Table of Contents:
Entities on the platform are organized into categories and classes for better classification. Categories represent broad groupings based on the entity's type and nature, while classes provide more specific sub-groupings determined by the entity's role, function, and characteristics. Each class encompasses a defined set of entities that share common traits.
The following table provides a brief description of each class within the respective entity categories.
Category | Class | Description |
---|---|---|
Applications & Services
|
Application |
A software product or application deployed in a computing environment. |
Account | An organizational account for a service or a set of services (e.g. AWS, Okta, Bitbucket Team, Google G-Suite account, Apple Developer Account). Each account should be connected to a Service. | |
Channel | A communication channel used for exchanging messages or notifications, such as a Slack channel or AWS SNS topic. | |
Key | A cryptographic key is used for authentication, encryption, or signing purposes. | |
Deployment | The process of distributing and activating code, applications, infrastructure, or services changes. | |
Task | A computational task, such as an AWS Batch job or ECS task, represents a unit of work to be executed. | |
Service | A service provided by a vendor or organization, offering specific functionality or features. | |
Subscription | A subscription to a service or channel, indicates a formal agreement to receive updates or access. | |
Module | A software or hardware module, such as an npm module or Java library, provides specific functionality or features. | |
Project | A software development project or generic project. | |
Compute & Devices
|
Application | A software product or application deployed in a computing environment. |
Channel | A communication channel used for exchanging messages or notifications, such as a Slack channel or AWS SNS topic. | |
Cluster | A cluster of compute or database resources/workloads. | |
Container | A standardized unit of software that packages code, dependencies, and configurations for deployment. | |
Device | A physical device or media, such as a server, laptop, workstation, smartphone, tablet, router, firewall, switch, Wi-Fi access point, or USB drive. The exact data type is described in the _type property of the Entity. | |
Host | A compute instance that itself owns a whole network stack and serves as an environment for workloads. Typically, it runs an operating system. The exact host type is described in the _type property of the entity. The UUID of the host should be captured in the _id property of the entity. | |
Image | A system image, such as an AWS AMI (Amazon Machine Image), used for creating virtual machines or containers. | |
Queue | A scheduling queue of computing processes or devices. | |
Workload | A virtual compute instance, such as an AWS EC2 instance, Docker container, AWS Lambda function, application process, or VMware instance. The exact workload type is described in the _type property of the Entity. | |
HostAgent | A software agent or sensor that runs on a host or endpoint, monitoring and managing security or performance. | |
Data & Storage
|
Backup | A specific repository or data store containing backup data. |
CodeRepo | A repository for storing source code, which may include version control and collaboration features. | |
DataCollection | A database table used for storing structured data records. | |
DataObject | An individual data object, such as an AWS S3 object, SharePoint document, source code, or a file (on disk). The exact data type is described in the _type property of the Entity. | |
DataStore | A virtual repository where data is stored, such as AWS S3 bucket, AWS RDS cluster, AWS DynamoDB table, Bitbucket repository, SharePoint site, or Docker registry. The exact type is described in the _type property of the Entity. | |
Database | A database cluster or instance. | |
Disk | A disk storage device such as an AWS EBS volume. | |
Secret | A secret used for secure communication or access, such as encryption keys or passwords. | |
Vault | A collection of secrets, such as encryption keys or passwords, used for secure storage and access control. | |
Logs | A specific repository or destination containing application, network, or system logs for analysis and monitoring purposes. | |
Repository | A repository containing resources, such as a Docker container registry repository hosting Docker container images. | |
Identities & Access
|
Access key | A key used to grant access, such as ssh-key, access-key, api-key/token, mfa-token/device, etc. |
AccessPolicy | A policy for access control assigned to a Host, Role, User, UserGroup, or Service. It governs permissions and restrictions. | |
AccessRole | An access control role mapped to a Principal (e.g. user, group, or service). It defines the actions a user or service can perform. | |
Group | A collection of entities grouped together for organizational or access control purposes. | |
Directory | A directory service for organizing and managing user accounts, permissions, and resources, such as LDAP or Active Directory. | |
Certificate | A digital Certificate such as an SSL or S/MIME certificate. | |
Key | A cryptographic key used for authentication, encryption, or signing purposes. | |
User | A user account or login used to access systems or services, such as Okta, AWS IAM, or SSH users. | |
Networks
|
Domain | An internet domain. |
DomainRecord | The DNS record associated with a domain, used for mapping domain names to IP addresses. | |
DomainZone | The DNS zone configuration for an internet domain, specifying authoritative name servers and domain records. | |
Firewall | A piece of hardware or software that protects a network, host, or application. | |
Gateway | A gateway or proxy device or service used to connect different networks or protocols, such as a network router or application gateway. | |
IpAddress | A re-assignable IP address resource entity, used for identifying devices on a network. | |
Network | A network infrastructure, such as an AWS VPC or subnet, used for connecting computing resources and devices. | |
NetworkEndpoint | A network endpoint for connecting to or accessing network resources, such as NFS mount targets or VPN endpoints. | |
NetworkInterface | A re-assignable software-defined network interface resource entity, used for connecting devices to a network. | |
ApplicationEndpoint | An interface of an application that either sends or receives requests, such as an API. | |
People & Organization
|
Account | An organizational account for a service or a set of services (e.g. AWS, Okta, Bitbucket Team, Google G-Suite account, Apple Developer Account). Each Account should be connected to a Service. |
Group | A collection of entities grouped together for organizational or access control purposes. | |
Site | The physical location of an organization or a reference to AWS regions, indicating where operations or services are located. | |
Team | A team consisting of multiple member entities, such as a development or security team. | |
Vendor | An external organization or service provider offering products or services to customers. | |
Organization | An organization or company, such as JupiterOne, comprising internal or external entities. | |
Person | An individual representing an actual person, such as an employee of an organization. | |
Policy & Documentation
|
Configuration | Definitions describing a resource's configuration, such as an AWS ECS task definition. |
Standard | An object representing a standard, such as a compliance or technical standard, used for evaluating or enforcing requirements. | |
ControlPolicy | A technical or operational policy containing rules that govern security controls. | |
Rule | An operational or configuration compliance rule, typically part of a ruleset. | |
Ruleset | An operational or configuration compliance ruleset containing rules governing security controls or IT systems. | |
Section | A section or segment, often representing a part of a larger document or system. | |
Policy | A written documentation defining rules, procedures, or controls for governance or compliance. | |
Control | A security or IT Control implemented to enforce policies and procedures, ensuring compliance and mitigating risks. | |
Document | A document or data object. | |
PasswordPolicy | A password policy containing rules for creating and managing passwords, ensuring security and compliance. | |
Procedure | A written procedure and control documentation, typically implementing policies and standards. | |
Record | A DNS record, official record (e.g., Risk), written document (e.g., Policy/Procedure), or reference (e.g., Vulnerability/Weakness). The exact record type is captured in the _type property of the Entity. |
Comments
0 comments
Please sign in to leave a comment.