Home
Mapping Frameworks
Azure Home
Azure Defender for Kubernetes

Azure azure_defender_for_kubernetes Mappings

Azure Defender for Kubernetes provides cluster-level threat protection by monitoring your Azure Kubernetes Service (AKS) managed services through the logs retrieved by AKS. Examples of security events that Azure Defender for Kubernetes monitors include exposed Kubernetes dashboards, creation of high privileged roles, and the creation of sensitive mounts.

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name
azure_defender_for_kubernetes	Azure Defender for Kubernetes	detect	partial	T1525	Implant Container Image
azure_defender_for_kubernetes	Azure Defender for Kubernetes	protect	partial	T1190	Exploit Public-Facing Application
azure_defender_for_kubernetes	Azure Defender for Kubernetes	detect	partial	T1068	Exploitation for Privilege Escalation
azure_defender_for_kubernetes	Azure Defender for Kubernetes	detect	partial	T1070	Indicator Removal on Host