Skip to content

Commit

Permalink
APP-13948: Add Device Anomaly Detection Beta board
Browse files Browse the repository at this point in the history
henrymgarrett committed Nov 29, 2023

Unverified

The committer email address is not verified.
1 parent 119cf69 commit d07da0d
Showing 6 changed files with 182 additions and 4 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -16,6 +16,7 @@ List of dashboards:
- [Data Breach Cost](src/boards/data-breach-cost/)
- [Data Protection](src/boards/data-protection/)
- [Device Management](src/boards/device-management/)
- [Device Anomaly Detection (Beta)](src/boards/device-anomaly-detection-beta/)
- [GCP Compute Projects and Instances](src/boards/gcp-compute/)
- [GCP IAM](src/boards/gcp-iam/)
- [GDPR Data Locations](src/boards/gdpr-data-locations/)
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@jupiterone/insights-dashboards",
"version": "4.0.3",
"version": "4.1.0",
"description": "JupiterOne Insights Dashboards",
"repository": {
"type": "git",
150 changes: 150 additions & 0 deletions src/boards/device-anomaly-detection-beta/board.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
{
"widgets": [
{
"noResultMessage": "No unified_device entities were found.",
"questionId": "da1bee84-6767-4229-a26d-49780bd3af60",
"description": "",
"id": "50204d5b-dcbf-48fc-8b4d-d923675d5570",
"title": "Unified Devices",
"type": "number",
"config": {
"queries": [
{
"name": "Query 1",
"query": "FIND unified_device as d RETURN COUNT(d) as value",
"id": "1dacff4e-8cb0-4a64-b8de-1b931b4e056c"
}
],
"settings": {
"number": {
"trendDataIsEnabled": true
}
}
}
},
{
"id": "1060bb89-dea7-41bd-b4b1-a43224abee80",
"title": "",
"type": "markdown",
"config": {
"queries": [],
"settings": {
"markdown": {
"text": "Welcome to the Device Anomaly Detection Beta! We appreciate your willingness to give us feedback to help make JupiterOne better for everyone.\n\nThis dashboard highlights the data and insights produced by the anomaly detection system (powered by JupiterOne AI).\nThe system scans the `unified_device` entities in your account, and uses advanced machine learning\nalgorithms to detect anomalies in that data set. It combines the raw property values with computed properties\nthat augment the data with overall graph context. When an anomaly is found, it is persisted to the graph as\na `device_anomaly` entity, and related to the `unified_device` entity it describes."
}
}
}
},
{
"noResultMessage": "No anomalies found in your device inventory.",
"questionId": "39a1b9f7-a381-40c7-9d37-865a78f4b12f",
"description": "",
"id": "5438988b-53a0-4c01-985f-45bfe8b6b0ac",
"title": "Anomalies Identified",
"type": "number",
"config": {
"queries": [
{
"name": "Query 1",
"query": "FIND device_anomaly as d RETURN COUNT(d) as value",
"id": "3ca282cc-d61c-48ba-a80e-c68b571f467a"
}
],
"settings": {
"number": {
"trendDataIsEnabled": true
}
}
}
},
{
"description": "This widget sorts the device_anomaly entities by their anomalyScore, which indicates the overall degree of anomalousness.",
"id": "4dbda07a-8db1-4e4e-a6d1-ab8bc3bc2759",
"title": "Most Anomalous Devices",
"type": "table",
"config": {
"queries": [
{
"name": "Query 1",
"query": "FIND device_anomaly (THAT HAS unified_device as device)? \nRETURN device_anomaly.displayName as anomalyName, device_anomaly.anomalyScore as anomalyScore, device.displayName as deviceName\nORDER BY device_anomaly.anomalyScore DESC\n"
}
],
"settings": {
"table": {}
}
}
},
{
"description": "This widget shows the entire graph structure of how the anomaly_detection_assessment relates to the unified_device through a device_anomaly entity.",
"id": "5ded0d7e-d2c8-4f04-bb45-8a0ce85e44a4",
"title": "Anomaly Detection Assessment",
"type": "graph",
"config": {
"queries": [
{
"name": "Query 1",
"query": "FIND anomaly_detection_assessment\n THAT IDENTIFIED device_anomaly\n (THAT HAS unified_device)?\nRETURN TREE"
}
],
"settings": {
"graph": {
"graphViewType": "tree_horizontal"
}
}
}
}
],
"layouts": {
"sm": [],
"xs": [],
"lg": [
{
"static": false,
"w": 3,
"moved": false,
"h": 3,
"x": 3,
"y": 2,
"i": "50204d5b-dcbf-48fc-8b4d-d923675d5570"
},
{
"static": false,
"w": 12,
"moved": false,
"h": 2,
"x": 0,
"y": 0,
"i": "1060bb89-dea7-41bd-b4b1-a43224abee80"
},
{
"static": false,
"w": 3,
"moved": false,
"h": 3,
"x": 0,
"y": 2,
"i": "5438988b-53a0-4c01-985f-45bfe8b6b0ac"
},
{
"static": false,
"w": 12,
"moved": false,
"h": 3,
"x": 0,
"y": 5,
"i": "4dbda07a-8db1-4e4e-a6d1-ab8bc3bc2759"
},
{
"static": false,
"w": 6,
"moved": false,
"h": 3,
"x": 6,
"y": 2,
"i": "5ded0d7e-d2c8-4f04-bb45-8a0ce85e44a4"
}
],
"xl": [],
"md": []
}
}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
20 changes: 20 additions & 0 deletions src/boards/device-anomaly-detection-beta/readme.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
Publisher: JupiterOne
---

# Device Anomaly Detection (Beta)

![sample-screenshot](board.png)

Insight dashboard that shows off the Anomaly Detection functionality
for Device data (currently in Beta).

List of prerequisites: Requires the user to be a part of the Device Management Anomaly
Detection Early Access Program (EAP). Requires at least an MDM (Device Management), EDR (Device
Agent/Scanning), or Cloud Service Provider integration; Ideally utilizes all of
the above plus an integration with an Identity Provider.

> Prerequisites:
>
> Requires at least an MDM (Device Management), EDR (Device Agent/Scanning), or Cloud Service Provider integration
> Ideally utilizes all of the above plus an integration with an Identity Provider.
13 changes: 10 additions & 3 deletions src/index.ts
Original file line number Diff line number Diff line change
@@ -10,7 +10,7 @@ import softwareDependenciesAndLicenses from "./boards/software-dependencies-and-
import criticalAttackSurface from "./boards/critical-attack-surface/board.json";
import dataBreachCost from "./boards/data-breach-cost/board.json";
import dataProtection from "./boards/data-protection/board.json";
import deviceManagement from './boards/device-management/board.json';
import deviceManagement from "./boards/device-management/board.json";
import secureDevelopment from "./boards/secure-development/board.json";
import firewall from "./boards/network-security/board.json";
import gcpCompute from "./boards/gcp-compute/board.json";
@@ -35,7 +35,8 @@ import userEndpoints from "./boards/user-endpoints/board.json";
import userTraining from "./boards/user-training/board.json";
import vendorMgmt from "./boards/vendor-mgmt/board.json";
import vulnReporting from "./boards/vuln-reporting/board.json";
import povInsights from "./boards/pov-insights/board.json"
import povInsights from "./boards/pov-insights/board.json";
import anomalyDetectionBeta from "./boards/device-anomaly-detection-beta/board.json";

// All of these boards are available as templates for import when creating a new board in app
export const InsightsDashboards = {
@@ -50,7 +51,7 @@ export const InsightsDashboards = {
"CrowdStrike and JAMF Comparison": jamfCrowdStrike,
"Data Breach Cost": dataBreachCost,
"Data Protection": dataProtection,
'Device Management': deviceManagement,
"Device Management": deviceManagement,
"GCP Compute": gcpCompute,
"GCP IAM": gcpIam,
"GDPR Data Locations": gdprDataLocations,
@@ -179,6 +180,12 @@ export const MANAGED_BOARDS = [
category: BoardCategory.CLOUD_POSTURE,
...azureResources,
},
{
id: "device-anomaly-detection-beta",
name: "Device Anomaly Detection (Beta)",
category: BoardCategory.ASSETS_ATTACK_SURFACE,
...anomalyDetectionBeta,
},
{
id: "gcp-compute",
name: "GCP Compute",

0 comments on commit d07da0d

Please sign in to comment.