Azure azure_ad_identity_protection Mappings

Identity Protection is a tool that allows organizations to accomplish three key tasks: Automate the detection and remediation of identity-based risks. Investigate risks using data in the portal. Export risk detection data to third-party utilities for further analysis.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
azure_ad_identity_protection Azure AD Identity Protection detect partial T1078 Valid Accounts
azure_ad_identity_protection Azure AD Identity Protection respond partial T1078 Valid Accounts
azure_ad_identity_protection Azure AD Identity Protection detect partial T1078.004 Cloud Accounts
azure_ad_identity_protection Azure AD Identity Protection respond significant T1078.004 Cloud Accounts
azure_ad_identity_protection Azure AD Identity Protection detect partial T1078.002 Domain Accounts
azure_ad_identity_protection Azure AD Identity Protection respond partial T1078.002 Domain Accounts
azure_ad_identity_protection Azure AD Identity Protection detect partial T1606 Forge Web Credentials
azure_ad_identity_protection Azure AD Identity Protection respond partial T1606 Forge Web Credentials
azure_ad_identity_protection Azure AD Identity Protection detect partial T1606.002 SAML Tokens
azure_ad_identity_protection Azure AD Identity Protection respond significant T1606.002 SAML Tokens
azure_ad_identity_protection Azure AD Identity Protection detect minimal T1110 Brute Force
azure_ad_identity_protection Azure AD Identity Protection respond minimal T1110 Brute Force
azure_ad_identity_protection Azure AD Identity Protection detect partial T1110.003 Password Spraying
azure_ad_identity_protection Azure AD Identity Protection respond significant T1110.003 Password Spraying