You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: exposure-management/predefined-classification-rules-and-levels.md
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -42,7 +42,7 @@ Current asset types are:
42
42
| Security Operations Admin Device | Device | High | Critical devices used to configure, manage, and monitor the security within an organization are vital for security operations administration and are at high risk of cyber threats. They require top-level security measures to prevent unauthorized access. Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools.|
43
43
| Network Admin Device | Device | Medium | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. _Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools._|
44
44
| VMware ESXi | Device | High | The VMware ESXi hypervisor is essential for running and managing virtual machines within your infrastructure. As a bare-metal hypervisor, it's providing the foundation for creating and managing virtual resources. |
45
-
| VMware vCenter | Device | High | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues |
45
+
| VMware vCenter | Device | High | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues.|
46
46
| Hyper-V Server | Device | High | The Hyper-V hypervisor is essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. If the Hyper-V host fails, it can lead to the unavailability of hosted virtual machines, potentially causing downtime and disrupting business operations. Moreover, it can result in significant performance degradation and operational challenges. Ensuring the reliability and stability of Hyper-V hosts is therefore critical for maintaining seamless operations in a virtual environment. |
47
47
48
48
##### Identity
@@ -73,6 +73,7 @@ Current asset types are:
73
73
| Password Administrator | Identity | Very High | Identities in this role can reset passwords for nonadministrators and Password Administrators. |
74
74
| Privileged Authentication Administrator | Identity | Very High | Identities in this role can view, set, and reset authentication method information for any user (admin or nonadmin). |
75
75
| Privileged Role Administrator | Identity | Very High | Identities in this role can manage role assignments in Microsoft Entra ID, and all aspects of Privileged Identity Management. |
76
+
| Security Operations Admin User | Identity | High | Identities in this role can configure, manage, monitor, and respond to threats within the organization. **Note**: This rule’s logic relies on the predefined critical device classification “Security Operations Admin Device”. |
76
77
| Security Administrator | Identity | High | Identities in this role can read security information and reports, and manage configuration in Microsoft Entra ID and Office 365. |
77
78
| Security Operator | Identity | High | Identities in this role can create and manage security events. |
78
79
| Security Reader | Identity | High | Identities in this role can read security information and reports in Microsoft Entra ID and Office 365. |
| Security Operations Admin User | This rule applies to security operations admin users that configure, manage, monitor, and respond to threats within the organization. |
36
+
37
+
For more information, see, [Predefined classifications](predefined-classification-rules-and-levels.md)
38
+
39
+
### New predefined classifications
28
40
29
41
The following predefined classification rules were added to the critical assets list:
30
42
@@ -33,6 +45,7 @@ The following predefined classification rules were added to the critical assets
33
45
| Azure Key Vault with high number of operations | This rule identifies and classifies Azure Key Vaults that experience a high volume of operations, indicating their criticality within the cloud environment. |
34
46
| Security Operations Admin Device | This rule applies to critical devices used to configure, manage, and monitor the security within an organization are vital for security operations administration and are at high risk of cyber threats. They require top-level security measures to prevent unauthorized access. |
35
47
48
+
36
49
For more information, see, [Predefined classifications](predefined-classification-rules-and-levels.md)
0 commit comments