1. Home
  2. Mapping Frameworks
  3. Azure Home
  4. Azure DNS Analytics Capability Group

Azure Azure DNS Analytics Capability Group

All Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
azure_dns_analytics Azure DNS Analytics detect minimal T1041 Exfiltration Over C2 Channel
Comments
This control can potentially be used to forensically identify exfiltration via a DNS-based C2 channel.
References
  1. https://learn.microsoft.com/en-us/previous-versions/azure/azure-monitor/insights/dns-analytics
azure_dns_analytics Azure DNS Analytics detect minimal T1048 Exfiltration Over Alternative Protocol
Comments
This control can identify anomalous / high talker DNS clients, possibly related to exfil via DNS
References
  1. https://learn.microsoft.com/en-us/previous-versions/azure/azure-monitor/insights/dns-analytics
azure_dns_analytics Azure DNS Analytics detect minimal T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
Comments
This control can potentially be used to forensically identify exfiltration via DNS protocol.
References
  1. https://learn.microsoft.com/en-us/previous-versions/azure/azure-monitor/insights/dns-analytics
azure_dns_analytics Azure DNS Analytics detect minimal T1071 Application Layer Protocol
Comments
This control can be used forensically to identify clients that communicated with identified C2 hosts via DNS.
References
  1. https://learn.microsoft.com/en-us/previous-versions/azure/azure-monitor/insights/dns-analytics
azure_dns_analytics Azure DNS Analytics detect minimal T1071.004 DNS
Comments
This control can be used forensically to identify clients that communicated with identified C2 hosts.
References
  1. https://learn.microsoft.com/en-us/previous-versions/azure/azure-monitor/insights/dns-analytics
azure_dns_analytics Azure DNS Analytics detect minimal T1566 Phishing
Comments
This control can be used forensically to identify DNS queries to known malicious sites, which may be evidence of phishing.
References
  1. https://learn.microsoft.com/en-us/previous-versions/azure/azure-monitor/insights/dns-analytics
azure_dns_analytics Azure DNS Analytics detect minimal T1566.002 Spearphishing Link
Comments
This control can be used forensically to identify DNS queries to known malicious sites, which may be evidence of phishing.
References
  1. https://learn.microsoft.com/en-us/previous-versions/azure/azure-monitor/insights/dns-analytics
azure_dns_analytics Azure DNS Analytics detect minimal T1568 Dynamic Resolution
Comments
This control can be used for after-the-fact analysis of potential fast-flux DNS C2
References
  1. https://learn.microsoft.com/en-us/previous-versions/azure/azure-monitor/insights/dns-analytics
azure_dns_analytics Azure DNS Analytics detect minimal T1568.001 Fast Flux DNS
Comments
This control can be used for after-the-fact analysis of potential fast-flux DNS C2
References
  1. https://learn.microsoft.com/en-us/previous-versions/azure/azure-monitor/insights/dns-analytics
azure_dns_analytics Azure DNS Analytics detect minimal T1568.002 Domain Generation Algorithms
Comments
This control can be used for after-the-fact analysis of potential fast-flux DNS C2
References
  1. https://learn.microsoft.com/en-us/previous-versions/azure/azure-monitor/insights/dns-analytics

Capabilities

Capability ID Capability Name Number of Mappings
azure_dns_analytics Azure DNS Analytics 10