Home
Mapping Frameworks
Azure Home
Alerts for Windows Machines

Azure alerts_for_windows_machines Mappings

For Windows, Azure Defender integrates with Azure services to monitor and protect your Windows-based machines. Security Center presents the alerts and remediation suggestions from all of these services in an easy-to-use format.

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1078	Valid Accounts
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1078.003	Local Accounts
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1078.001	Default Accounts
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1059	Command and Scripting Interpreter
alerts_for_windows_machines	Alerts for Windows Machines	detect	significant	T1059.001	PowerShell
alerts_for_windows_machines	Alerts for Windows Machines	detect	significant	T1059.003	Windows Command Shell
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1204	User Execution
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1204.002	Malicious File
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1547	Boot or Logon Autostart Execution
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1547.001	Registry Run Keys / Startup Folder
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1136	Create Account
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1136.001	Local Account
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1543	Create or Modify System Process
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1543.003	Windows Service
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1546	Event Triggered Execution
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1546.002	Screensaver
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1546.008	Accessibility Features
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1548	Abuse Elevation Control Mechanism
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1548.002	Bypass User Account Control
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1055	Process Injection
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1055.001	Dynamic-link Library Injection
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1055.002	Portable Executable Injection
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1055.003	Thread Execution Hijacking
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1055.005	Thread Local Storage
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1055.004	Asynchronous Procedure Call
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1055.011	Extra Window Memory Injection
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1055.012	Process Hollowing
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1055.013	Process Doppelgänging
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1203	Exploitation for Client Execution
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1212	Exploitation for Credential Access
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1211	Exploitation for Defense Evasion
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1068	Exploitation for Privilege Escalation
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1210	Exploitation of Remote Services
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1190	Exploit Public-Facing Application
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1189	Drive-by Compromise
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1140	Deobfuscate/Decode Files or Information
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1222	File and Directory Permissions Modification
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1222.001	Windows File and Directory Permissions Modification
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1564	Hide Artifacts
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1564.003	Hidden Window
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1562	Impair Defenses
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1562.004	Disable or Modify System Firewall
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1562.001	Disable or Modify Tools
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1070	Indicator Removal on Host
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1070.004	File Deletion
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1070.001	Clear Windows Event Logs
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1112	Modify Registry
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1027	Obfuscated Files or Information
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1218	Signed Binary Proxy Execution
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1218.005	Mshta
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1218.011	Rundll32
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1110	Brute Force
alerts_for_windows_machines	Alerts for Windows Machines	detect	significant	T1110.003	Password Spraying
alerts_for_windows_machines	Alerts for Windows Machines	detect	significant	T1110.001	Password Guessing
alerts_for_windows_machines	Alerts for Windows Machines	detect	significant	T1110.004	Credential Stuffing
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1003	OS Credential Dumping
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1003.004	LSA Secrets
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1558	Steal or Forge Kerberos Tickets
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1558.001	Golden Ticket
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1087	Account Discovery
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1087.001	Local Account
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1087.002	Domain Account
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1082	System Information Discovery
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1563	Remote Service Session Hijacking
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1563.002	RDP Hijacking
alerts_for_windows_machines	Alerts for Windows Machines	detect	partial	T1105	Ingress Tool Transfer
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1048	Exfiltration Over Alternative Protocol
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1048.001	Exfiltration Over Symmetric Encrypted Non-C2 Protocol
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1489	Service Stop
alerts_for_windows_machines	Alerts for Windows Machines	detect	minimal	T1202	Indirect Command Execution