Skip to content
This repository has been archived by the owner on Sep 3, 2024. It is now read-only.

Latest commit

 

History

History
124 lines (93 loc) · 4.8 KB

jupiterone.md

File metadata and controls

124 lines (93 loc) · 4.8 KB

Kandji Integration with JupiterOne

Kandji + JupiterOne Integration Benefits

  • Visualize Kandji devices and apps in the JupiterOne graph.
  • Monitor changes to Kandji devices and apps using JupiterOne alerts.

How it Works

  • JupiterOne periodically fetches devices and apps from Kandji to update the graph.
  • Write JupiterOne queries to review and monitor updates to the graph, or leverage existing queries.
  • Configure alerts to take action when JupiterOne graph changes, or leverage existing alerts.

Requirements

  • JupiterOne requires an Access Token and Organization API URL. You need permission to create a user in Kandji that will be used to obtain the Access Token and API URL.
  • You must have permission in JupiterOne to install new integrations.

Support

If you need help with this integration, please contact JupiterOne Support.

Integration Walkthrough

In Kandji

  1. Login to your Kandji subdomain.
  • This is usually in the format of https://{subdomain}.kandji.io/
  1. Got to Settings > Access > API Token. If you don't see this, contact the server admin.
  2. Click "Add Token"
  3. Set a token name and description (optional). Once set, make sure to copy the API token. You won't be able to see this again.
  4. Configure API permissions. The Kandji integration needs the following permissions.
  • Device list GET /devices
  • Device details GET /devices/{device_id}/details
  • Application list GET /devices/{device_id}/apps
  1. Once you are finished with configuration, you should be able to see the organization API URL under the API token section.
  2. Use the organization API URL for API_URL and API token for ACCESS_TOKEN

In JupiterOne

  1. From the configuration Gear Icon, select Integrations.
  2. Scroll to the Kandji integration tile and click it.
  3. Click the Add Configuration button and configure the following settings:
  • Enter the Account Name by which you'd like to identify this Kandji account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when Tag with Account Name is checked.
  • Enter a Description that will further assist your team when identifying the integration instance.
  • Select a Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.
  • Enter the Kandji Access Token and Kandji API URL generated for use by JupiterOne. Please make sure that Kandji API URL is entered using the following format https://{yourApiUrl}/api/v1/, adding https:// at the beginning and /api/v1/ at the end of the api URL.
  1. Click Create Configuration once all values are provided.

How to Uninstall

  1. From the configuration Gear Icon, select Integrations.
  2. Scroll to the Kandji integration tile and click it.
  3. Identify and click the integration to delete.
  4. Click the trash can icon.
  5. Click the Remove button to delete the integration.

Data Model

Entities

The following entities are created:

Resources Entity _type Entity _class
Account kandji_account Account
App kandji_app Application
Blueprint kandji_blueprint Configuration
Custom_Profile kandji_profile Configuration
Device kandji_device Device
User kandji_user User

Relationships

The following relationships are created:

Source Entity _type Relationship _class Target Entity _type
kandji_account HAS kandji_device
kandji_device INSTALLED kandji_app
kandji_device ASSIGNED kandji_blueprint
kandji_device ASSIGNED kandji_profile
kandji_device HAS kandji_user