| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| ai_threat_protection | Microsoft Defender for Cloud: AI Threat Protection | detect | partial | T1090.003 | Multi-hop Proxy |
Comments
This capability can detect (alert: AI.Azure_AccessFromAnonymizedIP) when an AI is accessed from a Tor network IP.
References
|
| ai_threat_protection | Microsoft Defender for Cloud: AI Threat Protection | detect | partial | T1491 | Defacement |
Comments
This capability can alert (using AI.Azure_MaliciousUrl.ModelResponse) when an AI model has shared a malicious URL with a user.
References
|
| ai_threat_protection | Microsoft Defender for Cloud: AI Threat Protection | detect | partial | T1552 | Unsecured Credentials |
Comments
This control provides detection of unsecured credentials being divulged by AI model responses.
References
|
| ai_threat_protection | Microsoft Defender for Cloud: AI Threat Protection | detect | significant | T1496.004 | Cloud Service Hijacking |
Comments
This capability has multiple alerts (AI.Azure_DOWDuplicateRequests, AI.Azure_DOWVolumeAnomaly) that can detect abuse of an AI for financial impact on an organization.
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| ai_threat_protection | Microsoft Defender for Cloud: AI Threat Protection | 4 |