Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
Understanding Critical Assets - AskJ1 Community
<main> <article class="userContent"> <p>Critical assets is a class of asset for which you can create queries and alerts to quickly access the most crucial data. By default, JupiterOne determines which criteria defines an asset as the most important and, therefore, the most at risk but an administrator can edit this definition.</p> <h2 data-id="quick-filtering-the-critical-assets">Quick Filtering the Critical Assets</h2> <p>In J1 Assets, there are two tabs: All Assets and Critical Assets. Click the <strong>Critical Assets</strong> tab at the top of the page to go directly to the most important of your assets.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/ERMUMI5JPZ0P/assets-landing.png" alt="" class="embedImage-img importedEmbed-img"></img></p> <p>Click <img src="denied:C:\Users\lynch\OneDrive\Documents\GitHub\docs\knowledgeBase\assets\icons\gear.png" alt="" class="embedImage-img importedEmbed-img"></img> to edit the critical asset definition default values. You can use classes, properties, and values to define what is critical.</p> <p><img src="https://us.v-cdn.net/6035534/uploads/2XMUPSEA025G/asset-definition.png" alt="" class="embedImage-img importedEmbed-img"></img></p> <p>Add asset classes and properties that your organization considers a critical asset, and click <strong>Update Definition</strong>. Default critical asset classes include <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Application</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">CodeRepo</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Datastore</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Function</code>, <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Host</code>, and <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">Logs</code>.</p> <h2 data-id="query-critical-assets">Query Critical Assets</h2> <p>To know which critical assets related to compliance gaps may need remediation, you can run queries such as: <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">find #CriticalAsset that has jupiterone_compliance_gap</code> as shown in this example:</p> <p><img src="https://us.v-cdn.net/6035534/uploads/DZAFDND5TU0J/problems-query.png" alt="" class="embedImage-img importedEmbed-img"></img></p> <h2 data-id="mapping-the-critical-assets-definition">Mapping the Critical Assets Definition</h2> <p>J1 uses <a rel="nofollow" href="../jupiterOne-query-language_(J1QL)/jupiterOne-query-language.md#smart-classes-beta">smart classes</a> as a mechanism for applying a set of asset filters with a shorthand syntax. The J1 application smart class has an instance called <code class="code codeInline code codeInline" spellcheck="false" tabindex="0">#CriticalAsset</code>. You can use this instance to map to the configured definition of critical assets in J1 Assets:</p> <pre class="code codeBlock" spellcheck="false" tabindex="0">FIND #CriticalAsset that has Finding </pre> <p>The default definition of a critical asset is an entity with one of the following classes:</p> <ul><li>Application</li> <li>CodeRepo</li> <li>DataStore</li> <li>Function</li> <li>Host</li> <li>Logs</li> </ul><p>and the following attributes:</p> <ul><li>tag.Production = 'true'</li> <li>classification = 'critical'</li> </ul><h2 data-id="critical-asset-tag">Critical Asset Tag</h2> <p>When <a rel="nofollow" href="https://jupiterone.vanillacommunities.com/kb/articles/940-alerts-and-alert-rules">creating alerts</a>, you can use the critical asset tag when you want the alert to include critical asset findings.</p> </article> </main>