Critical assets (Deprecated)
Critical assets have been replaced by JupiterOne smart classes. If you were using Critical assets, your critical asset definition was migrated to a smart class. To recreate it, create a smart class named CriticalAsset.
Critical assets are a grouping of the assets that contain your most crucial data and therefore carry the most risk. They are now expressed as the CriticalAsset smart class: define the queries that determine which assets are critical, and JupiterOne tags matching entities with tag.CriticalAsset and re-evaluates them on a schedule. See smart classes for how to create one and add its queries.
Querying critical assets
JupiterOne uses smart classes to apply asset filters with shorthand syntax. The #CriticalAsset smart class lets you reference your configured critical asset definitions in a query.
For example, to find critical assets with compliance gaps:
FIND #CriticalAsset THAT HAS jupiterone_compliance_gap
Or to find critical assets with findings:
FIND #CriticalAsset THAT HAS Finding
Example definition queries
These queries are useful starting points for the CriticalAsset smart class definition:
FIND (Application | CodeRepo | DataStore | Function | Host | Logs | Secret | Vault) WITH tag.Production = true OR tag.CriticalAsset = true OR classification = "critical"
FIND (Device | Host) THAT RELATES TO (DataStore | Database) WITH (tag.Production = true OR tag.CriticalAsset = true OR classification = 'critical' OR tags ~= 'Production' OR Access = 'Public')
FIND (Device | Host) that (ALLOWS|CONNECTS) (Internet|Everyone)
FIND (Function|Host) THAT PROTECTS Firewall THAT ALLOWS << Internet