1. Home
  2. Mapping Frameworks
  3. Azure Home
  4. Azure Defender for App Service Capability Group

Azure Azure Defender for App Service Capability Group

All Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
azure_defender_for_app_service Azure Defender for App Service protect minimal T1584 Compromise Infrastructure
azure_defender_for_app_service Azure Defender for App Service protect significant T1584.001 Domains
azure_defender_for_app_service Azure Defender for App Service detect partial T1496 Resource Hijacking
azure_defender_for_app_service Azure Defender for App Service detect minimal T1204 User Execution
azure_defender_for_app_service Azure Defender for App Service detect minimal T1204.001 Malicious Link
azure_defender_for_app_service Azure Defender for App Service detect partial T1140 Deobfuscate/Decode Files or Information
azure_defender_for_app_service Azure Defender for App Service protect minimal T1566 Phishing
azure_defender_for_app_service Azure Defender for App Service protect minimal T1566.002 Spearphishing Link
azure_defender_for_app_service Azure Defender for App Service detect minimal T1059 Command and Scripting Interpreter
azure_defender_for_app_service Azure Defender for App Service detect minimal T1059.004 Unix Shell
azure_defender_for_app_service Azure Defender for App Service detect minimal T1059.001 PowerShell
azure_defender_for_app_service Azure Defender for App Service detect partial T1105 Ingress Tool Transfer
azure_defender_for_app_service Azure Defender for App Service detect minimal T1595 Active Scanning
azure_defender_for_app_service Azure Defender for App Service detect partial T1595.002 Vulnerability Scanning
azure_defender_for_app_service Azure Defender for App Service detect partial T1594 Search Victim-Owned Websites
azure_defender_for_app_service Azure Defender for App Service detect partial T1055 Process Injection
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.001 Dynamic-link Library Injection
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.002 Portable Executable Injection
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.003 Thread Execution Hijacking
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.004 Asynchronous Procedure Call
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.005 Thread Local Storage
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.011 Extra Window Memory Injection
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.012 Process Hollowing
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.013 Process Doppelgänging
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.008 Ptrace System Calls
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.009 Proc Memory
azure_defender_for_app_service Azure Defender for App Service detect partial T1055.014 VDSO Hijacking
azure_defender_for_app_service Azure Defender for App Service detect partial T1203 Exploitation for Client Execution
azure_defender_for_app_service Azure Defender for App Service detect partial T1211 Exploitation for Defense Evasion
azure_defender_for_app_service Azure Defender for App Service detect partial T1068 Exploitation for Privilege Escalation
azure_defender_for_app_service Azure Defender for App Service detect partial T1212 Exploitation for Credential Access
azure_defender_for_app_service Azure Defender for App Service detect partial T1189 Drive-by Compromise
azure_defender_for_app_service Azure Defender for App Service detect partial T1190 Exploit Public-Facing Application
azure_defender_for_app_service Azure Defender for App Service detect partial T1210 Exploitation of Remote Services
azure_defender_for_app_service Azure Defender for App Service detect partial T1559 Inter-Process Communication
azure_defender_for_app_service Azure Defender for App Service detect partial T1559.001 Component Object Model
azure_defender_for_app_service Azure Defender for App Service detect partial T1559.002 Dynamic Data Exchange
azure_defender_for_app_service Azure Defender for App Service detect minimal T1036 Masquerading
azure_defender_for_app_service Azure Defender for App Service detect partial T1036.005 Match Legitimate Name or Location
azure_defender_for_app_service Azure Defender for App Service detect minimal T1134 Access Token Manipulation
azure_defender_for_app_service Azure Defender for App Service detect minimal T1087 Account Discovery
azure_defender_for_app_service Azure Defender for App Service detect minimal T1087.001 Local Account
azure_defender_for_app_service Azure Defender for App Service detect minimal T1123 Audio Capture
azure_defender_for_app_service Azure Defender for App Service detect minimal T1547 Boot or Logon Autostart Execution
azure_defender_for_app_service Azure Defender for App Service detect minimal T1547.005 Security Support Provider
azure_defender_for_app_service Azure Defender for App Service detect minimal T1547.001 Registry Run Keys / Startup Folder
azure_defender_for_app_service Azure Defender for App Service detect minimal T1543 Create or Modify System Process
azure_defender_for_app_service Azure Defender for App Service detect minimal T1543.003 Windows Service
azure_defender_for_app_service Azure Defender for App Service detect minimal T1555 Credentials from Password Stores
azure_defender_for_app_service Azure Defender for App Service detect minimal T1005 Data from Local System
azure_defender_for_app_service Azure Defender for App Service detect minimal T1482 Domain Trust Discovery
azure_defender_for_app_service Azure Defender for App Service detect minimal T1574 Hijack Execution Flow
azure_defender_for_app_service Azure Defender for App Service detect minimal T1574.001 DLL Search Order Hijacking
azure_defender_for_app_service Azure Defender for App Service detect minimal T1574.007 Path Interception by PATH Environment Variable
azure_defender_for_app_service Azure Defender for App Service detect minimal T1574.008 Path Interception by Search Order Hijacking
azure_defender_for_app_service Azure Defender for App Service detect minimal T1574.009 Path Interception by Unquoted Path
azure_defender_for_app_service Azure Defender for App Service detect minimal T1056 Input Capture
azure_defender_for_app_service Azure Defender for App Service detect minimal T1056.001 Keylogging
azure_defender_for_app_service Azure Defender for App Service detect minimal T1027 Obfuscated Files or Information
azure_defender_for_app_service Azure Defender for App Service detect minimal T1027.005 Indicator Removal from Tools
azure_defender_for_app_service Azure Defender for App Service detect minimal T1003 OS Credential Dumping
azure_defender_for_app_service Azure Defender for App Service detect minimal T1003.001 LSASS Memory
azure_defender_for_app_service Azure Defender for App Service detect minimal T1057 Process Discovery
azure_defender_for_app_service Azure Defender for App Service detect minimal T1012 Query Registry
azure_defender_for_app_service Azure Defender for App Service detect minimal T1053 Scheduled Task/Job
azure_defender_for_app_service Azure Defender for App Service detect minimal T1053.005 Scheduled Task
azure_defender_for_app_service Azure Defender for App Service detect minimal T1113 Screen Capture
azure_defender_for_app_service Azure Defender for App Service detect minimal T1558 Steal or Forge Kerberos Tickets
azure_defender_for_app_service Azure Defender for App Service detect minimal T1558.003 Kerberoasting
azure_defender_for_app_service Azure Defender for App Service detect minimal T1552 Unsecured Credentials
azure_defender_for_app_service Azure Defender for App Service detect minimal T1552.002 Credentials in Registry
azure_defender_for_app_service Azure Defender for App Service detect minimal T1552.006 Group Policy Preferences
azure_defender_for_app_service Azure Defender for App Service detect minimal T1047 Windows Management Instrumentation

Capabilities

Capability ID Capability Name Number of Mappings
azure_defender_for_app_service Azure Defender for App Service 73