| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| azure_policy | Azure Policy | detect | minimal | T1525 | Implant Internal Image |
Comments
This control may provide recommendations to enable scanning and auditing of container images. This can provide information on images that have been added with high privileges or vulnerabilities.
References
|
| azure_policy | Azure Policy | protect | minimal | T1021 | Remote Services |
Comments
This control can protect against abuse of remote services.
References
|
| azure_policy | Azure Policy | protect | minimal | T1021.001 | Remote Desktop Protocol |
Comments
This control may provide recommendations to restrict public access to Remote Desktop Protocol.
References
|
| azure_policy | Azure Policy | protect | minimal | T1021.004 | SSH |
Comments
This control may provide recommendations to restrict public SSH access and enable usage of SSH keys.
References
|
| azure_policy | Azure Policy | protect | minimal | T1068 | Exploitation for Privilege Escalation |
Comments
This control may provide recommendations for vulnerability assessment and outdated applications and cloud services. This control covers a wide range of Azure cloud services to help reduce the surface area for exploitation.
References
|
| azure_policy | Azure Policy | protect | minimal | T1071 | Application Layer Protocol |
Comments
This control can protect against command and control via application layer protocol.
References
|
| azure_policy | Azure Policy | protect | minimal | T1071.004 | DNS |
Comments
This control may provide recommendations to enable Azure Defender for DNS which can monitor DNS queries between Azure applications for malicious traffic.
References
|
| azure_policy | Azure Policy | protect | minimal | T1078 | Valid Accounts |
Comments
This control can protect against abuse of valid accounts.
References
|
| azure_policy | Azure Policy | protect | minimal | T1078.004 | Cloud Accounts |
Comments
This control may provide recommendations to audit and restrict privileges on Azure cloud accounts. This control may provide information to reduce surface area for privileged access to Azure.
References
|
| azure_policy | Azure Policy | protect | minimal | T1098 | Account Manipulation |
Comments
This control can protect against account manipulation.
References
|
| azure_policy | Azure Policy | protect | minimal | T1098.001 | Additional Cloud Credentials |
Comments
This control may recommend removing deprecated accounts, reducing privileges, and enabling multi-factor authentication. This can reduce the amount of accounts available to be exploited and what could be done with those accounts.
References
|
| azure_policy | Azure Policy | protect | minimal | T1203 | Exploitation for Client Execution |
Comments
This control may provide recommendations for vulnerability assessment and outdated applications and cloud services. This control covers a wide range of Azure cloud services to help reduce the surface area for exploitation.
References
|
| azure_policy | Azure Policy | protect | minimal | T1210 | Exploitation of Remote Services |
Comments
This control may provide recommendations to enable Azure security controls to harden remote services and reduce surface area for possible exploitation.
References
|
| azure_policy | Azure Policy | protect | minimal | T1211 | Exploitation for Defense Evasion |
Comments
This control may provide recommendations for vulnerability assessment and outdated applications and cloud services. This control covers a wide range of Azure cloud services to help reduce the surface area for exploitation.
References
|
| azure_policy | Azure Policy | protect | minimal | T1212 | Exploitation for Credential Access |
Comments
This control may provide recommendations for vulnerability assessment and outdated applications and cloud services. This control covers a wide range of Azure cloud services to help reduce the surface area for exploitation.
References
|
| azure_policy | Azure Policy | protect | minimal | T1485 | Data Destruction |
Comments
This control may provide recommendations to enable soft deletion and purge protection in Azure Key Vault. This can help mitigate against malicious deletion of keys and secrets stored within Key Vault.
References
|
| azure_policy | Azure Policy | protect | minimal | T1485.001 | Lifecycle-Triggered Deletion |
Comments
This control may provide recommendations that protect from lifecycle-triggered deletion.
References
|
| azure_policy | Azure Policy | protect | minimal | T1505 | Server Software Component |
Comments
This control can protect against abuse of server software components for persistence.
References
|
| azure_policy | Azure Policy | protect | minimal | T1505.001 | SQL Stored Procedures |
Comments
This control may provide recommendations to enable other Azure controls that provide information on potentially exploitable SQL stored procedures. Recommendations to reduce unnecessary privileges from accounts and stored procedures can mitigate exploitable of this technique.
References
|
| azure_policy | Azure Policy | protect | minimal | T1537 | Transfer Data to Cloud Account |
Comments
This control may provide recommendations to enable security controls that monitor and prevent malicious transfer of data to cloud accounts.
References
|
| azure_policy | Azure Policy | protect | partial | T1021.007 | Cloud Services |
Comments
This control can protect against abuse of remote cloud services.
References
|
| azure_policy | Azure Policy | protect | partial | T1021.008 | Direct Cloud VM Connections |
Comments
This control can protect against abuse of direct cloud VM connections.
References
|
| azure_policy | Azure Policy | protect | partial | T1040 | Network Sniffing |
Comments
This control may provide recommendations to enable various Azure services that route traffic through secure networks, segment all network traffic, and enable TLS encryption where available.
References
|
| azure_policy | Azure Policy | protect | partial | T1110 | Brute Force |
Comments
This control can protect against brute force attacks.
References
|
| azure_policy | Azure Policy | protect | partial | T1110.001 | Password Guessing |
Comments
This control may provide recommendations to implement multi-factor authentication, implement password security policies, and replacing password authentication with more secure authentication methods. This control can affect Azure, Azure cloud application, and endpoint credentials.
References
|
| azure_policy | Azure Policy | protect | partial | T1110.003 | Password Spraying |
Comments
This control may provide recommendations to implement multi-factor authentication, implement password security policies, and replacing password authentication with more secure authentication methods. This control can affect Azure, Azure cloud application, and endpoint credentials.
References
|
| azure_policy | Azure Policy | protect | partial | T1110.004 | Credential Stuffing |
Comments
This control may provide recommendations to implement multi-factor authentication, implement password security policies, and replacing password authentication with more secure authentication methods. This control can affect Azure, Azure cloud application, and endpoint credentials.
References
|
| azure_policy | Azure Policy | protect | partial | T1133 | External Remote Services |
Comments
This control may provide recommendations to secure external remote services, such as restricting SSH access, enabling multi-factor authentication for VPN access, and auditing external remote services that are not necessary or updated.
References
|
| azure_policy | Azure Policy | protect | partial | T1190 | Exploit Public-Facing Application |
Comments
This control may provide recommendations to restrict access to applications that are public facing and providing information on vulnerable applications.
References
|
| azure_policy | Azure Policy | protect | partial | T1526 | Cloud Service Discovery |
Comments
This control may provide recommendations to enable Azure services that limit access to cloud services. Several Azure services and controls provide mitigations against cloud service discovery.
References
|
| azure_policy | Azure Policy | protect | partial | T1530 | Data from Cloud Storage |
Comments
This control may provide recommendations to enable Azure Defender for Storage and other security controls to prevent access to data from cloud storage objects.
References
|
| azure_policy | Azure Policy | protect | partial | T1535 | Unused/Unsupported Cloud Regions |
Comments
This control may provide recommendations to restrict the allowed locations your organization can specify when deploying resources or creating resource groups.
References
|
| azure_policy | Azure Policy | protect | partial | T1538 | Cloud Service Dashboard |
Comments
This control may provide recommendations to enable Azure services that limit access to Azure Resource Manager and other Azure dashboards. Several Azure services and controls provide mitigations against this technique.
References
|
| azure_policy | Azure Policy | protect | partial | T1555 | Credentials from Password Stores |
Comments
This control may provide recommendations for auditing and hardening Azure Key Vault to prevent malicious access and segment key access.
References
|
| azure_policy | Azure Policy | protect | partial | T1555.006 | Cloud Secrets Management Stores |
Comments
This control may provide recommendations for auditing and hardening Azure Key Vault to prevent malicious access and segment key access.
References
|
| azure_policy | Azure Policy | protect | partial | T1580 | Cloud Infrastructure Discovery |
Comments
This control may provide recommendations to enable Azure services that limit access to cloud infrastructure. Several Azure services and controls provide mitigations against cloud infrastructure discovery.
References
|
| azure_policy | Azure Policy | protect | partial | T1590 | Gather Victim Network Information |
Comments
This control may provide recommendations to restrict access to cloud resources from public networks and to route traffic between resources through Azure. Recommendations are also provided to use private DNS zones. If these recommendations are implemented the visible network information should be reduced.
References
|
| azure_policy | Azure Policy | protect | partial | T1590.002 | DNS |
Comments
This control can protect against gathering victim networking information.
References
|
| azure_policy | Azure Policy | protect | partial | T1590.004 | Network Topology |
Comments
This control can protect against gathering victim networking information.
References
|
| azure_policy | Azure Policy | protect | partial | T1590.005 | IP Addresses |
Comments
This control can protect against gathering victim networking information.
References
|
| azure_policy | Azure Policy | protect | partial | T1590.006 | Network Security Appliances |
Comments
This control can protect against gathering victim networking information.
References
|