AMA: J1 Query showing 2FA not Enabled

circle
circle

AMA is an ongoing series published each Thursday, highlighting questions the community has asked in our support and how-to channels on Slack. If you haven't already done so, please join us on Slack 

J1_Ambassador Hunter @2x

"Is there a JupiterOne query that will show which accounts do not have 2fA enabled?"

--Question from Mark on the J1 Community Slack

 

Answer from Akash, Director, Solutions Architecture

Hi Mark.

If a company treats their employees’ users and access as cyber assets and manages their user and access reviews (UARs) in JupiterOne, they can be made aware of accounts that do not have MFA enabled. It’s a very hindsight 20-20 type of response, however. This exposes the importance of User Access Reviews and how a tool like JupiterOne can serve as the source of truth for all data in the security program.

A simple query such as Find User with mfaEnabled != true can search your data for any inconsistencies, and allow teams to automate and proactively monitor and alert on these types of situations. That applies to legacy systems we don’t natively integrate with, also.

Using this process is effective, but requires a commitment from the business to implement and maintain. Hope that helps. -- Akash

Articles in this series

  1. AMA: JupiterOne and PagerDuty WebHooks
  2. AMA: Export YAML Files for Vendors Pulled from SSO Providers
  3. AMA: Map Controls and Frameworks Relationships
  4. AMA: How to Track Professional Associations, Security Forums, and Threat Intel Sources
  5. AMA: Find AWS Instances by their Private IP Address
  6. AMA: SSO Integrated Authentication, Move to Another Role
  7. AMA: send-mail action to map two properties
  8. AMA: Setup the Policy Accept Button
  9. AMA: Match a blank field in J1QL
  10. AMA: Track and Alert Using Firewall Rules Matrix
  11. AMA: AWS Roles not used for 90 days, and date related queries
  12. AMA: Manage Alerts for Jira through J1 Terraform Provider
  13. AMA: Filter Results from Specific AWS Accounts
  14. AMA: Iterate and return total count of iam users per account
  15. AMA: Search for security groups by tag
  16. AMA: Identify S3 Buckets Open to Cross-Account Attacks
  17. AMA: Resources for J1 DevOps Use Cases
  18. AMA: Sub-Queries in J1QL
  19. AMA: What permissions are needed for AWS
  20. AMA: How to disable a policy

Resources for this AMA

avatar

Posted By Akash Ganapathi

Akash Ganapathi comes from an enterprise security, data privacy, and data analysis background, working exclusively in the B2B software solutions space throughout his career. He is currently a Principal Security Solutions Architect at JupiterOne.

To hear more from Akash, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

PREVIOUS ARTICLE

cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.