Adversaries may attempt to find group and permission settings. This information can help adversaries determine which user accounts and groups are available, the membership of users in particular groups, and which users and groups have elevated permissions.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| azure_defender_for_resource_manager | Azure Defender for Resource Manager | technique_scores | T1069 | Permission Groups Discovery |
| azure_sentinel | Azure Sentinel | technique_scores | T1069 | Permission Groups Discovery |
| microsoft_defender_for_identity | Microsoft Defender for Identity | technique_scores | T1069 | Permission Groups Discovery |
| Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1069.003 | Cloud Groups | 1 |
| T1069.002 | Domain Groups | 2 |
| T1069.001 | Local Groups | 1 |