Critical assets
Critical assets in JupiterOne are a grouping of assets that contain the most crucial data, and administrators can create queries and alerts to quickly access and manage them.
Defining Critical Assets
JupiterOne recommends a number of queries that define the criteria of what is a critical asset and therefore a asset with increased risk. However, administrators have the flexibility to edit these definitions and recomendations according to their organization's specific requirements.
To access critical assets, navigate to the Assets application within the JupiterOne. There you will find a call out for your Critical Assets, by clicking on Critical Assets you will be directed you to the assets within your environment classified as critical as well as what you currently have for queries defining these as critical.
Note: Once you define your critical assets via queries this will add a tag.CriticalAssetto the entity. Everyday your Critical Asset Definition Queries will evaluate to remove or add this designation in your inventory based on the queries results.
Customizing definitions of critical
To customize the critical asset definition, click New Query within the Critical Assets area of Assets. You can utilize the full power of J1QL define what should be considered critical. Once you've made the necessary changes, click Create to save your new definition. You can always come back to these Critical Asset Definition Queries to customize, edit, or delete. All recommendations can be customized with J1QL as well to meet your needs.
Here within the application you will see critical asset query recommendations like the ones below to help you get started:
FIND (Application | CodeRepo | DataStore | Function | Host | Logs | Secret | Vault)
WITH tag.Production = true OR tag.CriticalAsset = true OR classification = "critical"
FIND (Device | Host)
THAT RELATES TO (DataStore | Database)
WITH (tag.Production = true OR tag.CriticalAsset = true
OR classification = 'critical' OR tags ~= 'Production'
OR Access = 'Public')
FIND (Device | Host)
that (ALLOWS|CONNECTS) (Internet|Everyone)
FIND (Device | Host)
WITH (tag.Production = true
OR tag.CriticalAsset = true
OR classification = 'critical'
OR tags ~= 'Production')
FIND (Function|Host)
THAT PROTECTS Firewall
THAT ALLOWS << Internet
Querying Critical Assets
To identify critical assets that may have compliance gaps requiring remediation, you can run queries in JupiterOne. For example, you can use the following query syntax: FIND #CriticalAsset THAT HAS jupiterone_compliance_gap to locate critical assets with compliance gaps.
Mapping the Critical Assets Definition
JupiterOne employs smart classes as a mechanism for applying asset filters using shorthand syntax. Within JupiterOne, there is a smart class instance called #CriticalAsset, which you can use to map the configured definitions of your critical assets.
For example, to retrieve critical assets with findings, you can use the following query: FIND #CriticalAsset THAT HAS Finding.
Conclusion
Managing critical assets in JupiterOne is essential for efficiently safeguarding vital data. By defining, querying, and mapping critical assets within the platform, administrators can effectively identify and address compliance gaps and security risks based on their critical assets.