--- title: Critical Assets description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Datadog Security > Cloud SIEM > Detect and Monitor > Critical Assets --- # Critical Assets Available for: {% icon name="icon-siem" /%} Cloud SIEM | {% icon name="icon-cloud-security-management" /%} Workload Protection | {% icon name="icon-app-sec" /%} App and API Protection ## Overview{% #overview %} Critical Assets lets you adjust the severity of security signals based on the assets they affect. This helps analysts prioritize signals according to the business importance of the impacted asset by increasing, decreasing, or maintaining the default severity. For each asset, you can adjust severity levels, apply custom tags, and isolate changes to specific rules. ### How it works{% #how-it-works %} - If multiple critical assets are set to adjust a security signal's severity levels, the signal automatically takes the higher severity level. For example, if one critical asset sets the severity to `MEDIUM` and another sets it to `HIGH`, the severity is `HIGH`. - If multiple critical assets are set to perform the same action on a security signal's severity levels, the action only applies once. For example, if two separate critical assets are set to increase the severity level of a signal that's set to `MEDIUM`, it only increases once to `HIGH`, not again to `CRITICAL`. ## Create a critical asset{% #create-a-critical-asset %} 1. In Datadog, go to **Security** > **Settings** > [**Critical Assets**](https://app.datadoghq.com/security/configuration/critical-assets), then click **Create Critical Asset**. The Create Critical Asset window opens. 1. Under **Define Asset**, enter a query to define the asset. 1. Under **Choose Severity Adjustment**, choose how you want to adjust the severity for security signals associated with the asset. - Choose **Increase** or **Decrease** to start with the default severity level, then increase or decrease the severity by one level. - Choose **Maintain** to retain the default severity level. - Choose a specific severity level to always apply that severity level, regardless of the initial severity associated with the signal. 1. (Optional) Under **Details**, add a description, tags, and teams to apply to the critical asset. 1. Under **Select Detection Rules**, enter specific detection rules to narrow down the severity changes to. To apply the changes to all detection rules, set the query to `*`. 1. Click **Save**. The Create Critical Asset window closes and your critical asset appears in the table, where you can enable or disable it, or export the critical asset configuration as Terraform or JSON files. ## View the signals a critical asset affected{% #view-the-signals-a-critical-asset-affected %} 1. In Datadog, go to **Security** > **Settings** > [**Critical Assets**](https://app.datadoghq.com/security/configuration/critical-assets). 1. Beside a critical asset, click the **More Options** icon , then click **Signals affected**. The Signals Explorer, prepopulated with a query to show the affected signals, opens in a new tab. ## View critical asset data in security signals{% #view-critical-asset-data-in-security-signals %} In every security signal that a critical asset has modified, an **Adjusted Severity** pill indicates both the original and adjusted severity levels. You can hover over that pill to see what adjustment the critical asset applied: {% image source="https://docs.dd-static.net/images/security/security_monitoring/critical_assets_pill.2257396552c75fad03983e04bbe1d2f3.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/security/security_monitoring/critical_assets_pill.2257396552c75fad03983e04bbe1d2f3.png?auto=format&fit=max&w=850&dpr=2 2x" alt="Adjusted Severity pill and pop-up, indicating that a CloudTrail signal's severity was increased from Low to Medium" /%} On the **JSON** tab of a security signal, you can also find the `critical_assets_data` object, which includes information about the critical assets associated with it, and how they affected the signal's severity. {% alert level="info" %} If a critical asset's severity level was overridden by a higher severity level, it may not appear in the `critical_assets_data` object. {% /alert %} ## Further reading{% #further-reading %} - [Suppressions](https://docs.datadoghq.com/security/cloud_siem/detect_and_monitor/suppressions.md)