Cyera DSPM Investigation Agent

An AI-powered Security Copilot agent that helps security analysts investigate data security posture issues across cloud and SaaS environments. Run on-demand from the Agent Management view to identify at-risk data assets, analyze security gaps, and receive actionable remediation guidance.

- Identify riskiest data assets based on security issue types and severity

- Analyze asset distribution across cloud providers (AWS, Azure, GCP, SaaS)

- Investigate open security issues and violations

- Calculate risk scores for data assets using weighted severity (Critical×100 + High×50 + Medium×25 + Low×10)

- Generate security posture reports with actionable recommendations

- Track asset security configurations (encryption, public access, sensitivity)

- Distinguish between unique issue types and total records at risk

1. Navigate to Agent Management view in Security Copilot

2. Select "Cyera DSPM Investigation Agent"

3. Click "Run one time"

4. Provide investigation parameters:

- **UserRequest** (required): Describe your investigation (e.g., "Show top riskiest assets")

- **DaysLookback** (optional): Number of days to look back for issues (default: 30)

5. Review results with executive summary, data tables, and recommendations

- Data Tables: CyeraAssets_CL, CyeraIssues_CL from Microsoft Sentinel/Log Analytics

- UserRequest: Natural language investigation request parameter

- DaysLookback: Time range for recent issues (default: 30 days)

- Queries multiple cloud providers: AWS, Azure, GCP, and SaaS platforms

- Executive summary with key statistics and critical findings

- Top riskiest assets with risk scores, issue type counts, and records at risk

- Asset distribution by cloud provider with security metrics

- Open security issues with severity, remediation advice, and affected assets

- Distinction between issue types (unique security findings) and records at risk (affected data volume)

- Actionable recommendations prioritized by risk

- Microsoft Security Copilot with active SCU capacity

- Microsoft Sentinel workspace with Log Analytics

- Cyera DSPM data ingested into CyeraAssets_CL and CyeraIssues_CL tables

- Agent installed and configured with workspace connection

- **Execution-Based**: Run on-demand from Agent Management view with specific investigation parameters

- **Risk Scoring**: Automatic calculation of asset risk scores based on unique issue types and severity

- **Data Model Clarity**: Distinguishes between issue types (unique findings) and records at risk (data volume)

- **Multi-Cloud Coverage**: Analyze assets across AWS, Azure, GCP, and SaaS platforms

- **Security Gap Identification**: Highlights unencrypted sensitive data and publicly accessible assets

- **Actionable Remediation**: Provides specific remediation advice for each security issue

- **Provider Comparison**: Compare security posture across different cloud providers

- **Flexible Investigations**: Parameterized requests for different analysis types

Approximately 0.5-1.0 SCU per agent execution, depending on investigation complexity and data volume.