Critical assets
Critical assets in JupiterOne are a grouping of assets that contain the most crucial data, and administrators can create queries and alerts to quickly access and manage them.
Defining Critical Assets
JupiterOne automatically determines the criteria that define an asset as critical and at risk. However, administrators have the flexibility to edit this definition according to their organization's specific requirements.
To access critical assets, navigate to the Assets section within the JupiterOne dashboard. There you will find two tabs: All Assets and Critical Assets. Clicking on the Critical Assets tab will direct you to the assets within your classified as critical within your environment.
The default critical asset classes include Application, CodeRepo, Datastore, Function, Host, and Logs. Default properties include tag.Production: true, tag.CriticalAsset: true, classification: critical.
Customizing definition of critical
To customize the critical asset definition, click Edit (the gear icon) within the Critical Assets tab to modify the default values. You can utilize asset classes, properties, and other values to define what should be considered critical. Once you've made the necessary changes, click Update Definition to save your modifications.
Querying Critical Assets
To identify critical assets that may have compliance gaps requiring remediation, you can run queries in JupiterOne. For example, you can use the following query syntax: FIND #CriticalAsset THAT HAS jupiterone_compliance_gap to locate critical assets with compliance gaps.
Mapping the Critical Assets Definition
JupiterOne employs smart classes as a mechanism for applying asset filters using shorthand syntax. Within JupiterOne, there is a smart class instance called #CriticalAsset, which you can use to map the configured definition of critical assets.
To retrieve critical assets with findings, you can use the following query: FIND #CriticalAsset THAT HAS Finding. Aside from asset classes listed above, critical assets are also identified based on attributes such as tag.Production = 'true' and classification = 'critical'.
Utilizing Critical Asset Tags
When creating alerts, you can leverage the critical asset tag to ensure that the alert includes relevant findings related to critical assets. This allows you to stay informed about potential issues and vulnerabilities affecting your most important assets.
Conclusion
Managing critical assets in JupiterOne is essential for efficiently safeguarding vital data. By defining, querying, and mapping critical assets within the platform, administrators can effectively identify and address compliance gaps and security risks based on their critical assets. Additionally, utilizing critical asset tags in alerts enhances proactive monitoring and enables timely remediation actions for assets that matter most.