Table: jumpcloud_device - Query JumpCloud Devices using SQL
JumpCloud Devices are the individual computing assets within the JumpCloud platform. These devices can be any type of computing asset, such as servers, desktops, or laptops, and can run various operating systems, including Windows, Mac, and Linux. The JumpCloud platform allows for centralized device management, enabling administrators to track and control user access, apply security policies, and monitor device status.
Table Usage Guide
The jumpcloud_device
table provides insights into individual devices within the JumpCloud platform. As a system administrator, you can explore device-specific details through this table, including hostname, operating system, and associated user access. Utilize it to uncover information about devices, such as those with specific operating systems, the users associated with each device, and the overall status of each device.
Examples
Basic info
Explore active devices within your network, identifying their operating system, version, and creation date. This query is useful for maintaining an up-to-date inventory and ensuring all devices are running the correct OS versions.
select display_name, serial_number, os, version, active, createdfrom jumpcloud_device;
select display_name, serial_number, os, version, active, createdfrom jumpcloud_device;
List devices with MFA disabled
Explore which devices in your network have multi-factor authentication disabled. This is essential for identifying potential security risks and ensuring all devices comply with security policies.
select display_name, serial_number, os, version, active, createdfrom jumpcloud_devicewhere not allow_multi_factor_authentication;
select display_name, serial_number, os, version, active, createdfrom jumpcloud_devicewhere allow_multi_factor_authentication = 0;
List inactive devices
Explore which devices are inactive in your system. This is useful for identifying unused resources and potentially improving system efficiency.
select display_name, serial_number, os, version, createdfrom jumpcloud_devicewhere not active;
select display_name, serial_number, os, version, createdfrom jumpcloud_devicewhere active = 0;
Get hardware related info
Determine the areas in which hardware-related information is needed to gain insights into device specifications such as CPU type, number of logical and physical cores, hardware model, and version. This can be useful in managing resources, optimizing performance, and planning upgrades.
select display_name, serial_number, device_info ->> 'cpu_type' as cpu_type, device_info ->> 'cpu_logical_cores' as cpu_logical_cores, device_info ->> 'cpu_physical_cores' as cpu_physical_cores, device_info ->> 'hardware_model' as hardware_model, device_info ->> 'hardware_version' as hardware_versionfrom jumpcloud_device;
select display_name, serial_number, json_extract(device_info, '$.cpu_type') as cpu_type, json_extract(device_info, '$.cpu_logical_cores') as cpu_logical_cores, json_extract(device_info, '$.cpu_physical_cores') as cpu_physical_cores, json_extract(device_info, '$.hardware_model') as hardware_model, json_extract(device_info, '$.hardware_version') as hardware_versionfrom jumpcloud_device;
List devices not allowing SSH password authentication
Explore which devices in your network are configured to disallow SSH password authentication. This is useful for enhancing security by identifying devices that rely on more secure authentication methods.
select display_name, serial_number, os, version, createdfrom jumpcloud_devicewhere not allow_ssh_password_authentication;
select display_name, serial_number, os, version, createdfrom jumpcloud_devicewhere allow_ssh_password_authentication = 0;
List devices with Full Disk Encryption (FDE) disabled
Determine the areas in which devices do not have Full Disk Encryption (FDE) enabled. This can be useful in identifying potential security risks and ensuring that all devices comply with company encryption policies.
select display_name, serial_number, os, version, active, createdfrom jumpcloud_devicewhere not (fde -> 'active') :: boolean;
select display_name, serial_number, os, version, active, createdfrom jumpcloud_devicewhere not json_extract(fde, '$.active') = 1;
List the user details of devices
Explore active devices by identifying the user details associated with each one. This can be useful for administrators to monitor device usage and track login activity.
select display_name, serial_number, active, u ->> 'userName' as username, u ->> 'lastLogin' as last_login_at, u ->> 'admin' as is_adminfrom jumpcloud_device, jsonb_array_elements(user_metrics) as u;
select display_name, serial_number, active, json_extract(u.value, '$.userName') as username, json_extract(u.value, '$.lastLogin') as last_login_at, json_extract(u.value, '$.admin') as is_adminfrom jumpcloud_device, json_each(user_metrics) as u;
Schema for jumpcloud_device
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
active | boolean | If true, the device is active. | |
agent_version | text | The JumCloud agent version installed on the device. | |
allow_multi_factor_authentication | boolean | If true, MFA is enabled for the device. | |
allow_public_key_authentication | boolean | If true, the device allows public key authentication. | |
allow_ssh_password_authentication | boolean | If true, the device allows SSH password authentication. | |
allow_ssh_root_login | boolean | If true, the device allows root login using SSH. | |
amazon_instance_id | text | The amazon instance ID. | |
arch | text | The CPU that a Linux distribution runs on. | |
connection_history | jsonb | The device connection history. | |
created | timestamp with time zone | The time when the device was created. | |
device_info | jsonb | Specifies the device information. | |
display_name | text | Display name of the device. | |
fde | jsonb | Indicates if the full disk encryption is active in the system. | |
file_system | text | The device's file system. | |
has_service_account | boolean | If true, device has service accounts. | |
hostname | text | The hostname of the device. | |
id | text | = | A unique identifier JumpCloud generated for the device. |
last_contact | timestamp with time zone | The time when the device was last scanned. | |
mdm | jsonb | Specifies the mobile device management (MDM) configuration where the device is enrolled. | |
modify_sshd_config | boolean | If true, device allows to modify the SSHD config file. | |
network_interfaces | jsonb | Specifies the list of network interface. | |
organization_id | text | =, !=, ~~, ~~*, !~~, !~~* | Specifies the ID of the organization. |
os | text | The operating system installed in the device. | |
os_family | text | Specifies the OS family. | |
remote_ip | inet | The remote IP address of the device. | |
serial_number | text | The serial number of the device. | |
service_account_state | jsonb | Specifies the service account state information. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
ssh_root_enabled | boolean | If true, device is allowed to perform SSH on root. | |
sshd_params | jsonb | Specifies the list of SSHD config params of the device. | |
system_insights | jsonb | Specifies the system_insights. | |
system_timezone | bigint | Specifies the area timezone of the device. | |
system_token | text | Specifies the system token used to enroll the device. | |
tags | jsonb | A list of tags assigned to the device. | |
template_name | text | Specifies the device template. | |
title | text | Title of the resource. | |
user_metrics | jsonb | Specifies a list of user metrics. | |
username_hashes | jsonb | Specifies the username hashes of the device. | |
version | text | The current OS version installed on the device. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- jumpcloud
You can pass the configuration to the command with the --config
argument:
steampipe_export_jumpcloud --config '<your_config>' jumpcloud_device