Adversaries may attempt to find group and permission settings. This information can help adversaries determine which user accounts and groups are available, the membership of users in particular groups, and which users and groups have elevated permissions.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| azure_defender_for_resource_manager | Azure Defender for Resource Manager | technique_scores | T1069 | Permission Groups Discovery |
Comments
This control may alert on Azure domain cloud groups discovery activity but may not provide alerts for other account types or undocumented exploitation toolkits. Consequently, its Coverage score is Minimal resulting in an overall Minimal score.
References
|
| azure_sentinel | Azure Sentinel | technique_scores | T1069 | Permission Groups Discovery |
Comments
This control provides minimal coverage for one of this technique's sub-techniques and only minimal coverage for its procedure examples, resulting in an overall score of Minimal.
References
|
| microsoft_defender_for_identity | Microsoft Defender for Identity | technique_scores | T1069 | Permission Groups Discovery |
Comments
This control provides significant detection for one of this technique's sub-techniques, while not providing any detection for the remaining, resulting in a Minimal score.
References
|
| Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1069.003 | Cloud Groups | 1 |
| T1069.002 | Domain Groups | 2 |
| T1069.001 | Local Groups | 1 |