1. Home
  2. Mapping Frameworks
  3. Azure Home
  4. Alerts for Windows Machines Capability Group

Azure Alerts for Windows Machines Capability Group

All Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
alerts_for_windows_machines Alerts for Windows Machines detect partial T1078 Valid Accounts
alerts_for_windows_machines Alerts for Windows Machines detect partial T1078.003 Local Accounts
alerts_for_windows_machines Alerts for Windows Machines detect partial T1078.001 Default Accounts
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1059 Command and Scripting Interpreter
alerts_for_windows_machines Alerts for Windows Machines detect significant T1059.001 PowerShell
alerts_for_windows_machines Alerts for Windows Machines detect significant T1059.003 Windows Command Shell
alerts_for_windows_machines Alerts for Windows Machines detect partial T1204 User Execution
alerts_for_windows_machines Alerts for Windows Machines detect partial T1204.002 Malicious File
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1547 Boot or Logon Autostart Execution
alerts_for_windows_machines Alerts for Windows Machines detect partial T1547.001 Registry Run Keys / Startup Folder
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1136 Create Account
alerts_for_windows_machines Alerts for Windows Machines detect partial T1136.001 Local Account
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1543 Create or Modify System Process
alerts_for_windows_machines Alerts for Windows Machines detect partial T1543.003 Windows Service
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1546 Event Triggered Execution
alerts_for_windows_machines Alerts for Windows Machines detect partial T1546.002 Screensaver
alerts_for_windows_machines Alerts for Windows Machines detect partial T1546.008 Accessibility Features
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1548 Abuse Elevation Control Mechanism
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1548.002 Bypass User Account Control
alerts_for_windows_machines Alerts for Windows Machines detect partial T1055 Process Injection
alerts_for_windows_machines Alerts for Windows Machines detect partial T1055.001 Dynamic-link Library Injection
alerts_for_windows_machines Alerts for Windows Machines detect partial T1055.002 Portable Executable Injection
alerts_for_windows_machines Alerts for Windows Machines detect partial T1055.003 Thread Execution Hijacking
alerts_for_windows_machines Alerts for Windows Machines detect partial T1055.005 Thread Local Storage
alerts_for_windows_machines Alerts for Windows Machines detect partial T1055.004 Asynchronous Procedure Call
alerts_for_windows_machines Alerts for Windows Machines detect partial T1055.011 Extra Window Memory Injection
alerts_for_windows_machines Alerts for Windows Machines detect partial T1055.012 Process Hollowing
alerts_for_windows_machines Alerts for Windows Machines detect partial T1055.013 Process Doppelgänging
alerts_for_windows_machines Alerts for Windows Machines detect partial T1203 Exploitation for Client Execution
alerts_for_windows_machines Alerts for Windows Machines detect partial T1212 Exploitation for Credential Access
alerts_for_windows_machines Alerts for Windows Machines detect partial T1211 Exploitation for Defense Evasion
alerts_for_windows_machines Alerts for Windows Machines detect partial T1068 Exploitation for Privilege Escalation
alerts_for_windows_machines Alerts for Windows Machines detect partial T1210 Exploitation of Remote Services
alerts_for_windows_machines Alerts for Windows Machines detect partial T1190 Exploit Public-Facing Application
alerts_for_windows_machines Alerts for Windows Machines detect partial T1189 Drive-by Compromise
alerts_for_windows_machines Alerts for Windows Machines detect partial T1140 Deobfuscate/Decode Files or Information
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1222 File and Directory Permissions Modification
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1222.001 Windows File and Directory Permissions Modification
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1564 Hide Artifacts
alerts_for_windows_machines Alerts for Windows Machines detect partial T1564.003 Hidden Window
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1562 Impair Defenses
alerts_for_windows_machines Alerts for Windows Machines detect partial T1562.004 Disable or Modify System Firewall
alerts_for_windows_machines Alerts for Windows Machines detect partial T1562.001 Disable or Modify Tools
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1070 Indicator Removal on Host
alerts_for_windows_machines Alerts for Windows Machines detect partial T1070.004 File Deletion
alerts_for_windows_machines Alerts for Windows Machines detect partial T1070.001 Clear Windows Event Logs
alerts_for_windows_machines Alerts for Windows Machines detect partial T1112 Modify Registry
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1027 Obfuscated Files or Information
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1218 Signed Binary Proxy Execution
alerts_for_windows_machines Alerts for Windows Machines detect partial T1218.005 Mshta
alerts_for_windows_machines Alerts for Windows Machines detect partial T1218.011 Rundll32
alerts_for_windows_machines Alerts for Windows Machines detect partial T1110 Brute Force
alerts_for_windows_machines Alerts for Windows Machines detect significant T1110.003 Password Spraying
alerts_for_windows_machines Alerts for Windows Machines detect significant T1110.001 Password Guessing
alerts_for_windows_machines Alerts for Windows Machines detect significant T1110.004 Credential Stuffing
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1003 OS Credential Dumping
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1003.004 LSA Secrets
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1558 Steal or Forge Kerberos Tickets
alerts_for_windows_machines Alerts for Windows Machines detect partial T1558.001 Golden Ticket
alerts_for_windows_machines Alerts for Windows Machines detect partial T1087 Account Discovery
alerts_for_windows_machines Alerts for Windows Machines detect partial T1087.001 Local Account
alerts_for_windows_machines Alerts for Windows Machines detect partial T1087.002 Domain Account
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1082 System Information Discovery
alerts_for_windows_machines Alerts for Windows Machines detect partial T1563 Remote Service Session Hijacking
alerts_for_windows_machines Alerts for Windows Machines detect partial T1563.002 RDP Hijacking
alerts_for_windows_machines Alerts for Windows Machines detect partial T1105 Ingress Tool Transfer
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1048 Exfiltration Over Alternative Protocol
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1489 Service Stop
alerts_for_windows_machines Alerts for Windows Machines detect minimal T1202 Indirect Command Execution

Capabilities

Capability ID Capability Name Number of Mappings
alerts_for_windows_machines Alerts for Windows Machines 70