azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1199 |
Trusted Relationship |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1602 |
Data from Configuration Repository |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1602.001 |
SNMP (MIB Dump) |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1602.002 |
Network Device Configuration Dump |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
minimal |
T1542 |
Pre-OS Boot |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1542.005 |
TFTP Boot |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1563 |
Remote Service Session Hijacking |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1563.002 |
RDP Hijacking |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1563.001 |
SSH Hijacking |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1048 |
Exfiltration Over Alternative Protocol |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1048.003 |
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1190 |
Exploit Public-Facing Application |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1021 |
Remote Services |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1021.006 |
Windows Remote Management |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1021.005 |
VNC |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1021.004 |
SSH |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1021.002 |
SMB/Windows Admin Shares |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1021.001 |
Remote Desktop Protocol |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1021.003 |
Distributed Component Object Model |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1072 |
Software Deployment Tools |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1133 |
External Remote Services |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
significant |
T1046 |
Network Service Scanning |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
significant |
T1571 |
Non-Standard Port |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1071 |
Application Layer Protocol |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1071.004 |
DNS |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1071.003 |
Mail Protocols |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1071.002 |
File Transfer Protocols |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1499 |
Endpoint Denial of Service |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1499.003 |
Application Exhaustion Flood |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1499.002 |
Service Exhaustion Flood |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1499.001 |
OS Exhaustion Flood |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1090 |
Proxy |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1090.003 |
Multi-hop Proxy |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1090.002 |
External Proxy |
azure_network_traffic_analytics |
Azure Network Traffic Analytics |
detect |
partial |
T1090.001 |
Internal Proxy |