JupiterOne Alert Rule Packs

This project contains default rule packs that can be provisioned to your JupiterOne account via the included CLI utility.

Contribution

When making a pull request for this repo, please update the version property in the package.json. If it is not updated, then the code will not get released.

Patch version - x.x.1 - A patch version is used to make a quick fix, patch a security vulnerability, or do clean up. Minor version - x.1.x - A minor version is used to add/remove content Major version - 1.x.x - A major version is used to introduce breaking changes

Rule Packs

• rule-packs/aws-config.json

  Alert rules for AWS configuration audit

• rule-packs/aws-threat.json

  Alert rules for AWS privilege escalation

• rule-packs/aws-privilege-escalation.json

  Alert rules for AWS threat monitoring

• rule-packs/gcp.json

  Alert rules for Google Cloud Platform

• rule-packs/azure-config.json

  Alert rules for Azure configuration audit

• rule-packs/azure.json

  Commonly used Azure alert rules

• rule-packs/gcp.json

  Commonly used GCP alert rules

• rule-packs/common-alerts.json

  Alert rules for GCP privelege escalation

• rule-packs/gcp-privelege-escalation.json

  Commonly used alert rules

• rule-packs/critical-assets.json

  Alert rules to monitor changes to and risks of critical assets

• rule-packs/devops.json

  Commonly used DevOps alert rules

• rule-packs/integration-monitoring.json

  Alert rules for monitoring integration status

All rules inherit the alert settings from index.js.

Provision Rules

To add these alert rules to your account via the CLI, you will need to install the JupiterOne CLI from npm or download source from github:

Install J1 CLI

npm install @jupiterone/jupiterone-client-nodejs -g

Provision Rule Pack

j1 -a <j1AccountId> -u <j1Username> -o provision-alert-rule-pack --alert -f aws-config