Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=managed-risk-critical-assets

Managed Risk critical assets

Managed Risk lets you define some of your assets as critical for your business.

This feature helps our Managed Risk Ops team know which assets to focus on when it reports security vulnerabilities and recommends action. It also helps you get insights quickly by filtering reports to show only the vulnerabilities that affect your critical assets.

Add critical assets

To define critical assets, tag assets seen by previous vulnerability scans.

You can only add one critical asset at a time.

You can add a maximum of 25 critical assets.

To add a critical asset, do as follows:

  1. Make sure you know the IP address or hostname of the asset.

  2. Go to My Products > Managed Risk > Settings.

    Managed Risk Settings menu.

  3. Select the Critical Assets tab.

    Settings page with the Critical Assets tab highlighted.

  4. Click Add Critical Asset.

    Critical Assets list with Add Critical Asset button highlighted.

  5. In the Configure Critical Asset Details slide-out on the right of the page, do as follows:

    1. In Search, enter the IP address or hostname of an asset you want to add. Then select the asset in the search results.

      Note

      Only assets previously seen by vulnerability scans are shown in the search results.

    2. In Description, enter a description of the asset, for example “Web server”.

      You can edit the description later if you want to.

    3. Click Save.

    "Configure Critical Asset Details" slide-out.

    The asset is added to the list on the Critical Assets tab.

Edit or delete critical assets

To edit or delete a critical asset, do as follows:

  1. Go to Managed Risk > Settings and select the Critical Assets tab.

  2. Next to the asset, under Actions, click the three dots icon Three dots icon.

    • Select Edit to edit the asset details. You can only edit the Description.
    • Select Delete to remove the asset from the critical assets list.

    Actions menu.

See whether an asset is critical

You can quickly see in your reports whether an asset is critical.

  1. Go to My Products > Managed Risk > Report History and download a report. For details, see Download reports.

    Make sure you download an HTML format report.

  2. Open the downloaded report.

  3. In the Assets list on the left of the report, hover over an asset name.

    A popover opens.

  4. If the asset is critical, you see a Critical Asset label at the top of the popover.

    For more detail to help identify the asset, see the Critical Asset Description lower in the popover.

    Asset details showing a "Critical Asset" label.

See critical assets with vulnerabilities

To see critical assets affected by vulnerabilties, do as follows:

  1. Go to My Products > Managed Risk > Report History and download a report. For details, see Download reports.

    Make sure you download an HTML format report.

  2. Open the downloaded report.

  3. Under the Assets list on the left of the report, select Show critical assets only.

    Filter to show results for critical assets.

The widgets at the top of the report now show the number of vulnerabilities affecting critical assets and the number of assets affected.

In this example, there are nine vulnerabilities affecting one critical asset.

Widgets showing vulnerabilities and the critical asset they affect.