Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.14] Asset criticality file upload (backport #5112) #5129

Merged
merged 1 commit into from
Apr 25, 2024
Merged

[8.14] Asset criticality file upload (backport #5112) #5129

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 40 additions & 1 deletion docs/advanced-entity-analytics/asset-criticality.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,9 @@ For example, you can assign **Extreme impact** to business-critical entities, or
[discrete]
== View and assign asset criticality

Entities do not have a default asset criticality level. You can view, assign, change, or unassign asset criticality from the following places in the {elastic-sec} app:
Entities do not have a default asset criticality level. You can either assign asset criticality to your entities individually, or <<bulk-assign-asset-criticality, bulk assign>> it to multiple entities by importing a text file.

You can view, assign, change, or unassign asset criticality from the following places in the {elastic-sec} app:

* The <<host-details-page, host details page>> and <<user-details-page, user details page>>:
+
Expand All @@ -43,6 +45,43 @@ image::images/assign-asset-criticality-host-flyout.png[Assign asset criticality
[role="screenshot"]
image::images/assign-asset-criticality-timeline.png[Assign asset criticality from the host details flyout in Timeline]

[discrete]
[[bulk-assign-asset-criticality]]
=== Bulk assign asset criticality

You can bulk assign asset criticality to multiple entities by importing a CSV, TXT or TSV file from your asset management tools.

The file must contain three columns, with each entity record listed on a separate row:

. The first column should indicate whether the entity is a `host` or a `user`.
. The second column should specify the entity's `host.name` or `user.name`.
. The third column should specify one of the following asset criticality levels:
** `extreme_impact`
** `high_impact`
** `medium_impact`
** `low_impact`

The maximum file size is 1 MB.

File structure example:

[source,txt]
--------------------------------------------------
user,user-001,low_impact
user,user-002,medium_impact
host,host-001,extreme_impact
--------------------------------------------------

To import a file:

. Go to **Manage** → **Asset criticality**.
. Select or drag and drop the file you want to import.
+
NOTE: The file validation step highlights any lines that don't follow the required file structure. The asset criticality levels for those entities won't be assigned. We recommend that you fix any invalid lines and re-upload the file.
. Click **Assign**.

This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows and will impact entity risk scores during the next risk scoring calculation.

[discrete]
== Improve your security operations

Expand Down