Smart classes
Smart classes are a mechanism for applying a set of asset filters within a shorthand syntax. There are two categories of smart classes: JupiterOne application classes and Tag-derived values. JupiterOne administrators can define critical assets in the Assets app by clicking the gear icon in the Assets title bar.
JupiterOne application classes
Currently, the only supported instance is #CriticalAsset
, which maps to the configured definition of critical assets in the Assets app:
FIND #CriticalAsset that has Finding
The default definition of a critical asset is an entity with one of the following classes:
- Application
- CodeRepo
- DataStore
- Function
- Host
- Logs
and the following attributes:
tag.Production = 'true'
classification = 'critical'
Tag-derived values
These values match entities where the tags of an entity contain the provided smart class (case-sensitive):
FIND #Production Application
Tags are populated via integrations, and can also be added directly to an entity via J1 as enriched data.
For key-value pair tags, the tag value must be true
to match the smart class.
Assuming you have defined a critical asset as per the above default, here are some example smart class queries and their equivalencies.
Smart class Query | Equivalent Expanded Query |
---|---|
FIND #CriticalAsset | FIND * WITH ((_class = ('Application' or 'CodeRepo' or 'DataStore' or 'Function' or 'Host' or 'Logs') and (tag.Production = true and classification = 'critical')) or tags = 'CriticalAsset' ) |
FIND #CriticalAsset THAT HAS Finding | FIND * WITH ((_class = ('Application' or 'CodeRepo' or 'DataStore' or 'Function' or 'Host' or 'Logs') and (tag.Production = true and classification = 'critical')) or tags = 'CriticalAsset') THAT HAS Finding |
FIND Finding THAT RELATES TO #CriticalAsset | FIND Finding THAT HAS * WITH ((_class = ('Application' or 'CodeRepo' or 'DataStore' or 'Function' or 'Host' or 'Logs') and (tag.Production = true and classification = 'critical')) or tags = 'CriticalAsset') |
FIND #Production Application | FIND Application WITH tags = 'Production' |
Returned entities reflect their underlying classes, not the queried smart class.