Skip to content

Commit c696e1d

Browse files
DebLangerDebLanger
committed
Add rules
1 parent 290cdc1 commit c696e1d

File tree

2 files changed

+18
-3
lines changed

2 files changed

+18
-3
lines changed

exposure-management/predefined-classification-rules-and-levels.md

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,10 +38,11 @@ Current asset types are:
3838
| Domain Controller | Device | Very High | Domain controller server is responsible for user authentication, authorization, and centralized management of network resources within an active directory domain. |
3939
| DNS | Device | Low | The DNS server is essential for resolving domain names to IP addresses, enabling network communication and access to resources both internally and externally. |
4040
| Exchange | Device | Medium | Exchange server is responsible for all the mail traffic within the organization. Depending on the setup and architecture, each server might hold several mail databases that store highly sensitive organizational information. |
41-
| IT Admin Device | Device | Medium | Critical devices used to configure, manage, and monitor the assets within the organization are vital for IT administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. _Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools._ |
42-
| Network Admin Device | Device | Medium | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. _Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools._|
41+
| IT Admin Device | Device | Medium | Critical devices used to configure, manage, and monitor the assets within the organization are vital for IT administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. _Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools. |
42+
| Network Admin Device | Device | Medium | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. _Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools.|
43+
| Security Operations Admin Device | Device | High | Critical devices used to configure, manage, and monitor the security within an organization are vital for security operations administration and are at high risk of cyber threats. They require top-level security measures to prevent unauthorized access.  Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools.|
4344
| VMware ESXi | Device | High | The VMware ESXi hypervisor is essential for running and managing virtual machines within your infrastructure. As a bare-metal hypervisor, it's providing the foundation for creating and managing virtual resources. |
44-
| VMware vCenter | Device | High | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues |
45+
| VMware vCenter | Device | High | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues. |
4546
| Hyper-V Server | Device | High | The Hyper-V hypervisor is essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. If the Hyper-V host fails, it can lead to the unavailability of hosted virtual machines, potentially causing downtime and disrupting business operations. Moreover, it can result in significant performance degradation and operational challenges. Ensuring the reliability and stability of Hyper-V hosts is therefore critical for maintaining seamless operations in a virtual environment. |
4647

4748
##### Identity
@@ -72,6 +73,7 @@ Current asset types are:
7273
| Password Administrator | Identity | Very High | Identities in this role can reset passwords for nonadministrators and Password Administrators. |
7374
| Privileged Authentication Administrator | Identity | Very High | Identities in this role can view, set, and reset authentication method information for any user (admin or nonadmin). |
7475
| Privileged Role Administrator | Identity | Very High | Identities in this role can manage role assignments in Microsoft Entra ID, and all aspects of Privileged Identity Management. |
76+
| Security Operations Admin User | Identity | High | Identities in this role can configure, manage, monitor, and respond to threats within the organization.  **Note**: This rule’s logic relies on the predefined critical device classification “Security Operations Admin Device”. |
7577
| Security Administrator | Identity | High | Identities in this role can read security information and reports, and manage configuration in Microsoft Entra ID and Office 365. |
7678
| Security Operator | Identity | High | Identities in this role can create and manage security events. |
7779
| Security Reader | Identity | High | Identities in this role can read security information and reports in Microsoft Entra ID and Office 365. |

exposure-management/whats-new.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,19 @@ Learn more about MSEM by reading the blogs, [here](https://techcommunity.microso
2424
>
2525
> `https://aka.ms/msem/rss`
2626
27+
## February 2025
28+
29+
### New predefined classifications
30+
31+
The following predefined classification rules were added to the critical assets list:
32+
33+
| Classification | Description |
34+
| :--------------------------------------------------- | :----------------------------------------------------------- |
35+
| Security Operations Admin User | This rule applies to security operations admin users that configure, manage, monitor, and respond to threats within the organization. |
36+
| Security Operations Admin Device | This rule applies to critical devices used to configure, manage, and monitor the security within an organization are vital for security operations administration and are at high risk of cyber threats. They require top-level security measures to prevent unauthorized access. |
37+
38+
For more information, see, [Predefined classifications](predefined-classification-rules-and-levels.md)
39+
2740
## January 2025
2841

2942
### Metrics enhancements

0 commit comments

Comments
 (0)