Skip to main content

Smart classes

Smart classes are a mechanism for applying a set of asset filters within a shorthand syntax. There are two categories of smart classes: JupiterOne application classes and Tag-derived values. JupiterOne administrators can define critical assets in the Assets app by clicking the gear icon in the Assets title bar.

JupiterOne application classes

Currently, the only supported instance is #CriticalAsset, which maps to the configured definition of critical assets in the Assets app:

FIND #CriticalAsset that has Finding

The default definition of a critical asset is an entity with one of the following classes:

  • Application
  • CodeRepo
  • DataStore
  • Function
  • Host
  • Logs

and the following attributes:

  • tag.Production = 'true'
  • classification = 'critical'

Tag-derived values

These values match entities where the tags of an entity contain the provided smart class (case-sensitive):

FIND #Production Application

Tags are populated via integrations, and can also be added directly to an entity via J1 as enriched data.

note

For key-value pair tags, the tag value must be true to match the smart class.

Assuming you have defined a critical asset as per the above default, here are some example smart class queries and their equivalencies.

Smart class QueryEquivalent Expanded Query
FIND #CriticalAssetFIND * WITH ((_class = ('Application' or 'CodeRepo' or 'DataStore' or 'Function' or 'Host' or 'Logs') and (tag.Production = true and classification = 'critical')) or tags = 'CriticalAsset')
FIND #CriticalAsset THAT HAS FindingFIND * WITH ((_class = ('Application' or 'CodeRepo' or 'DataStore' or 'Function' or 'Host' or 'Logs') and (tag.Production = true and classification = 'critical')) or tags = 'CriticalAsset') THAT HAS Finding
FIND Finding THAT RELATES TO #CriticalAssetFIND Finding THAT HAS * WITH ((_class = ('Application' or 'CodeRepo' or 'DataStore' or 'Function' or 'Host' or 'Logs') and (tag.Production = true and classification = 'critical')) or tags = 'CriticalAsset')
FIND #Production ApplicationFIND Application WITH tags = 'Production'

Returned entities reflect their underlying classes, not the queried smart class.

Contents