Many of our customers tell us that, once other teams find out about the kinds of asset data and insights found in JupiterOne, they get peppered with all sorts of questions. The coolest stories are the ones who respond to those questions by saying “Here, let me JupiterOne that for you.” Like any company, we’re all about our name becoming a verb. Who hasn’t said “I’ll Google that” or “Can I Venmo you?” (It’s a shame you can’t Tweet anymore. RIP the platform formerly known as Twitter.)
We’re also all about providing answers to every question your team has, ranging from the “hard-to-answer” to the “just-curious.” We announced in our most recent product update that we’ve made answering those questions as simple as, well, asking a question. We’re excited to share that natural language search is now available for all JupiterOne users. Our AI-powered search enhancements make it even easier to find critical asset data and answer complex security questions using the JupiterOne platform.
The evolution of search in JupiterOne
JupiterOne aggregates, correlates, and normalizes data about your environment from hundreds of different sources. We map all of that data, highlighting important relationships, exposing critical risks, and revealing business context through our cyber asset analysis. Given the increasing complexity of the data, infrastructure, and technology stack for the majority of our customers, we knew that getting actionable data back could potentially be a challenge they would benefit greatly from overcoming.
Because of this, we created a powerful domain-specific query language, JupiterOne Query Language (J1QL), to help you explore your asset data and discover insights about incidents, security gaps, vulnerabilities, and compliance drift. This level of insight, found by analyzing information about assets in the context of your cyber infrastructure, wouldn’t be achievable without J1QL.
We’re constantly looking for ways to incorporate advances in technology into our platform to improve its capability and value for our users. In addition, as we’ve grown, our platform usage has expanded beyond security teams to other business units including compliance and IT. Whether it’s non-technical users, busy security analysts who have a never-ending backlog of alerts to investigate, or the everyday engineer who just needs their tools to work, we wanted a solution that would provide value to everyone.
Over the years we’ve created a visual drag-and-drop query builder, a library of hundreds of pre-built questions, and dozens of curated insights dashboards to help everyone find the data they need in JupiterOne. But even with multiple search options available, we weren’t satisfied. We know it’s much easier to just type in a question like you would in Google search or ChatGPT, so that’s what we set out to do.
Enter LLMs, generative AI, and natural language search
Our new natural language search, powered by J1 AI, is able to understand text-based questions and return the exact query you need to find the answers to complex security problems. Finding critical business context about your cyber assets and security gaps is really that simple.
How natural language questions work in the JupiterOne platform
Say for example that you’re looking for information on encrypted S3 buckets in AWS for a certain region.
Just look for the Ask J1 search bar inside JupiterOne, click, and start typing.
- You type in the question:
- JupiterOne generates the query:
- You get instant answers:
Modifying queries and iterating as you go
As we studied user behavior in JupiterOne, we’ve found that many people are iteratively querying - searching for something, seeing the structure of the data in the response, then iterating on their query based on the data. We intentionally designed natural language questions to allow for this. The queries generated by J1 AI can be updated or modified before running them for even more specificity.
Let’s look at another example. This time you want to identify any recently created S3 buckets in AWS. JupiterOne translates this into J1QL, and sets the time frame to 7 days. If you need to look at a longer or shorter timeline, simply modify the query and press run, and we’ll re-run the query and return new results.
If you wanted to extend the time period for the search, you could change the end value instead, for example, to “> date.now-30days”.
What can’t J1 AI do?
While we’re excited about all of the new usability enhancements that are powered by J1 AI, there are certain limitations on what you can and can’t do with natural language search.
- A bad prompt will likely give you a bad output. The same principles as Google search or ChatGPT apply here. If a human can’t figure out how to answer the question, neither can our system. Like the saying goes, “Garbage in, garbage out.”
- Vague questions can be hard to answer. For example, if you were to type “Are any of my devices running an outdated OS?” we could not return an answer. To get the best results, you’d need to first identify the specific version of the operating system, and then ask the question.
- JupiterOne can’t answer questions that aren’t related to the data in your environment. Unfortunately, if you were to ask “What is the meaning of life?” we wouldn’t be able to give you an answer.
(If you’d like to grab a cup of coffee or a dram of whiskey to discuss the meaning of life over Zoom or at our next event, I’d be happy to chat with you. I’m by no means a psychologist or philosopher, but if you’re sitting at your desk asking a security tool the meaning of life, let’s talk. We’ve all been there, and I’m here for you. You can reach me at securityphilosopher@jupiterone.com.)
Taking natural language search for a test drive
Next time you log into JupiterOne, click on the search bar in the top nav, and try out some of these questions.
- What s3 buckets do I have?
- What new IAM users have been created recently?
- Show me how many user accounts of each type there are and sort them by count.
- What devices are not protected by a host agent?
- What AWS resources does Okta user “jane.smith@company.com” have access to?
- Who has installed non compliant software on their device?
As always we welcome any feedback. Please use the 👍 or 👎 buttons to give us feedback in the product as to whether or not the generated query satisfied your question. Our development team will continue to iterate on this functionality and improve the responses over time. You can always contact your customer success manager as well if you’d like a deeper dive on the best way to formulate questions to get the best results with JupiterOne.
What about data privacy and training the AI?
Artificial intelligence requires a certain level of training and information sharing to be useful, but we also know that privacy, especially around sensitive business infrastructure and assets, is important. AskJ1 AI uses GPT-4 and prompt engineering focused on JupiterOne documentation, data models, and blogs.
We are not training an AI model, nor are we sharing customer data with OpenAI. The only details we pass to OpenAI are the [user entered prompts] and that information is not linked back to an account ID or other identifiable information. We do not share customer data outside of JupiterOne and commit to never doing so. If you would like to read more about our data usage, click here.
Leveraging JupiterOne as the go-to data repository for your security org
Security and deep insights fueled by asset analysis - in other words, simplifying security with visibility and context - is at the core of why we built JupiterOne. Answering questions about your enterprise environment as simply as typing a question into Google or ChatGPT is key to delivering on that promise.
By leveraging the latest technology in generative AI and natural language search, we’re helping you save time while effectively triaging alerts, understanding your environment, and reducing your overall risk. Natural language search is just the beginning of the journey for J1 AI. We’ll continue to share more about these exciting enhancements as they become available to all of our users.
If you aren’t already using JupiterOne and want to see it in action, please contact our team today to schedule a demo.
