The asset criticality feature allows you to classify your organization’s entities based on various operational factors that are important to your organization. Through this classification, you can improve your threat detection capabilities by focusing your alert triage, threat-hunting, and investigation activities on high-impact entities.

You can assign one of the following asset criticality levels to your entities, based on their impact:

For example, you can assign Extreme impact to business-critical entities, or Low impact to entities that pose minimal risk to your security posture.

View and assign asset criticalityedit

Entities do not have a default asset criticality level. You can view, assign, and change asset criticality from the following places in the Elastic Security app:

Improve your security operationsedit

With asset criticality, you can improve your security operations by:

Prioritize open alertsedit

You can use asset criticality as a prioritization factor when triaging alerts and conducting investigations and response activities.

Once you assign a criticality level to an entity, all subsequent alerts related to that entity are enriched with its criticality level. This additional context allows you to prioritize alerts associated with business-critical entities.

Monitor an entity’s riskedit

The risk scoring engine dynamically factors in an entity’s asset criticality, along with Open and Acknowledged detection alerts to calculate the entity’s overall risk score. This dynamic risk scoring allows you to monitor changes in the risk profiles of your most sensitive entities, and quickly escalate high-risk threats.

To view the impact of asset criticality on an entity’s risk score, follow these steps: