Home
Mapping Frameworks
Azure Home
Adaptive Application Controls

Azure adaptive_application_controls Mappings

Security Center's Adaptive Application Controls uses machine learning to analyze the applications running on machines and create a list of known-safe software. Allow lists are based on specific Azure workloads and can be further customized. They are based on trusted paths, publishers, and hashes. When Adaptive Application Controls are enabled, security alerts are generated when applications are run that have not been defined as safe.

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name
adaptive_application_controls	Adaptive Application Controls	detect	partial	T1204	User Execution
adaptive_application_controls	Adaptive Application Controls	detect	partial	T1204.002	Malicious File
adaptive_application_controls	Adaptive Application Controls	detect	partial	T1036	Masquerading
adaptive_application_controls	Adaptive Application Controls	detect	partial	T1036.005	Match Legitimate Name or Location
adaptive_application_controls	Adaptive Application Controls	detect	partial	T1036.006	Space after Filename
adaptive_application_controls	Adaptive Application Controls	detect	partial	T1036.001	Invalid Code Signature
adaptive_application_controls	Adaptive Application Controls	detect	minimal	T1553	Subvert Trust Controls
adaptive_application_controls	Adaptive Application Controls	detect	partial	T1553.002	Code Signing
adaptive_application_controls	Adaptive Application Controls	detect	partial	T1554	Compromise Client Software Binary