Skip to main content

Critical assets

Critical assets in JupiterOne are a grouping of assets that contain the most crucial data, and administrators can create queries and alerts to quickly access and manage them.

Critical Asset Page

Defining Critical Assets

JupiterOne recommends a number of queries that define the criteria of what is a critical asset and therefore a asset with increased risk. However, administrators have the flexibility to edit these definitions and recomendations according to their organization's specific requirements.

To access critical assets, navigate to the Assets application within the JupiterOne. There you will find a call out for your Critical Assets, by clicking on Critical Assets you will be directed you to the assets within your environment classified as critical as well as what you currently have for queries defining these as critical.

Note: Once you define your critical assets via queries this will add a tag.CriticalAssetto the entity. Everyday your Critical Asset Definition Queries will evaluate to remove or add this designation in your inventory based on the queries results.

Customizing definitions of critical

To customize the critical asset definition, click New Query within the Critical Assets area of Assets. You can utilize the full power of J1QL define what should be considered critical. Once you've made the necessary changes, click Create to save your new definition. You can always come back to these Critical Asset Definition Queries to customize, edit, or delete. All recommendations can be customized with J1QL as well to meet your needs.

Query Definition Modal

Here within the application you will see critical asset query recommendations like the ones below to help you get started:

FIND (Application | CodeRepo | DataStore | Function | Host | Logs | Secret | Vault) WITH tag.Production = true OR tag.CriticalAsset = true OR classification = "critical"

FIND (Device | Host) THAT RELATES TO (DataStore | Database) WITH (tag.Production = true OR tag.CriticalAsset = true OR classification = 'critical' OR tags ~= 'Production' OR Access = 'Public')

FIND (Device | Host) that (ALLOWS|CONNECTS) (Internet|Everyone)

FIND (Device | Host) WITH (tag.Production = true OR tag.CriticalAsset = true OR classification = 'critical' OR tags ~= 'Production')

FIND (Function|Host) THAT PROTECTS Firewall THAT ALLOWS << Internet

Querying Critical Assets

To identify critical assets that may have compliance gaps requiring remediation, you can run queries in JupiterOne. For example, you can use the following query syntax: FIND #CriticalAsset THAT HAS jupiterone_compliance_gap to locate critical assets with compliance gaps.

Mapping the Critical Assets Definition

JupiterOne employs smart classes as a mechanism for applying asset filters using shorthand syntax. Within JupiterOne, there is a smart class instance called #CriticalAsset, which you can use to map the configured definitions of your critical assets.

For example, to retrieve critical assets with findings, you can use the following query: FIND #CriticalAsset THAT HAS Finding.


Managing critical assets in JupiterOne is essential for efficiently safeguarding vital data. By defining, querying, and mapping critical assets within the platform, administrators can effectively identify and address compliance gaps and security risks based on their critical assets.