Skip to main content

Critical assets (Deprecated)

Warn

Critical assets have been replaced by JupiterOne smart classes. If you were using Critical assets, your critical asset definition was migrated to a smart class. To recreate it, create a smart class named CriticalAsset.

Critical assets are a grouping of the assets that contain your most crucial data and therefore carry the most risk. They are now expressed as the CriticalAsset smart class: define the queries that determine which assets are critical, and JupiterOne tags matching entities with tag.CriticalAsset and re-evaluates them on a schedule. See smart classes for how to create one and add its queries.

Querying critical assets

JupiterOne uses smart classes to apply asset filters with shorthand syntax. The #CriticalAsset smart class lets you reference your configured critical asset definitions in a query.

For example, to find critical assets with compliance gaps:

FIND #CriticalAsset THAT HAS jupiterone_compliance_gap

Or to find critical assets with findings:

FIND #CriticalAsset THAT HAS Finding

Example definition queries

These queries are useful starting points for the CriticalAsset smart class definition:

FIND (Application | CodeRepo | DataStore | Function | Host | Logs | Secret | Vault) WITH tag.Production = true OR tag.CriticalAsset = true OR classification = "critical"

FIND (Device | Host) THAT RELATES TO (DataStore | Database) WITH (tag.Production = true OR tag.CriticalAsset = true OR classification = 'critical' OR tags ~= 'Production' OR Access = 'Public')

FIND (Device | Host) that (ALLOWS|CONNECTS) (Internet|Everyone)

FIND (Function|Host) THAT PROTECTS Firewall THAT ALLOWS << Internet