JupiterOne November 2024 Release

Application

User Interface Enhancements

• The user interface now respects new resource permissions for alerts, ensuring that users without the necessary permissions cannot attempt to create rules or view related menu items.
• A new feature has been added to the QueryManager, allowing users to select different view types (Graph, JSON, Table) without affecting non-matrix views. The matrix view will still render even when there are no results, enabling users to modify queries seamlessly.
• An indicator has been added in the UI to show when an alert is disabled due to failures, enhancing user awareness of alert statuses.
• The lastSeenOn filter now allows users to declare a time range, improving the filtering capabilities for results based on their last seen date.

Query and Data Handling Improvements

• The CSV export functionality has been recreated in the Graph Query Language (GQL), allowing users to export data more effectively.
• Raw values are now correctly passed to queries for drilldowns, improving the accuracy of data retrieval.
• The system has been enhanced to ensure that only users with read access can attempt to retrieve associated rules and alerts from the API, improving the user experience.

Resource Permissions and Role-Based Access Control (RBAC)

• The system now automatically applies read permissions when users are granted create, update, or delete permissions for resources, streamlining permission management.
• A new resource group feature has been introduced, allowing for better organization and management of permissions across different resources.
• The integration service has been updated to include a resourceGroupId property, enhancing the granularity of permissions for integration instances.
• The RBAC system has been integrated into various services, including dashboards and alerts, ensuring that permissions are respected across the platform.

Bug Fixes and Performance Improvements

• Several bugs have been addressed, including issues with the graph viewer displaying incorrect types and the ServiceNow action in rules not functioning as expected.
• Improvements have been made to the performance of the rule service, including the addition of task protection to prevent unauthorized actions.
• The UI has been refined to prevent overflow issues in matrix views and ensure that filter item labels remain within their containers.

Documentation and Testing Enhancements

• Documentation has been updated to clarify that rules will be disabled if they have not been updated or successfully run in the last 30 days.

Miscellaneous Updates

• The integration service now supports filtering by resource group, enhancing the user experience when managing integrations.

These updates collectively enhance the usability, security, and performance of the application, ensuring a more robust experience for users.

Integrations

Integration Updates

Crowdstrike

• The integration has been updated to enhance its functionality, including improvements to the handling of device relationships and data consistency.

Automox

• Device relationships have been updated to ensure better tracking and management of devices within the Automox integration.

GitHub Enterprise

• Resolved issues with the retry logic for the integration, which was previously failing. The integration now successfully connects and retrieves data.

AWS

• Addressed query issues related to security hub findings, ensuring that relevant data is accurately captured and reported.

Azure

• Fixed missing relationships for Azure VM scale sets, allowing for better visibility and management of network entities.

Google Cloud

• Added public access properties for Google Cloud Storage buckets to enhance asset visibility.

LogicMonitor

• Implemented additional data governance updates to ensure that all relevant data fields are accurately captured and normalized.

Okta

• Enhanced the integration to include AWS IAM Identity Center, allowing for better management of identity service entities.
• Updated data governance processes to ensure that all necessary attributes are captured for user and device relationships.

Microsoft 365

• Improved the integration to ensure that device attributes such as hostname and IP addresses are accurately reflected, enhancing correlation capabilities.

Tenable.io

• Modified the integration to allow for base URL customization, accommodating different hosting environments for federal entities.

InsightVM

• Addressed the issue of missing hostname attributes in the integration, ensuring that all relevant data is available for correlation and unification.

General Enhancements

• Various bug fixes and performance improvements across integrations, including enhancements to error handling and data normalization processes.
• Implemented changes to reduce installation times through the use of NPM workspaces.

These updates aim to enhance the overall functionality and reliability of integrations, providing users with better visibility and management of their assets and relationships.

Content

Alert Rule Enhancements

• Added examples for Alert Rule Action Templates covering various action types including Slack, Email, Jira, and ServiceNow. This enhancement provides users with a clearer understanding of how to implement these actions effectively.

Content Management Updates

• Promoted "admin fields" in user profiles to enhance user management capabilities.
• Updated AWS questions to improve their accuracy and relevance, addressing issues with outdated or ineffective queries. This includes identifying and removing problematic queries that do not align with CIS control logic.

Compliance and Security Features

• Migrated AWS CIS 2.0 questions to the alert rule pack, enhancing compliance monitoring capabilities.
• Developed new managed questions related to Terraform, focusing on identifying workspace changes and ensuring that users are utilizing multi-factor authentication.
• Added a framework for AWS Foundational Security Best Practices, allowing users to evaluate their adherence to essential security standards.

Integration Improvements

• Enhanced integration with Azure by adding new properties to the azure_public_ip asset, improving data visibility and usability.
• Updated the integration with AWS to include newly created EC2 AMI fields, ensuring that users have access to the latest information for their queries.

Dashboard and Insights

• Published new insights dashboards, including AWS Cost Analysis and Cloud Instance Workload Analysis, providing users with valuable analytics tools.
• Improved the Asset Management Dashboard and Patch Management features, enhancing visibility into asset statuses and compliance.

Bug Fixes and Performance Improvements

• Resolved issues related to the extraction of WAF v2 Web ACL rules, ensuring that users can query and inspect WAF rules effectively.
• Fixed bugs affecting the visibility of certain properties in integrations, such as Snyk findings and Azure Event Hub parameters, enhancing overall system reliability.

User Experience Enhancements

• Enhanced the user interface for managing questions related to integrations, allowing users to focus on relevant queries based on their configured environments.

These updates collectively enhance the functionality, compliance, and user experience of the JupiterOne platform, ensuring that users have the tools they need to manage their security and compliance effectively.

Platform

Enhancements and Features

• Cluster Management: Implemented a new workflow to restart graph database cluster members on a schedule, ensuring they utilize the latest SSL certificates. This enhancement improves security and reliability in certificate management.
• Graph MapperRule Management: Transitioned all mappable rules to a new JOIN template, promoting consistency and reducing errors. This update also allows for improved compliance with search composites, enhancing the overall integrity of the rules.

Bug Fixes

• Mapper Rule Overlaps: Addressed an edge case where mapper rules could overwrite relationships created by other rules, ensuring data integrity and preventing conflicts.

• SSL Certificate Management: Resolved an edge case in the issuance and renewal of SSL certificates, adjusting the renewal schedule to prevent potential failures in certificate updates.

• Query Performance: Investigated and resolved performance issues related to specific queries to enhance response times and reliability.

Technical Improvements

• Index Management: Implemented a scheduled job to ensure that necessary indices are created in the graph database as data is ingested, improving query performance.

• Search Composite Enhancements: Updated the search composite functionality to allow for directionality to be either source or target, providing greater flexibility in query construction.

• Labeling Enhancements: Added support for additional labels in the Eligible For Equality function, enhancing the functionality and usability of the system.

Version Upgrade

• Graph Database Upgrade: Upgraded to graph database version, which includes fixes for unexpected store size growth and improved data management. This upgrade enhances overall system performance and reliability.

These updates collectively enhance the functionality, performance, and maintainability of the graph database, ensuring a more robust and efficient system for users.