| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| defender_for_key_vault | Microsoft Defender for Key Vault | detect | minimal | T1580 | Cloud Infrastructure Discovery |
Comments
This control may alert on suspicious access of key vaults, including suspicious listing of key vault contents. This control does not alert on discovery of other cloud services, such as VMs, snapshots, cloud storage and therefore has minimal coverage. Suspicious activity based on patterns of access from certain users and applications allows for managing false positive rates.
References
|
| defender_for_key_vault | Microsoft Defender for Key Vault | detect | partial | T1555 | Credentials from Password Stores |
Comments
This control may detect suspicious secret access from Azure key vaults.
References
|
| defender_for_key_vault | Microsoft Defender for Key Vault | detect | partial | T1555.006 | Cloud Secrets Management Stores |
Comments
This control may detect suspicious secret access from Azure key vaults.
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| defender_for_key_vault | Microsoft Defender for Key Vault | 3 |