De Morgan's Law in JupiterOne

by

If you recently read about the breaking fix JupiterOne introduced to maintain J1QL language correctness as defined by De Morgan's Law you may have found yourself in need of a refresher of the operations available in J1QL queries. The JupiterOne platform has several methods available to leverage operators to filter your query results.

Selecting multiple entities or relationships:
( class/type_1 | class/type_2 ) 

Comparing properties:
AND OR  

Why did JupiterOne introduce this change?

JupiterOne strives to align with standard mathematical theory in our query language. J1 has updated J1QL to adhere to De Morgan's Law, which explains that the complement of the product of all the terms is equal to the sum of the complement of each term. The laws are named after Augustus De Morgan who formally defined the law.

How does this change impact J1QL?

This update to J1QL means customers may notice a difference in their query results when using a != followed by a set of arguments offset by parenthesis. 

Prior behavior:

`!= (A and B and C)` is equivalent to `!= A and !=B and != C`

Updated behavior following De Morgan's Law

`!= (A and B and C)` is equivalent to the expression`!= A or != B or != C'

Examples for string, boolean, number, and date operations"

~=  : Contains
Snyk findings with titles containing "Code Execution" (Remote Code Execution, Arbitrary Code Execution, etc.)

FIND snyk_finding WITH displayName~="Code Execution"

 

^=  : Starts with
Endpoints or instances with IPs in the 10.15.0.0/16 range

FIND (Host|Device) WITH ipAddress^='10.50'

 

$=  : Ends with
Certificates that have a SAN with the "jupiterone.com" domain

FIND Certificate with subject$="jupiterone.com"

 

!=  : Does not equal
Data Storage entities without data-at-rest encryption enabled

FIND DataStore WITH encrypted!=true

 

!~= : Does not contain
Hosts without demo in their AccountName Tag

FIND Host WITH tag.AccountName!~='demo'

 

!^= : Does not start with
Lambda functions not use "nodejs" runtimes  

FIND aws_lambda_function WITH runtime!^="nodejs"

 

!$= : Does not end with
Employees with emails not using the jupiterone.com domain

€‹ €‹FIND employee WITH email!$="jupiterone.com"

 

Examples for number and date operations:

> < >= <=

Date Comparison:

date.now : today
Date Units:

  • hour, hr, hours, hrs
  • day, days
  • month, mo, months, mos
  • year, yr, years, yrs
  • + or - for date comparison 

Example: New hires over the last 12 months

FIND employee WITH _createdOn > date.now-12months

 

Conclusion

There are many to precisely filter within your query, so be sure your query leverages the right operation for the right question. If you have any questions, please feel free to pose them in the J1 Community Slack or reach out to your CSM directly.

Tony Ramirez and Jayson Jensen
CSM Team, JupiterOne

Tony Ramirez
Tony Ramirez

Tony is a Senior Customer Success Engineer at JupiterOne. Prior to joining JupiterOne, Tony consulted in the AppSec space, pentesting and training security practitioners in how to perform security assessments. He regularly attends and speaks at OWASP, DevSecOps and other security events across the country. He is also the creator of Cybrary’s “Mobile Application Security” series.

Keep Reading

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

Introducing Continuous Controls Monitoring (CCM) | JupiterOne
November 7, 2024
Blog
Introducing Continuous Controls Monitoring (CCM)

CCM delivers real-time visibility, proactive risk management, and streamlined compliance for security.

Now Available: JupiterOne’s Public Postman Workspace | JupiterOne
October 31, 2024
Blog
Now Available: JupiterOne’s Public Postman Workspace

Explore JupiterOne’s Public Postman Workspace to streamline your workflows and enhance your security operations.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.