Azure Azure Sentinel Capability Group

All Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
azure_sentinel Azure Sentinel detect partial T1078 Valid Accounts
azure_sentinel Azure Sentinel detect minimal T1078.001 Default Accounts
azure_sentinel Azure Sentinel detect partial T1078.002 Domain Accounts
azure_sentinel Azure Sentinel detect partial T1078.003 Local Accounts
azure_sentinel Azure Sentinel detect partial T1078.004 Cloud Accounts
azure_sentinel Azure Sentinel detect minimal T1195 Supply Chain Compromise
azure_sentinel Azure Sentinel detect partial T1195.001 Compromise Software Dependencies and Development Tools
azure_sentinel Azure Sentinel detect partial T1110 Brute Force
azure_sentinel Azure Sentinel detect partial T1110.001 Password Guessing
azure_sentinel Azure Sentinel detect partial T1110.003 Password Spraying
azure_sentinel Azure Sentinel detect partial T1110.004 Credential Stuffing
azure_sentinel Azure Sentinel detect minimal T1098 Account Manipulation
azure_sentinel Azure Sentinel detect minimal T1098.001 Additional Cloud Credentials
azure_sentinel Azure Sentinel detect minimal T1071 Application Layer Protocol
azure_sentinel Azure Sentinel detect minimal T1071.001 Web Protocols
azure_sentinel Azure Sentinel detect partial T1071.004 DNS
azure_sentinel Azure Sentinel detect minimal T1567 Exfiltration Over Web Service
azure_sentinel Azure Sentinel detect minimal T1567.002 Exfiltration to Cloud Storage
azure_sentinel Azure Sentinel detect minimal T1567.001 Exfiltration to Code Repository
azure_sentinel Azure Sentinel detect minimal T1595 Active Scanning
azure_sentinel Azure Sentinel detect partial T1595.002 Vulnerability Scanning
azure_sentinel Azure Sentinel detect partial T1105 Ingress Tool Transfer
azure_sentinel Azure Sentinel detect minimal T1048 Exfiltration Over Alternative Protocol
azure_sentinel Azure Sentinel detect minimal T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
azure_sentinel Azure Sentinel detect partial T1496 Resource Hijacking
azure_sentinel Azure Sentinel detect minimal T1070 Indicator Removal on Host
azure_sentinel Azure Sentinel detect minimal T1070.001 Clear Windows Event Logs
azure_sentinel Azure Sentinel detect minimal T1070.006 Timestomp
azure_sentinel Azure Sentinel detect minimal T1059 Command and Scripting Interpreter
azure_sentinel Azure Sentinel detect minimal T1059.001 PowerShell
azure_sentinel Azure Sentinel detect minimal T1059.003 Windows Command Shell
azure_sentinel Azure Sentinel detect minimal T1059.004 Unix Shell
azure_sentinel Azure Sentinel detect minimal T1059.007 JavaScript/JScript
azure_sentinel Azure Sentinel detect minimal T1059.005 Visual Basic
azure_sentinel Azure Sentinel detect minimal T1059.006 Python
azure_sentinel Azure Sentinel detect minimal T1213 Data from Information Repositories
azure_sentinel Azure Sentinel detect partial T1213.002 Sharepoint
azure_sentinel Azure Sentinel detect minimal T1531 Account Access Removal
azure_sentinel Azure Sentinel detect minimal T1018 Remote System Discovery
azure_sentinel Azure Sentinel detect partial T1136 Create Account
azure_sentinel Azure Sentinel detect partial T1136.001 Local Account
azure_sentinel Azure Sentinel detect partial T1136.002 Domain Account
azure_sentinel Azure Sentinel detect partial T1136.003 Cloud Account
azure_sentinel Azure Sentinel detect minimal T1114 Email Collection
azure_sentinel Azure Sentinel detect minimal T1114.001 Local Email Collection
azure_sentinel Azure Sentinel detect minimal T1114.002 Remote Email Collection
azure_sentinel Azure Sentinel detect minimal T1114.003 Email Forwarding Rule
azure_sentinel Azure Sentinel detect minimal T1505 Server Software Component
azure_sentinel Azure Sentinel detect partial T1505.003 Web Shell
azure_sentinel Azure Sentinel detect minimal T1573 Encrypted Channel
azure_sentinel Azure Sentinel detect minimal T1573.002 Asymmetric Cryptography
azure_sentinel Azure Sentinel detect minimal T1090 Proxy
azure_sentinel Azure Sentinel detect minimal T1090.003 Multi-hop Proxy
azure_sentinel Azure Sentinel detect minimal T1562 Impair Defenses
azure_sentinel Azure Sentinel detect minimal T1562.001 Disable or Modify Tools
azure_sentinel Azure Sentinel detect minimal T1562.002 Disable Windows Event Logging
azure_sentinel Azure Sentinel detect minimal T1562.006 Indicator Blocking
azure_sentinel Azure Sentinel detect partial T1562.007 Disable or Modify Cloud Firewall
azure_sentinel Azure Sentinel detect minimal T1562.008 Disable Cloud Logs
azure_sentinel Azure Sentinel detect minimal T1119 Automated Collection
azure_sentinel Azure Sentinel detect minimal T1485 Data Destruction
azure_sentinel Azure Sentinel detect minimal T1568 Dynamic Resolution
azure_sentinel Azure Sentinel detect partial T1568.002 Domain Generation Algorithms
azure_sentinel Azure Sentinel detect minimal T1190 Exploit Public-Facing Application
azure_sentinel Azure Sentinel detect minimal T1137 Office Application Startup
azure_sentinel Azure Sentinel detect partial T1137.005 Outlook Rules
azure_sentinel Azure Sentinel detect minimal T1137.006 Add-ins
azure_sentinel Azure Sentinel detect minimal T1140 Deobfuscate/Decode Files or Information
azure_sentinel Azure Sentinel detect minimal T1558 Steal or Forge Kerberos Tickets
azure_sentinel Azure Sentinel detect partial T1558.003 Kerberoasting
azure_sentinel Azure Sentinel detect minimal T1558.001 Golden Ticket
azure_sentinel Azure Sentinel detect minimal T1558.002 Silver Ticket
azure_sentinel Azure Sentinel detect minimal T1047 Windows Management Instrumentation
azure_sentinel Azure Sentinel detect partial T1046 Network Service Scanning
azure_sentinel Azure Sentinel detect minimal T1021 Remote Services
azure_sentinel Azure Sentinel detect partial T1021.001 Remote Desktop Protocol
azure_sentinel Azure Sentinel detect minimal T1021.002 SMB/Windows Admin Shares
azure_sentinel Azure Sentinel detect minimal T1021.003 Distributed Component Object Model
azure_sentinel Azure Sentinel detect minimal T1021.004 SSH
azure_sentinel Azure Sentinel protect minimal T1552 Unsecured Credentials
azure_sentinel Azure Sentinel detect minimal T1552 Unsecured Credentials
azure_sentinel Azure Sentinel protect minimal T1552.001 Credentials In Files
azure_sentinel Azure Sentinel detect minimal T1552.001 Credentials In Files
azure_sentinel Azure Sentinel detect minimal T1552.004 Private Keys
azure_sentinel Azure Sentinel detect minimal T1590 Gather Victim Network Information
azure_sentinel Azure Sentinel detect minimal T1590.002 DNS
azure_sentinel Azure Sentinel detect minimal T1548 Abuse Elevation Control Mechanism
azure_sentinel Azure Sentinel detect minimal T1548.002 Bypass User Account Control
azure_sentinel Azure Sentinel detect minimal T1134 Access Token Manipulation
azure_sentinel Azure Sentinel detect minimal T1134.002 Create Process with Token
azure_sentinel Azure Sentinel detect minimal T1134.005 SID-History Injection
azure_sentinel Azure Sentinel detect minimal T1087 Account Discovery
azure_sentinel Azure Sentinel detect minimal T1087.002 Domain Account
azure_sentinel Azure Sentinel detect minimal T1087.001 Local Account
azure_sentinel Azure Sentinel detect minimal T1087.003 Email Account
azure_sentinel Azure Sentinel detect minimal T1560 Archive Collected Data
azure_sentinel Azure Sentinel detect minimal T1547 Boot or Logon Autostart Execution
azure_sentinel Azure Sentinel detect minimal T1547.005 Security Support Provider
azure_sentinel Azure Sentinel detect minimal T1547.009 Shortcut Modification
azure_sentinel Azure Sentinel detect minimal T1547.001 Registry Run Keys / Startup Folder
azure_sentinel Azure Sentinel detect minimal T1217 Browser Bookmark Discovery
azure_sentinel Azure Sentinel detect minimal T1115 Clipboard Data
azure_sentinel Azure Sentinel detect minimal T1543 Create or Modify System Process
azure_sentinel Azure Sentinel detect minimal T1543.003 Windows Service
azure_sentinel Azure Sentinel detect minimal T1555 Credentials from Password Stores
azure_sentinel Azure Sentinel detect minimal T1555.003 Credentials from Web Browsers
azure_sentinel Azure Sentinel detect partial T1484 Domain Policy Modification
azure_sentinel Azure Sentinel detect minimal T1484.001 Group Policy Modification
azure_sentinel Azure Sentinel detect partial T1484.002 Domain Trust Modification
azure_sentinel Azure Sentinel detect minimal T1482 Domain Trust Discovery
azure_sentinel Azure Sentinel detect minimal T1546 Event Triggered Execution
azure_sentinel Azure Sentinel detect minimal T1546.008 Accessibility Features
azure_sentinel Azure Sentinel detect minimal T1041 Exfiltration Over C2 Channel
azure_sentinel Azure Sentinel detect minimal T1068 Exploitation for Privilege Escalation
azure_sentinel Azure Sentinel detect minimal T1210 Exploitation of Remote Services
azure_sentinel Azure Sentinel detect minimal T1083 File and Directory Discovery
azure_sentinel Azure Sentinel detect minimal T1574 Hijack Execution Flow
azure_sentinel Azure Sentinel detect minimal T1574.001 DLL Search Order Hijacking
azure_sentinel Azure Sentinel detect minimal T1574.007 Path Interception by PATH Environment Variable
azure_sentinel Azure Sentinel detect minimal T1574.008 Path Interception by Search Order Hijacking
azure_sentinel Azure Sentinel detect minimal T1574.009 Path Interception by Unquoted Path
azure_sentinel Azure Sentinel detect minimal T1056 Input Capture
azure_sentinel Azure Sentinel detect minimal T1056.001 Keylogging
azure_sentinel Azure Sentinel detect minimal T1056.004 Credential API Hooking
azure_sentinel Azure Sentinel detect minimal T1557 Man-in-the-Middle
azure_sentinel Azure Sentinel detect minimal T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
azure_sentinel Azure Sentinel detect minimal T1106 Native API
azure_sentinel Azure Sentinel detect minimal T1135 Network Share Discovery
azure_sentinel Azure Sentinel detect minimal T1040 Network Sniffing
azure_sentinel Azure Sentinel detect minimal T1027 Obfuscated Files or Information
azure_sentinel Azure Sentinel detect minimal T1003 OS Credential Dumping
azure_sentinel Azure Sentinel detect minimal T1003.001 LSASS Memory
azure_sentinel Azure Sentinel detect minimal T1057 Process Discovery
azure_sentinel Azure Sentinel detect minimal T1055 Process Injection
azure_sentinel Azure Sentinel detect minimal T1053 Scheduled Task/Job
azure_sentinel Azure Sentinel detect partial T1053.003 Cron
azure_sentinel Azure Sentinel detect minimal T1053.005 Scheduled Task
azure_sentinel Azure Sentinel detect minimal T1113 Screen Capture
azure_sentinel Azure Sentinel detect minimal T1518 Software Discovery
azure_sentinel Azure Sentinel detect minimal T1518.001 Security Software Discovery
azure_sentinel Azure Sentinel detect minimal T1082 System Information Discovery
azure_sentinel Azure Sentinel detect minimal T1016 System Network Configuration Discovery
azure_sentinel Azure Sentinel detect minimal T1049 System Network Connections Discovery
azure_sentinel Azure Sentinel detect minimal T1569 System Services
azure_sentinel Azure Sentinel detect minimal T1569.002 Service Execution
azure_sentinel Azure Sentinel detect minimal T1127 Trusted Developer Utilities Proxy Execution
azure_sentinel Azure Sentinel detect minimal T1127.001 MSBuild
azure_sentinel Azure Sentinel detect minimal T1550 Use Alternate Authentication Material
azure_sentinel Azure Sentinel detect minimal T1550.001 Application Access Token
azure_sentinel Azure Sentinel detect minimal T1550.002 Pass the Hash
azure_sentinel Azure Sentinel detect minimal T1125 Video Capture
azure_sentinel Azure Sentinel detect minimal T1102 Web Service
azure_sentinel Azure Sentinel detect minimal T1102.002 Bidirectional Communication
azure_sentinel Azure Sentinel detect minimal T1556 Modify Authentication Process
azure_sentinel Azure Sentinel detect minimal T1080 Taint Shared Content
azure_sentinel Azure Sentinel detect minimal T1074 Data Staged
azure_sentinel Azure Sentinel detect minimal T1074.001 Local Data Staging
azure_sentinel Azure Sentinel detect minimal T1490 Inhibit System Recovery
azure_sentinel Azure Sentinel detect minimal T1486 Data Encrypted for Impact
azure_sentinel Azure Sentinel detect minimal T1535 Unused/Unsupported Cloud Regions
azure_sentinel Azure Sentinel detect minimal T1530 Data from Cloud Storage Object
azure_sentinel Azure Sentinel detect minimal T1036 Masquerading
azure_sentinel Azure Sentinel detect minimal T1036.004 Masquerade Task or Service
azure_sentinel Azure Sentinel detect partial T1036.005 Match Legitimate Name or Location
azure_sentinel Azure Sentinel detect minimal T1578 Modify Cloud Compute Infrastructure
azure_sentinel Azure Sentinel detect minimal T1580 Cloud Infrastructure Discovery
azure_sentinel Azure Sentinel detect minimal T1528 Steal Application Access Token
azure_sentinel Azure Sentinel detect minimal T1069 Permission Groups Discovery
azure_sentinel Azure Sentinel detect minimal T1069.002 Domain Groups
azure_sentinel Azure Sentinel detect minimal T1069.001 Local Groups

Capabilities

Capability ID Capability Name Number of Mappings
azure_sentinel Azure Sentinel 170