Smart classes are a mechanism for applying a set of asset filters within a shorthand syntax. There are two categories of smart classes: JupiterOne application classes and Tag-derived values. JupiterOne administrators can define critical assets in the Assets app by clicking the gear icon in the Assets title bar.
JupiterOne application classes
Currently, the only supported instance is
#CriticalAsset, which maps to the configured definition of critical assets in the Assets app:
FIND #CriticalAsset that has Finding
The default definition of a critical asset is an entity with one of the following classes:
and the following attributes:
tag.Production = 'true'
classification = 'critical'
These values match entities where the tags of an entity contain the provided smart class (case-sensitive):
FIND #Production Application
Tags are populated via integrations, and can also be added directly to an entity via J1 as enriched data.
For key-value pair tags, the tag value must be
true to match the smart class.
Assuming you have defined a critical asset as per the above default, here are some example smart class queries and their equivalencies.
|Smart class Query||Equivalent Expanded Query|
Returned entities reflect their underlying classes, not the queried smart class.