| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | minimal | T1078 | Valid Accounts |
Comments
This control only provides protection for one of this technique's sub-techniques while not providing any protection for its procedure examples (due to being specific to Azure AD) nor its remaining sub-technqiues. Consequently its coverage score factor is Minimal, resulting in a Minimal score.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | minimal | T1087 | Account Discovery |
Comments
This control only provides protection for one of this technique's sub-techniques while not providing any protection for its procedure examples nor its remaining sub-technqiues and therefore its coverage score factor is Minimal, resulting in a Minimal score.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | minimal | T1136 | Create Account |
Comments
This control only provides protection for one of this technique's sub-techniques while not providing any protection for the remaining and therefore its coverage score factor is Minimal, resulting in a Minimal score.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1078.004 | Cloud Accounts |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit what an adversary can do with a valid account.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1087.004 | Cloud Account |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the accounts that can be used for account discovery.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1098 | Account Manipulation |
Comments
This control provides protection for some of this technique's sub-techniques and therefore its coverage score factor is Partial, resulting in a Partial score.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1098.001 | Additional Cloud Credentials |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1098.003 | Additional Cloud Roles |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1098.006 | Additional Container Cluster Roles |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1136.003 | Cloud Account |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can create accounts.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1485.001 | Lifecycle-Triggered Deletion |
Comments
This control can provide protection against life-cycle triggered deletion by restricting access to those functions.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1528 | Steal Application Access Token |
Comments
This control can be used to limit the number of users that are authorized to grant consent to applications for accessing organizational data. This can reduce the likelihood that a user is fooled into granting consent to a malicious application that then utilizes the user's OAuth access token to access organizational data.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1530 | Data from Cloud Storage |
Comments
This control can be used to limit the number of users that have access to storage solutions except for the applications, users, and services that require access, thereby reducing the attack surface.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1538 | Cloud Service Dashboard |
Comments
This control can be used to limit the number of users that have dashboard visibility thereby reducing the attack surface.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1556 | Modify Authentication Process |
Comments
This control can protect against modification of the authentication process by limiting access.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1578 | Modify Cloud Compute Infrastructure |
Comments
This control provides partial protection for all of its sub-techniques and therefore its coverage score factor is Partial, resulting in a Partial score.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1578.001 | Create Snapshot |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1578.002 | Create Cloud Instance |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1578.003 | Delete Cloud Instance |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1578.004 | Revert Cloud Instance |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1578.005 | Modify Cloud Compute Configurations |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.
References
|
| azure_role_based_access_control | Azure Role-Based Access Control | protect | partial | T1580 | Cloud Infrastructure Discovery |
Comments
This control can be used to limit the number of users that have privileges to discover cloud infrastructure thereby reducing an organization's cloud infrastructure attack surface.
References
|