Merge pull request #1348 from DebLanger/update_classification

DebLanger · web-flow · commit e9d261c0c319 · 2024-09-15T16:27:33.000+03:00
update classification DNS
diff --git a/exposure-management/leverage-data-connectors.md b/exposure-management/leverage-data-connectors.md
@@ -0,0 +1,44 @@
+---
+title: Levering insights from data connectors in Microsoft Security Exposure Management
+description: Learn about leveraging the data connectors in Microsoft Security Exposure Management.
+ms.author: dlanger
+author: dlanger
+manager: rayne-wiselman
+ms.topic: overview
+ms.service: exposure-management
+ms.date: 09/11/2024
+---
+
+# Leverage insights from data connectors
+
+[Microsoft Security Exposure Management](microsoft-security-exposure-management.md) consolidates security posture data from all your digital assets enabling you to map your attack surface and focus your security efforts on areas at greatest risk. The data from Microsoft products gets ingested automatically once connected to Exposure Management, and you can add more data connectors from external data sources.
+
+## Imported assets and types
+
+There are various types of assets available for consumption, such as digital assets, customer relationship management (CRM) systems, and mobile applications.
+
+- Devices
+- Vulnerabilities
+- Users (future)
+- Software (future)
+- SaaS Applications   (future)
+
+The asset information imported into Exposure Management includes data from external data sources like Qualys, Rapid7, and ServiceNow CMDB environments. This data is consolidated to provide a comprehensive view of the security posture across all digital assets.
+
+## Viewing the imported data
+
+The data from the imported assets will appear in the device inventories and the exposure graph. Exposure Management also offers integration with critical asset protection, attack paths, metrics, and initiatives. It provides insights into potential attack paths and entry points that could compromise critical assets. It also offers metrics and recommendations to help prioritize actions to protect these assets.
+
+The information brought into the system includes:
+
+- Device and service data from systems, including OS
+- Distribution
+- Interfaces
+- Network details
+- Last users  
+
+[INSERT IMAGE]
+
+## Next steps
+
+[Configuring your data connectors](configure-data-connectors.md)
diff --git a/exposure-management/predefined-classification-rules-and-levels.md b/exposure-management/predefined-classification-rules-and-levels.md
@@ -31,12 +31,13 @@ Current asset types are:
 | ADCS                       | Device     | Medium                    | ADCS server allows administrators to fully implement a public key infrastructure (PKI) and issue digital certificates that can be used to secure multiple resources on a network. Moreover, ADCS can be used for various security solutions, such as SSL encryption, user authentication, and secure email. |
 | ADFS                       | Device     | High                      | ADFS server provides users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated identity. |
 | Backup                     | Device     | Medium                    | Backup server is responsible for safeguarding data through regular backups, ensuring data protection and disaster recovery readiness. |
-| Domain Admin Machines      | Device     | High                      | Domain admin machines are machines that one or more of the domain admins are frequently logged into. These devices are likely to store related files, documents, and credentials used by the domain admins. |
+| Domain Admin Device      | Device     | High                      | Domain admin devices are devices that one or more of the domain admins are frequently logged into. These devices are likely to store related files, documents, and credentials used by the domain admins. |
 | Domain Controller          | Device     | High                      | Domain controller server is responsible for user authentication, authorization, and centralized management of network resources within an active directory domain. |
+| DNS                        | Device     | Medium                    | The DNS server is essential for resolving domain names to IP addresses, enabling network communication and access to resources both internally and externally. |
 | Exchange                   | Device     | Medium                    | Exchange server is responsible for all the mail traffic within the organization. Depending on the setup and architecture, each server might hold several mail databases that store highly sensitive organizational information. |
 | SCCM                       | Device     | Medium                    | SCCM is used for managing endpoints in a large network, including patch management, software distribution, and inventory management. |
-| ITAdminDevice              | Device     | Medium                    | Critical devices used to configure, manage, and monitor the assets within the organization are vital for IT administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. |
-| NetworkAdminDevice         | Device     | Medium                    | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. |
+| IT Admin Device              | Device     | Medium                    | Critical devices used to configure, manage, and monitor the assets within the organization are vital for IT administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. |
+| Network Admin Device         | Device     | Medium                    | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. |
 | VMware ESXi                | Device     | High                      | The VMware ESXi hypervisor is essential for running and managing virtual machines within your infrastructure. As a bare-metal hypervisor, it's providing the foundation for creating and managing virtual resources. |
 | VMware vCenter             | Device     | High                      | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues |
 
