Asset criticality file upload (#5112) (#5129)

(cherry picked from commit 9f11b59) Co-authored-by: natasha-moore-elastic <[email protected]>
elastic · Apr 25, 2024 · 7e60170 · 7e60170
1 parent b447ff4
commit 7e60170
Showing 1 changed file with 40 additions and 1 deletion.
diff --git a/docs/advanced-entity-analytics/asset-criticality.asciidoc b/docs/advanced-entity-analytics/asset-criticality.asciidoc
@@ -26,7 +26,9 @@ For example, you can assign **Extreme impact** to business-critical entities, or
 [discrete]
 == View and assign asset criticality
 
-Entities do not have a default asset criticality level. You can view, assign, change, or unassign asset criticality from the following places in the {elastic-sec} app:
+Entities do not have a default asset criticality level. You can either assign asset criticality to your entities individually, or <<bulk-assign-asset-criticality, bulk assign>> it to multiple entities by importing a text file.
+
+You can view, assign, change, or unassign asset criticality from the following places in the {elastic-sec} app:
 
 * The <<host-details-page, host details page>> and <<user-details-page, user details page>>:
 +
@@ -43,6 +45,43 @@ image::images/assign-asset-criticality-host-flyout.png[Assign asset criticality
 [role="screenshot"]
 image::images/assign-asset-criticality-timeline.png[Assign asset criticality from the host details flyout in Timeline]
 
+[discrete]
+[[bulk-assign-asset-criticality]]
+=== Bulk assign asset criticality
+
+You can bulk assign asset criticality to multiple entities by importing a CSV, TXT or TSV file from your asset management tools.
+
+The file must contain three columns, with each entity record listed on a separate row:
+
+. The first column should indicate whether the entity is a `host` or a `user`.
+. The second column should specify the entity's `host.name` or `user.name`.
+. The third column should specify one of the following asset criticality levels:
+** `extreme_impact`
+** `high_impact`
+** `medium_impact`
+** `low_impact`
+
+The maximum file size is 1 MB.
+
+File structure example:
+
+[source,txt]
+--------------------------------------------------
+user,user-001,low_impact
+user,user-002,medium_impact
+host,host-001,extreme_impact
+--------------------------------------------------
+
+To import a file:
+
+. Go to **Manage** → **Asset criticality**.
+. Select or drag and drop the file you want to import.
++
+NOTE: The file validation step highlights any lines that don't follow the required file structure. The asset criticality levels for those entities won't be assigned. We recommend that you fix any invalid lines and re-upload the file.
+. Click **Assign**. 
+
+This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows and will impact entity risk scores during the next risk scoring calculation.
+
 [discrete]
 == Improve your security operations