finding
      nxrl_vulnerability
      orca_cve
      pentest_finding
      polymer_violation
      qualys_web_app_finding
      semgrep_finding
      sentry_finding
      sonarqube_finding
      truffle_github_secret
      truffle_slack_secret

  • Your J1 Questions can now be configured to collect trend data on different polling intervals. If your query produces results that change throughout the day, you can now track trends on intervals of 30 minutes, 1 hour, and 1 day.

  • We have updated permissions to J1Questions so that users with “Read” access to “Shared: Questions” can view questions and share questions but cannot edit, delete, or duplicate the question. Users with “Write” access to “Shared: Questions” can view questions, share questions, edit questions, delete questions, and duplicate the question.

  • We now support querying for additional compliance entities including the following:

    • compliance_requirement
    • reviewer Person ID
    • reviewNow
    • reviewFrequency
    • Owner

  • We have updated our Access Permissions entity views for aws_iam_role, aws_iam_group, and aws_iam_user to be a matrix visualization to help you gather more information at a glance of the types of access to AWS resources these identity types have. 2023-06-29 08 53 47

  • We have made usability/accessibility enhancements in the J1 data-table to allow for you to use keyboard shortcut keys like command+c or CTRL+C to copy values more easily from the data-table.

    Alerts and Rules

  • We have made it easier to view and update the Rules that power your alerts within the Alerts UI by surfacing Rules to sit alongside Alerts in the view's primary actions.

    Updated Alert Rules

Policies and Compliance

  • In J1 Policies, we now support downloading to HTML in addition to downloading to PDF.

Integrations

New Integrations

  • Workday: We have added Workday to our list of official integrations. Read more about our Workday integration.
  • Custom File Transfer: Added new integration Custom File Transfer to enable users to create more robust file transfer jobs that can be scheduled, with all of the flexibility and auditability of normal integrations.

Updates

  • AWS: AWS integrations will now be automatically deleted when the related AWS account is closed.
  • Azure: Allow the ingestion of 'Disabled' subscriptions in addition to the other subscription states supported: ‘Enabled’, ‘PastDue’, ’Warned’ and ’Expired’. You can enable the importation of 'Disabled' subscription by activating the Import Disabled Subscriptions toggle within your Azure integration instance. Note that your Azure integration instance must already have the Configure Subscription Instances toggle enabled for you to ingest disabled subscriptions.
  • CrowdStrike: Added CrowdStrike Zero Trust Assessment (ZTA) data to be ingested.
  • GitLab: Will now consume GitLab Vulnerability Findings.
  • Google Cloud Platform: Added a relationship from the Root entity to the GCP Organization entity.
  • Google Cloud Platform: Consume guest VM properties via OS Config API, including Hostname, OS Name, OS Version, Kernel Version, OS Architecture, Agent Version and Last Updated Time.
  • Microsoft Intune: Added properties lastSyncDateTime and enrolledDateTime.
  • Polymer: Added mapped relationships from Polymer findings to Google Workspace, Slack, and GitHub to indicate ownership of findings and other additional context. Note: This integration is currently in beta.
  • SalesForce: Added the ability to filter ingested users by user Role and Profile to avoid rate limits and improve performance.
  • ServiceNow: Added the capability to ingest a customizable level of ServiceNow CMDB data. Includes relationships showing to whom assets are assigned and who owns/manages the assets.
  • Tanium: Added ingestion of Software Inventory data from "Tanium Asset" add-on capability.

Bug Fixes

  • AWS: Resolved issue causing 404 error if alternate contact not found
  • CircleCI: Resolved issue where duplicate pipelines were being ingested, causing the integration job to fail
  • GoDaddy: Resolved issue which was causing a 429 error (too many requests)
  • SonarQube: Update query approach to reduce issues with hitting API return limitations
  • Tanium: Updates to match recent changes to Tanium API

Contents