Smart classes
Smart classes are a mechanism for applying a set of asset filters within a shorthand syntax. JupiterOne administrators can create smart classes in the Assets app by navigating to the smart classes sub section.
For detailed information covering setting up smart classes, see our smart classes page.
Querying Smart Classes
Smart classes should be considered as a subgraph of your entire graph that only contains entities with additional context captured in the smart class. The additional context can be business-related, like asset criticality or owner group, or technical, like whether the assets are EOL or publicly accessible. When building your posture management, vulnerability management, or compliance use cases, you can use the following query patterns to only query for assets that are in your smart class.
Using Smart Class Instance
The first way to query smart classes is by directly referring to the smart class. Smart classes are queryable by using the hash character before the name of the smart class. Some example queries that follow this pattern include:
FIND #Sev1FIND Finding THAT HAS #Sev1
Using Smart Classes as a Filter
Beyond directly referencing the smart class as in the above example, it is also possible to use the smart class as a filter. For example, if you are only interested in your DataStores with a certain criticality, you could use the following queries:
FIND #Sev1 DataStoreFIND AccessRole THAT ALLOWS #Sev1 aws_s3_bucket
Using Smart Class Tags
Finally, smart classes can also be referenced by using tags. This is helpful if you want to find entities that belong to multiple smart classes. For example, if you want to find public entities that belong to a certain severity level, you can run the following queries:
FIND DataStore WITH tag.Sev1=true AND tag.Public=true