| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | minimal | T1071 | Application Layer Protocol |
Comments
This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on block list.
References
|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | minimal | T1071.001 | Web Protocols |
Comments
This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list.
References
|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | minimal | T1071.002 | File Transfer Protocols |
Comments
This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list.
References
|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | minimal | T1071.003 | Mail Protocols |
Comments
This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list.
References
|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | minimal | T1071.004 | DNS |
Comments
This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list.
References
|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | partial | T1071.005 | Publish/Subscribe Protocols |
Comments
This control can identify connections to known malicious sites.
References
|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | partial | T1133 | External Remote Services |
Comments
This control can potentially identify malicious use of remote services via alerts such as "Suspicious incoming RDP network activity" and "Suspicious Incoming SSH network activity".
References
|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | significant | T1110 | Brute Force |
Comments
This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline. It provides significant detection from most of this technique's sub-techniques and procedure examples resulting in an overall score of Significant.
References
|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | significant | T1110.001 | Password Guessing |
Comments
This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.
References
|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | significant | T1110.003 | Password Spraying |
Comments
This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.
References
|
| alerts_for_azure_network_layer | Alerts for Azure Network Layer | detect | significant | T1110.004 | Credential Stuffing |
Comments
This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.
References
|