Azure azure_defender_for_app_service Mappings

Azure Defender for App Service monitors VM instances and their management interfaces, App Service apps and their requests/responses, and App Service internal logs to detect threats to App Service resources and provide security recommendations to mitigate them.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
azure_defender_for_app_service Azure Defender for App Service protect minimal T1584 Compromise Infrastructure
azure_defender_for_app_service Azure Defender for App Service protect significant T1584.001 Domains
azure_defender_for_app_service Azure Defender for App Service detect partial T1496 Resource Hijacking
azure_defender_for_app_service Azure Defender for App Service detect minimal T1204 User Execution
azure_defender_for_app_service Azure Defender for App Service detect minimal T1204.001 Malicious Link
azure_defender_for_app_service Azure Defender for App Service detect partial T1140 Deobfuscate/Decode Files or Information
azure_defender_for_app_service Azure Defender for App Service protect minimal T1566 Phishing
azure_defender_for_app_service Azure Defender for App Service protect minimal T1566.002 Spearphishing Link
azure_defender_for_app_service Azure Defender for App Service detect minimal T1059 Command and Scripting Interpreter
azure_defender_for_app_service Azure Defender for App Service detect minimal T1059.004 Unix Shell
azure_defender_for_app_service Azure Defender for App Service detect minimal T1059.001 PowerShell
azure_defender_for_app_service Azure Defender for App Service detect partial T1105 Ingress Tool Transfer
azure_defender_for_app_service Azure Defender for App Service detect minimal T1595 Active Scanning
azure_defender_for_app_service Azure Defender for App Service detect partial T1595.002 Vulnerability Scanning
azure_defender_for_app_service Azure Defender for App Service detect partial T1594 Search Victim-Owned Websites
azure_defender_for_app_service Azure Defender for App Service detect partial T1055 Process Injection
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.001 Dynamic-link Library Injection
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.002 Portable Executable Injection
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.003 Thread Execution Hijacking
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.004 Asynchronous Procedure Call
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.005 Thread Local Storage
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.011 Extra Window Memory Injection
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.012 Process Hollowing
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.013 Process Doppelgänging
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.008 Ptrace System Calls
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.009 Proc Memory
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.014 VDSO Hijacking
azure_defender_for_app_service Azure Defender for App Service detect partial T1203 Exploitation for Client Execution
azure_defender_for_app_service Azure Defender for App Service detect partial T1211 Exploitation for Defense Evasion
azure_defender_for_app_service Azure Defender for App Service detect partial T1068 Exploitation for Privilege Escalation
azure_defender_for_app_service Azure Defender for App Service detect partial T1212 Exploitation for Credential Access
azure_defender_for_app_service Azure Defender for App Service detect partial T1189 Drive-by Compromise
azure_defender_for_app_service Azure Defender for App Service detect partial T1190 Exploit Public-Facing Application
azure_defender_for_app_service Azure Defender for App Service detect partial T1210 Exploitation of Remote Services
azure_defender_for_app_service Azure Defender for App Service detect partial T1559 Inter-Process Communication
azure_defender_for_app_service Azure Defender for App Service detect partial T1559.001 Component Object Model
azure_defender_for_app_service Azure Defender for App Service detect partial T1559.002 Dynamic Data Exchange
azure_defender_for_app_service Azure Defender for App Service detect minimal T1036 Masquerading
azure_defender_for_app_service Azure Defender for App Service detect partial T1036.005 Match Legitimate Name or Location
azure_defender_for_app_service Azure Defender for App Service detect minimal T1134 Access Token Manipulation
azure_defender_for_app_service Azure Defender for App Service detect minimal T1087 Account Discovery
azure_defender_for_app_service Azure Defender for App Service detect minimal T1087.001 Local Account
azure_defender_for_app_service Azure Defender for App Service detect minimal T1123 Audio Capture
azure_defender_for_app_service Azure Defender for App Service detect minimal T1547 Boot or Logon Autostart Execution
azure_defender_for_app_service Azure Defender for App Service detect minimal T1547.005 Security Support Provider
azure_defender_for_app_service Azure Defender for App Service detect minimal T1547.001 Registry Run Keys / Startup Folder
azure_defender_for_app_service Azure Defender for App Service detect minimal T1543 Create or Modify System Process
azure_defender_for_app_service Azure Defender for App Service detect minimal T1543.003 Windows Service
azure_defender_for_app_service Azure Defender for App Service detect minimal T1555 Credentials from Password Stores
azure_defender_for_app_service Azure Defender for App Service detect minimal T1005 Data from Local System
azure_defender_for_app_service Azure Defender for App Service detect minimal T1482 Domain Trust Discovery
azure_defender_for_app_service Azure Defender for App Service detect minimal T1574 Hijack Execution Flow
azure_defender_for_app_service Azure Defender for App Service detect minimal T1574.001 DLL Search Order Hijacking
azure_defender_for_app_service Azure Defender for App Service detect minimal T1574.007 Path Interception by PATH Environment Variable
azure_defender_for_app_service Azure Defender for App Service detect minimal T1574.008 Path Interception by Search Order Hijacking
azure_defender_for_app_service Azure Defender for App Service detect minimal T1574.009 Path Interception by Unquoted Path
azure_defender_for_app_service Azure Defender for App Service detect minimal T1056 Input Capture
azure_defender_for_app_service Azure Defender for App Service detect minimal T1056.001 Keylogging
azure_defender_for_app_service Azure Defender for App Service detect minimal T1027 Obfuscated Files or Information
azure_defender_for_app_service Azure Defender for App Service detect minimal T1027.005 Indicator Removal from Tools
azure_defender_for_app_service Azure Defender for App Service detect minimal T1003 OS Credential Dumping
azure_defender_for_app_service Azure Defender for App Service detect minimal T1003.001 LSASS Memory
azure_defender_for_app_service Azure Defender for App Service detect minimal T1057 Process Discovery
azure_defender_for_app_service Azure Defender for App Service detect minimal T1012 Query Registry
azure_defender_for_app_service Azure Defender for App Service detect minimal T1053 Scheduled Task/Job
azure_defender_for_app_service Azure Defender for App Service detect minimal T1053.005 Scheduled Task
azure_defender_for_app_service Azure Defender for App Service detect minimal T1113 Screen Capture
azure_defender_for_app_service Azure Defender for App Service detect minimal T1558 Steal or Forge Kerberos Tickets
azure_defender_for_app_service Azure Defender for App Service detect minimal T1558.003 Kerberoasting
azure_defender_for_app_service Azure Defender for App Service detect minimal T1552 Unsecured Credentials
azure_defender_for_app_service Azure Defender for App Service detect minimal T1552.002 Credentials in Registry
azure_defender_for_app_service Azure Defender for App Service detect minimal T1552.006 Group Policy Preferences
azure_defender_for_app_service Azure Defender for App Service detect minimal T1047 Windows Management Instrumentation