ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CVE
Google Cloud Platform (GCP)
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 8.2 Enterprise and Azure 06.29.2021.
Change versions here.
Home
Mapping Frameworks
Azure Home
Azure Sentinel
Azure
azure_sentinel
Mappings
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.
Mappings
ATT&CK Version
8.2
ATT&CK Domain
Enterprise
Azure
06.29.2021
Change Versions
Capability ID
Capability Description
Category
Value
ATT&CK ID
ATT&CK Name
azure_sentinel
Azure Sentinel
detect
partial
T1078
Valid Accounts
azure_sentinel
Azure Sentinel
detect
minimal
T1078.001
Default Accounts
azure_sentinel
Azure Sentinel
detect
partial
T1078.002
Domain Accounts
azure_sentinel
Azure Sentinel
detect
partial
T1078.003
Local Accounts
azure_sentinel
Azure Sentinel
detect
partial
T1078.004
Cloud Accounts
azure_sentinel
Azure Sentinel
detect
minimal
T1195
Supply Chain Compromise
azure_sentinel
Azure Sentinel
detect
partial
T1195.001
Compromise Software Dependencies and Development Tools
azure_sentinel
Azure Sentinel
detect
partial
T1110
Brute Force
azure_sentinel
Azure Sentinel
detect
partial
T1110.001
Password Guessing
azure_sentinel
Azure Sentinel
detect
partial
T1110.003
Password Spraying
azure_sentinel
Azure Sentinel
detect
partial
T1110.004
Credential Stuffing
azure_sentinel
Azure Sentinel
detect
minimal
T1098
Account Manipulation
azure_sentinel
Azure Sentinel
detect
minimal
T1098.001
Additional Cloud Credentials
azure_sentinel
Azure Sentinel
detect
minimal
T1071
Application Layer Protocol
azure_sentinel
Azure Sentinel
detect
minimal
T1071.001
Web Protocols
azure_sentinel
Azure Sentinel
detect
partial
T1071.004
DNS
azure_sentinel
Azure Sentinel
detect
minimal
T1567
Exfiltration Over Web Service
azure_sentinel
Azure Sentinel
detect
minimal
T1567.002
Exfiltration to Cloud Storage
azure_sentinel
Azure Sentinel
detect
minimal
T1567.001
Exfiltration to Code Repository
azure_sentinel
Azure Sentinel
detect
minimal
T1595
Active Scanning
azure_sentinel
Azure Sentinel
detect
partial
T1595.002
Vulnerability Scanning
azure_sentinel
Azure Sentinel
detect
partial
T1105
Ingress Tool Transfer
azure_sentinel
Azure Sentinel
detect
minimal
T1048
Exfiltration Over Alternative Protocol
azure_sentinel
Azure Sentinel
detect
minimal
T1048.003
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
azure_sentinel
Azure Sentinel
detect
partial
T1496
Resource Hijacking
azure_sentinel
Azure Sentinel
detect
minimal
T1070
Indicator Removal on Host
azure_sentinel
Azure Sentinel
detect
minimal
T1070.001
Clear Windows Event Logs
azure_sentinel
Azure Sentinel
detect
minimal
T1070.006
Timestomp
azure_sentinel
Azure Sentinel
detect
minimal
T1059
Command and Scripting Interpreter
azure_sentinel
Azure Sentinel
detect
minimal
T1059.001
PowerShell
azure_sentinel
Azure Sentinel
detect
minimal
T1059.003
Windows Command Shell
azure_sentinel
Azure Sentinel
detect
minimal
T1059.004
Unix Shell
azure_sentinel
Azure Sentinel
detect
minimal
T1059.007
JavaScript/JScript
azure_sentinel
Azure Sentinel
detect
minimal
T1059.005
Visual Basic
azure_sentinel
Azure Sentinel
detect
minimal
T1059.006
Python
azure_sentinel
Azure Sentinel
detect
minimal
T1213
Data from Information Repositories
azure_sentinel
Azure Sentinel
detect
partial
T1213.002
Sharepoint
azure_sentinel
Azure Sentinel
detect
minimal
T1531
Account Access Removal
azure_sentinel
Azure Sentinel
detect
minimal
T1018
Remote System Discovery
azure_sentinel
Azure Sentinel
detect
partial
T1136
Create Account
azure_sentinel
Azure Sentinel
detect
partial
T1136.001
Local Account
azure_sentinel
Azure Sentinel
detect
partial
T1136.002
Domain Account
azure_sentinel
Azure Sentinel
detect
partial
T1136.003
Cloud Account
azure_sentinel
Azure Sentinel
detect
minimal
T1114
Email Collection
azure_sentinel
Azure Sentinel
detect
minimal
T1114.001
Local Email Collection
azure_sentinel
Azure Sentinel
detect
minimal
T1114.002
Remote Email Collection
azure_sentinel
Azure Sentinel
detect
minimal
T1114.003
Email Forwarding Rule
azure_sentinel
Azure Sentinel
detect
minimal
T1505
Server Software Component
azure_sentinel
Azure Sentinel
detect
partial
T1505.003
Web Shell
azure_sentinel
Azure Sentinel
detect
minimal
T1573
Encrypted Channel
azure_sentinel
Azure Sentinel
detect
minimal
T1573.002
Asymmetric Cryptography
azure_sentinel
Azure Sentinel
detect
minimal
T1090
Proxy
azure_sentinel
Azure Sentinel
detect
minimal
T1090.003
Multi-hop Proxy
azure_sentinel
Azure Sentinel
detect
minimal
T1562
Impair Defenses
azure_sentinel
Azure Sentinel
detect
minimal
T1562.001
Disable or Modify Tools
azure_sentinel
Azure Sentinel
detect
minimal
T1562.002
Disable Windows Event Logging
azure_sentinel
Azure Sentinel
detect
minimal
T1562.006
Indicator Blocking
azure_sentinel
Azure Sentinel
detect
partial
T1562.007
Disable or Modify Cloud Firewall
azure_sentinel
Azure Sentinel
detect
minimal
T1562.008
Disable Cloud Logs
azure_sentinel
Azure Sentinel
detect
minimal
T1119
Automated Collection
azure_sentinel
Azure Sentinel
detect
minimal
T1485
Data Destruction
azure_sentinel
Azure Sentinel
detect
minimal
T1568
Dynamic Resolution
azure_sentinel
Azure Sentinel
detect
partial
T1568.002
Domain Generation Algorithms
azure_sentinel
Azure Sentinel
detect
minimal
T1190
Exploit Public-Facing Application
azure_sentinel
Azure Sentinel
detect
minimal
T1137
Office Application Startup
azure_sentinel
Azure Sentinel
detect
partial
T1137.005
Outlook Rules
azure_sentinel
Azure Sentinel
detect
minimal
T1137.006
Add-ins
azure_sentinel
Azure Sentinel
detect
minimal
T1140
Deobfuscate/Decode Files or Information
azure_sentinel
Azure Sentinel
detect
minimal
T1558
Steal or Forge Kerberos Tickets
azure_sentinel
Azure Sentinel
detect
partial
T1558.003
Kerberoasting
azure_sentinel
Azure Sentinel
detect
minimal
T1558.001
Golden Ticket
azure_sentinel
Azure Sentinel
detect
minimal
T1558.002
Silver Ticket
azure_sentinel
Azure Sentinel
detect
minimal
T1047
Windows Management Instrumentation
azure_sentinel
Azure Sentinel
detect
partial
T1046
Network Service Scanning
azure_sentinel
Azure Sentinel
detect
minimal
T1021
Remote Services
azure_sentinel
Azure Sentinel
detect
partial
T1021.001
Remote Desktop Protocol
azure_sentinel
Azure Sentinel
detect
minimal
T1021.002
SMB/Windows Admin Shares
azure_sentinel
Azure Sentinel
detect
minimal
T1021.003
Distributed Component Object Model
azure_sentinel
Azure Sentinel
detect
minimal
T1021.004
SSH
azure_sentinel
Azure Sentinel
protect
minimal
T1552
Unsecured Credentials
azure_sentinel
Azure Sentinel
detect
minimal
T1552
Unsecured Credentials
azure_sentinel
Azure Sentinel
protect
minimal
T1552.001
Credentials In Files
azure_sentinel
Azure Sentinel
detect
minimal
T1552.001
Credentials In Files
azure_sentinel
Azure Sentinel
detect
minimal
T1552.004
Private Keys
azure_sentinel
Azure Sentinel
detect
minimal
T1590
Gather Victim Network Information
azure_sentinel
Azure Sentinel
detect
minimal
T1590.002
DNS
azure_sentinel
Azure Sentinel
detect
minimal
T1548
Abuse Elevation Control Mechanism
azure_sentinel
Azure Sentinel
detect
minimal
T1548.002
Bypass User Account Control
azure_sentinel
Azure Sentinel
detect
minimal
T1134
Access Token Manipulation
azure_sentinel
Azure Sentinel
detect
minimal
T1134.002
Create Process with Token
azure_sentinel
Azure Sentinel
detect
minimal
T1134.005
SID-History Injection
azure_sentinel
Azure Sentinel
detect
minimal
T1087
Account Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1087.002
Domain Account
azure_sentinel
Azure Sentinel
detect
minimal
T1087.001
Local Account
azure_sentinel
Azure Sentinel
detect
minimal
T1087.003
Email Account
azure_sentinel
Azure Sentinel
detect
minimal
T1560
Archive Collected Data
azure_sentinel
Azure Sentinel
detect
minimal
T1547
Boot or Logon Autostart Execution
azure_sentinel
Azure Sentinel
detect
minimal
T1547.005
Security Support Provider
azure_sentinel
Azure Sentinel
detect
minimal
T1547.009
Shortcut Modification
azure_sentinel
Azure Sentinel
detect
minimal
T1547.001
Registry Run Keys / Startup Folder
azure_sentinel
Azure Sentinel
detect
minimal
T1217
Browser Bookmark Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1115
Clipboard Data
azure_sentinel
Azure Sentinel
detect
minimal
T1543
Create or Modify System Process
azure_sentinel
Azure Sentinel
detect
minimal
T1543.003
Windows Service
azure_sentinel
Azure Sentinel
detect
minimal
T1555
Credentials from Password Stores
azure_sentinel
Azure Sentinel
detect
minimal
T1555.003
Credentials from Web Browsers
azure_sentinel
Azure Sentinel
detect
partial
T1484
Domain Policy Modification
azure_sentinel
Azure Sentinel
detect
minimal
T1484.001
Group Policy Modification
azure_sentinel
Azure Sentinel
detect
partial
T1484.002
Domain Trust Modification
azure_sentinel
Azure Sentinel
detect
minimal
T1482
Domain Trust Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1546
Event Triggered Execution
azure_sentinel
Azure Sentinel
detect
minimal
T1546.008
Accessibility Features
azure_sentinel
Azure Sentinel
detect
minimal
T1041
Exfiltration Over C2 Channel
azure_sentinel
Azure Sentinel
detect
minimal
T1068
Exploitation for Privilege Escalation
azure_sentinel
Azure Sentinel
detect
minimal
T1210
Exploitation of Remote Services
azure_sentinel
Azure Sentinel
detect
minimal
T1083
File and Directory Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1574
Hijack Execution Flow
azure_sentinel
Azure Sentinel
detect
minimal
T1574.001
DLL Search Order Hijacking
azure_sentinel
Azure Sentinel
detect
minimal
T1574.007
Path Interception by PATH Environment Variable
azure_sentinel
Azure Sentinel
detect
minimal
T1574.008
Path Interception by Search Order Hijacking
azure_sentinel
Azure Sentinel
detect
minimal
T1574.009
Path Interception by Unquoted Path
azure_sentinel
Azure Sentinel
detect
minimal
T1056
Input Capture
azure_sentinel
Azure Sentinel
detect
minimal
T1056.001
Keylogging
azure_sentinel
Azure Sentinel
detect
minimal
T1056.004
Credential API Hooking
azure_sentinel
Azure Sentinel
detect
minimal
T1557
Man-in-the-Middle
azure_sentinel
Azure Sentinel
detect
minimal
T1557.001
LLMNR/NBT-NS Poisoning and SMB Relay
azure_sentinel
Azure Sentinel
detect
minimal
T1106
Native API
azure_sentinel
Azure Sentinel
detect
minimal
T1135
Network Share Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1040
Network Sniffing
azure_sentinel
Azure Sentinel
detect
minimal
T1027
Obfuscated Files or Information
azure_sentinel
Azure Sentinel
detect
minimal
T1003
OS Credential Dumping
azure_sentinel
Azure Sentinel
detect
minimal
T1003.001
LSASS Memory
azure_sentinel
Azure Sentinel
detect
minimal
T1057
Process Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1055
Process Injection
azure_sentinel
Azure Sentinel
detect
minimal
T1053
Scheduled Task/Job
azure_sentinel
Azure Sentinel
detect
partial
T1053.003
Cron
azure_sentinel
Azure Sentinel
detect
minimal
T1053.005
Scheduled Task
azure_sentinel
Azure Sentinel
detect
minimal
T1113
Screen Capture
azure_sentinel
Azure Sentinel
detect
minimal
T1518
Software Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1518.001
Security Software Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1082
System Information Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1016
System Network Configuration Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1049
System Network Connections Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1569
System Services
azure_sentinel
Azure Sentinel
detect
minimal
T1569.002
Service Execution
azure_sentinel
Azure Sentinel
detect
minimal
T1127
Trusted Developer Utilities Proxy Execution
azure_sentinel
Azure Sentinel
detect
minimal
T1127.001
MSBuild
azure_sentinel
Azure Sentinel
detect
minimal
T1550
Use Alternate Authentication Material
azure_sentinel
Azure Sentinel
detect
minimal
T1550.001
Application Access Token
azure_sentinel
Azure Sentinel
detect
minimal
T1550.002
Pass the Hash
azure_sentinel
Azure Sentinel
detect
minimal
T1125
Video Capture
azure_sentinel
Azure Sentinel
detect
minimal
T1102
Web Service
azure_sentinel
Azure Sentinel
detect
minimal
T1102.002
Bidirectional Communication
azure_sentinel
Azure Sentinel
detect
minimal
T1556
Modify Authentication Process
azure_sentinel
Azure Sentinel
detect
minimal
T1080
Taint Shared Content
azure_sentinel
Azure Sentinel
detect
minimal
T1074
Data Staged
azure_sentinel
Azure Sentinel
detect
minimal
T1074.001
Local Data Staging
azure_sentinel
Azure Sentinel
detect
minimal
T1490
Inhibit System Recovery
azure_sentinel
Azure Sentinel
detect
minimal
T1486
Data Encrypted for Impact
azure_sentinel
Azure Sentinel
detect
minimal
T1535
Unused/Unsupported Cloud Regions
azure_sentinel
Azure Sentinel
detect
minimal
T1530
Data from Cloud Storage Object
azure_sentinel
Azure Sentinel
detect
minimal
T1036
Masquerading
azure_sentinel
Azure Sentinel
detect
minimal
T1036.004
Masquerade Task or Service
azure_sentinel
Azure Sentinel
detect
partial
T1036.005
Match Legitimate Name or Location
azure_sentinel
Azure Sentinel
detect
minimal
T1578
Modify Cloud Compute Infrastructure
azure_sentinel
Azure Sentinel
detect
minimal
T1580
Cloud Infrastructure Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1528
Steal Application Access Token
azure_sentinel
Azure Sentinel
detect
minimal
T1069
Permission Groups Discovery
azure_sentinel
Azure Sentinel
detect
minimal
T1069.002
Domain Groups
azure_sentinel
Azure Sentinel
detect
minimal
T1069.001
Local Groups
