Azure Microsoft Defender for Azure SQL Databases - Mappings Explorer

All Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name	Notes
defender_for_azure_sql_databases	Microsoft Defender for Azure SQL Databases	protect	minimal	T1078	Valid Accounts	Comments This control can protect against abuse of valid accounts. References https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-sql-introduction
defender_for_azure_sql_databases	Microsoft Defender for Azure SQL Databases	protect	minimal	T1112	Modify Registry	Comments This control may scan for any stored procedures that can access the Registry and checks that permission to execute those stored procedures have been revoked from all users (other than dbo). References https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-sql-introduction
defender_for_azure_sql_databases	Microsoft Defender for Azure SQL Databases	protect	minimal	T1190	Exploit Public-Facing Application	Comments This control provides recommendations to patch if SQL server is out of date and to disable unneeded features to reduce exploitable surface area. References https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-sql-introduction
defender_for_azure_sql_databases	Microsoft Defender for Azure SQL Databases	protect	minimal	T1505	Server Software Component	Comments This control can protect against abuse of server software components for persistence. References https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-sql-introduction
defender_for_azure_sql_databases	Microsoft Defender for Azure SQL Databases	protect	partial	T1068	Exploitation for Privilege Escalation	Comments This control may scan for users with unnecessary permissions and if SQL Server is out of date. References https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-sql-introduction
defender_for_azure_sql_databases	Microsoft Defender for Azure SQL Databases	protect	partial	T1078.001	Default Accounts	Comments This control may provide recommendations to disable default accounts and restrict permissions for existing accounts. References https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-sql-introduction
defender_for_azure_sql_databases	Microsoft Defender for Azure SQL Databases	protect	partial	T1505.001	SQL Stored Procedures	Comments This control may scan for users with unnecessary access to SQL stored procedures. References https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-sql-introduction

Capabilities

Capability ID	Capability Name	Number of Mappings
defender_for_azure_sql_databases	Microsoft Defender for Azure SQL Databases	7