| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1078 |
Valid Accounts |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1078.001 |
Default Accounts |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1078.002 |
Domain Accounts |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1078.003 |
Local Accounts |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1078.004 |
Cloud Accounts |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1195 |
Supply Chain Compromise |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1195.001 |
Compromise Software Dependencies and Development Tools |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1110 |
Brute Force |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1110.001 |
Password Guessing |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1110.003 |
Password Spraying |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1110.004 |
Credential Stuffing |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1098 |
Account Manipulation |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1098.001 |
Additional Cloud Credentials |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1071 |
Application Layer Protocol |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1071.001 |
Web Protocols |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1071.004 |
DNS |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1567 |
Exfiltration Over Web Service |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1567.002 |
Exfiltration to Cloud Storage |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1567.001 |
Exfiltration to Code Repository |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1595 |
Active Scanning |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1595.002 |
Vulnerability Scanning |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1105 |
Ingress Tool Transfer |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1048 |
Exfiltration Over Alternative Protocol |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1048.003 |
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1496 |
Resource Hijacking |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1070 |
Indicator Removal on Host |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1070.001 |
Clear Windows Event Logs |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1070.006 |
Timestomp |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1059 |
Command and Scripting Interpreter |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1059.001 |
PowerShell |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1059.003 |
Windows Command Shell |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1059.004 |
Unix Shell |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1059.007 |
JavaScript/JScript |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1059.005 |
Visual Basic |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1059.006 |
Python |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1213 |
Data from Information Repositories |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1213.002 |
Sharepoint |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1531 |
Account Access Removal |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1018 |
Remote System Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1136 |
Create Account |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1136.001 |
Local Account |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1136.002 |
Domain Account |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1136.003 |
Cloud Account |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1114 |
Email Collection |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1114.001 |
Local Email Collection |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1114.002 |
Remote Email Collection |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1114.003 |
Email Forwarding Rule |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1505 |
Server Software Component |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1505.003 |
Web Shell |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1573 |
Encrypted Channel |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1573.002 |
Asymmetric Cryptography |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1090 |
Proxy |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1090.003 |
Multi-hop Proxy |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1562 |
Impair Defenses |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1562.001 |
Disable or Modify Tools |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1562.002 |
Disable Windows Event Logging |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1562.006 |
Indicator Blocking |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1562.007 |
Disable or Modify Cloud Firewall |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1562.008 |
Disable Cloud Logs |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1119 |
Automated Collection |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1485 |
Data Destruction |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1568 |
Dynamic Resolution |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1568.002 |
Domain Generation Algorithms |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1190 |
Exploit Public-Facing Application |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1137 |
Office Application Startup |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1137.005 |
Outlook Rules |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1137.006 |
Add-ins |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1140 |
Deobfuscate/Decode Files or Information |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1558 |
Steal or Forge Kerberos Tickets |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1558.003 |
Kerberoasting |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1558.001 |
Golden Ticket |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1558.002 |
Silver Ticket |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1047 |
Windows Management Instrumentation |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1046 |
Network Service Scanning |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1021 |
Remote Services |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1021.001 |
Remote Desktop Protocol |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1021.002 |
SMB/Windows Admin Shares |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1021.003 |
Distributed Component Object Model |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1021.004 |
SSH |
| azure_sentinel |
Azure Sentinel |
protect |
minimal |
T1552 |
Unsecured Credentials |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1552 |
Unsecured Credentials |
| azure_sentinel |
Azure Sentinel |
protect |
minimal |
T1552.001 |
Credentials In Files |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1552.001 |
Credentials In Files |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1552.004 |
Private Keys |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1590 |
Gather Victim Network Information |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1590.002 |
DNS |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1548 |
Abuse Elevation Control Mechanism |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1548.002 |
Bypass User Account Control |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1134 |
Access Token Manipulation |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1134.002 |
Create Process with Token |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1134.005 |
SID-History Injection |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1087 |
Account Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1087.002 |
Domain Account |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1087.001 |
Local Account |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1087.003 |
Email Account |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1560 |
Archive Collected Data |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1547 |
Boot or Logon Autostart Execution |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1547.005 |
Security Support Provider |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1547.009 |
Shortcut Modification |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1547.001 |
Registry Run Keys / Startup Folder |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1217 |
Browser Bookmark Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1115 |
Clipboard Data |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1543 |
Create or Modify System Process |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1543.003 |
Windows Service |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1555 |
Credentials from Password Stores |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1555.003 |
Credentials from Web Browsers |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1484 |
Domain Policy Modification |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1484.001 |
Group Policy Modification |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1484.002 |
Domain Trust Modification |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1482 |
Domain Trust Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1546 |
Event Triggered Execution |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1546.008 |
Accessibility Features |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1041 |
Exfiltration Over C2 Channel |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1068 |
Exploitation for Privilege Escalation |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1210 |
Exploitation of Remote Services |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1083 |
File and Directory Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1574 |
Hijack Execution Flow |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1574.001 |
DLL Search Order Hijacking |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1574.007 |
Path Interception by PATH Environment Variable |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1574.008 |
Path Interception by Search Order Hijacking |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1574.009 |
Path Interception by Unquoted Path |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1056 |
Input Capture |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1056.001 |
Keylogging |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1056.004 |
Credential API Hooking |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1557 |
Man-in-the-Middle |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1557.001 |
LLMNR/NBT-NS Poisoning and SMB Relay |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1106 |
Native API |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1135 |
Network Share Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1040 |
Network Sniffing |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1027 |
Obfuscated Files or Information |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1003 |
OS Credential Dumping |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1003.001 |
LSASS Memory |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1057 |
Process Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1055 |
Process Injection |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1053 |
Scheduled Task/Job |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1053.003 |
Cron |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1053.005 |
Scheduled Task |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1113 |
Screen Capture |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1518 |
Software Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1518.001 |
Security Software Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1082 |
System Information Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1016 |
System Network Configuration Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1049 |
System Network Connections Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1569 |
System Services |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1569.002 |
Service Execution |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1127 |
Trusted Developer Utilities Proxy Execution |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1127.001 |
MSBuild |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1550 |
Use Alternate Authentication Material |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1550.001 |
Application Access Token |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1550.002 |
Pass the Hash |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1125 |
Video Capture |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1102 |
Web Service |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1102.002 |
Bidirectional Communication |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1556 |
Modify Authentication Process |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1080 |
Taint Shared Content |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1074 |
Data Staged |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1074.001 |
Local Data Staging |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1490 |
Inhibit System Recovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1486 |
Data Encrypted for Impact |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1535 |
Unused/Unsupported Cloud Regions |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1530 |
Data from Cloud Storage Object |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1036 |
Masquerading |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1036.004 |
Masquerade Task or Service |
| azure_sentinel |
Azure Sentinel |
detect |
partial |
T1036.005 |
Match Legitimate Name or Location |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1578 |
Modify Cloud Compute Infrastructure |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1580 |
Cloud Infrastructure Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1528 |
Steal Application Access Token |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1069 |
Permission Groups Discovery |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1069.002 |
Domain Groups |
| azure_sentinel |
Azure Sentinel |
detect |
minimal |
T1069.001 |
Local Groups |
