| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| azure_web_application_firewall | Azure Web Application Firewall | detect | minimal | T1071 | Application Layer Protocol |
Comments
This control can detect one of the sub-techniques of this technique while not providing detection for the remaining, resulting in a Minimal overall score.
References
|
| azure_web_application_firewall | Azure Web Application Firewall | protect | minimal | T1071 | Application Layer Protocol |
Comments
This control can protect against one of the sub-techniques of this technique while not providing protection for the remaining, resulting in a Minimal overall score.
References
|
| azure_web_application_firewall | Azure Web Application Firewall | detect | partial | T1046 | Network Service Discovery |
Comments
This control can detect network service scanning of web applications by an adversary. Because this detection is specific to web applications (although frequent targets) and not other application types enumerated in the procedure examples of this technique (e.g. Active Directory), it has been scored as Partial.
References
|
| azure_web_application_firewall | Azure Web Application Firewall | detect | partial | T1071.001 | Web Protocols |
Comments
This control can detect protocol attacks targeting web applications that may be indicative of adversary activity.
References
|
| azure_web_application_firewall | Azure Web Application Firewall | detect | partial | T1595.002 | Vulnerability Scanning |
Comments
This control can detect active scanning.
References
|
| azure_web_application_firewall | Azure Web Application Firewall | protect | partial | T1046 | Network Service Discovery |
Comments
This control can protect web applications from network service scanning by an adversary. Because this protection is specific to web applications (although frequent targets) and not other application types enumerated in the procedure examples of this technique (e.g. Active Directory), it has been scored as Partial.
References
|
| azure_web_application_firewall | Azure Web Application Firewall | protect | partial | T1071.001 | Web Protocols |
Comments
This control can protect web applications from protocol attacks that may be indicative of adversary activity.
References
|
| azure_web_application_firewall | Azure Web Application Firewall | protect | partial | T1595 | Active Scanning |
Comments
This control can protect web applications from active scanning by an adversary. Because this protection is specific to web applications (although frequent targets) and not other application types, it has been scored as Partial.
References
|
| azure_web_application_firewall | Azure Web Application Firewall | protect | partial | T1595.002 | Vulnerability Scanning |
Comments
Focuses on web vulnerability scanning of OWASP Core Rule Set (CRS).
References
|
| azure_web_application_firewall | Azure Web Application Firewall | protect | partial | T1595.003 | Wordlist Scanning |
Comments
This control can detect active scanning.
References
|
| azure_web_application_firewall | Azure Web Application Firewall | detect | significant | T1190 | Exploit Public-Facing Application |
Comments
This control can detect common web application attack vectors.
References
|
| azure_web_application_firewall | Azure Web Application Firewall | protect | significant | T1190 | Exploit Public-Facing Application |
Comments
This control can protect web applications from common attacks (e.g. SQL injection, XSS).
References
|