Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|---|
azure_alerts_for_network_layer | Azure Alerts for Network Layer | detect | significant | T1110 | Brute Force |
Comments
This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline. It provides significant detection from most of this technique's sub-techniques and procedure examples resulting in an overall score of Significant.
References
|
azure_alerts_for_network_layer | Azure Alerts for Network Layer | detect | significant | T1110.003 | Password Spraying |
Comments
This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.
References
|
azure_alerts_for_network_layer | Azure Alerts for Network Layer | detect | significant | T1110.001 | Password Guessing |
Comments
This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.
References
|
azure_alerts_for_network_layer | Azure Alerts for Network Layer | detect | significant | T1110.004 | Credential Stuffing |
Comments
This control can identify multiple connection attempts by external IPs, which may be indicative of Brute Force attempts, though not T1110.002, which is performed offline.
References
|
azure_alerts_for_network_layer | Azure Alerts for Network Layer | detect | minimal | T1071 | Application Layer Protocol |
Comments
This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on block list.
References
|
azure_alerts_for_network_layer | Azure Alerts for Network Layer | detect | minimal | T1071.004 | DNS |
Comments
This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list.
References
|
azure_alerts_for_network_layer | Azure Alerts for Network Layer | detect | minimal | T1071.003 | Mail Protocols |
Comments
This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list.
References
|
azure_alerts_for_network_layer | Azure Alerts for Network Layer | detect | minimal | T1071.002 | File Transfer Protocols |
Comments
This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list.
References
|
azure_alerts_for_network_layer | Azure Alerts for Network Layer | detect | minimal | T1071.001 | Web Protocols |
Comments
This control can identify connections to known malicious sites. Scored minimal since the malicious sites must be on a block list.
References
|
azure_alerts_for_network_layer | Azure Alerts for Network Layer | detect | partial | T1133 | External Remote Services |
Comments
This control can potentially identify malicious use of remote services via alerts such as "Suspicious incoming RDP network activity" and "Suspicious Incoming SSH network activity".
References
|