1. Home
  2. Mapping Frameworks
  3. Azure Home
  4. Azure Defender for Storage

Azure azure_defender_for_storage Mappings

Azure Defender for Storage can detect unusual and potentially harmful attempts to access or exploit storage accounts. Security alerts may trigger due to suspicious access patterns, suspicious activities, and upload of malicious content. Alerts include details of the incident that triggered them, as well as recommendations on how to investigate and remediate threats. Alerts can be exported to Azure Sentinel or any other third-party SIEM or any other external tool.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
azure_defender_for_storage Azure Defender for Storage detect significant T1530 Data from Cloud Storage Object
azure_defender_for_storage Azure Defender for Storage detect minimal T1078 Valid Accounts
azure_defender_for_storage Azure Defender for Storage detect significant T1078.004 Cloud Accounts
azure_defender_for_storage Azure Defender for Storage detect partial T1105 Ingress Tool Transfer
azure_defender_for_storage Azure Defender for Storage respond partial T1105 Ingress Tool Transfer
azure_defender_for_storage Azure Defender for Storage detect partial T1080 Taint Shared Content
azure_defender_for_storage Azure Defender for Storage respond partial T1080 Taint Shared Content
azure_defender_for_storage Azure Defender for Storage detect partial T1537 Transfer Data to Cloud Account
azure_defender_for_storage Azure Defender for Storage detect minimal T1485 Data Destruction