Home
Mapping Frameworks
Azure Home
Cloud App Security Policies

Azure cloud_app_security_policies Mappings

Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1078	Valid Accounts
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1078.004	Cloud Accounts
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1078.002	Domain Accounts
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1078.001	Default Accounts
cloud_app_security_policies	Cloud App Security Policies	protect	partial	T1567	Exfiltration Over Web Service
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1567	Exfiltration Over Web Service
cloud_app_security_policies	Cloud App Security Policies	protect	partial	T1567.002	Exfiltration to Cloud Storage
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1567.002	Exfiltration to Cloud Storage
cloud_app_security_policies	Cloud App Security Policies	protect	partial	T1567.001	Exfiltration to Code Repository
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1567.001	Exfiltration to Code Repository
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1189	Drive-by Compromise
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1535	Unused/Unsupported Cloud Regions
cloud_app_security_policies	Cloud App Security Policies	protect	significant	T1187	Forced Authentication
cloud_app_security_policies	Cloud App Security Policies	detect	significant	T1187	Forced Authentication
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1530	Data from Cloud Storage Object
cloud_app_security_policies	Cloud App Security Policies	protect	partial	T1528	Steal Application Access Token
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1528	Steal Application Access Token
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1526	Cloud Service Discovery
cloud_app_security_policies	Cloud App Security Policies	protect	minimal	T1213	Data from Information Repositories
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1213	Data from Information Repositories
cloud_app_security_policies	Cloud App Security Policies	protect	partial	T1213.002	Sharepoint
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1213.002	Sharepoint
cloud_app_security_policies	Cloud App Security Policies	protect	partial	T1213.001	Confluence
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1213.001	Confluence
cloud_app_security_policies	Cloud App Security Policies	protect	partial	T1119	Automated Collection
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1119	Automated Collection
cloud_app_security_policies	Cloud App Security Policies	protect	partial	T1565	Data Manipulation
cloud_app_security_policies	Cloud App Security Policies	protect	partial	T1565.001	Stored Data Manipulation
cloud_app_security_policies	Cloud App Security Policies	protect	partial	T1133	External Remote Services
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1133	External Remote Services
cloud_app_security_policies	Cloud App Security Policies	protect	significant	T1219	Remote Access Software
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1219	Remote Access Software
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1484	Domain Policy Modification
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1484.002	Domain Trust Modification
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1484.001	Group Policy Modification
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1098	Account Manipulation
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1098.003	Add Office 365 Global Administrator Role
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1098.001	Additional Cloud Credentials
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1098.002	Exchange Email Delegate Permissions
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1578	Modify Cloud Compute Infrastructure
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1578.004	Revert Cloud Instance
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1578.003	Delete Cloud Instance
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1578.001	Create Snapshot
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1578.002	Create Cloud Instance
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1531	Account Access Removal
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1496	Resource Hijacking
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1485	Data Destruction
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1486	Data Encrypted for Impact
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1071	Application Layer Protocol
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1071.003	Mail Protocols
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1110	Brute Force
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1110.004	Credential Stuffing
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1110.003	Password Spraying
cloud_app_security_policies	Cloud App Security Policies	detect	partial	T1110.001	Password Guessing
cloud_app_security_policies	Cloud App Security Policies	detect	minimal	T1534	Internal Spearphishing