ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CVE
Google Cloud Platform (GCP)
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 8.2 Enterprise and Azure 06.29.2021.
Change versions here.
Home
Mapping Frameworks
Azure Home
Linux auditd alerts and Log Analytics agent integration
Azure
linux_auditd_alerts_and_log_analytics_agent_integration
Mappings
This integration enables collection of auditd events in all supported Linux distributions, without any prerequisites. Auditd records are collected, enriched, and aggregated into events by using the Log Analytics agent for Linux agent.
Mappings
ATT&CK Version
8.2
ATT&CK Domain
Enterprise
Azure
06.29.2021
Change Versions
Capability ID
Capability Description
Category
Value
ATT&CK ID
ATT&CK Name
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1059
Command and Scripting Interpreter
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1059.004
Unix Shell
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1068
Exploitation for Privilege Escalation
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1098
Account Manipulation
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1098.004
SSH Authorized Keys
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1547
Boot or Logon Autostart Execution
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1547.006
Kernel Modules and Extensions
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1136
Create Account
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1136.001
Local Account
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1505
Server Software Component
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1505.003
Web Shell
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1564
Hide Artifacts
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1564.001
Hidden Files and Directories
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1564.006
Run Virtual Instance
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1562
Impair Defenses
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1562.004
Disable or Modify System Firewall
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1562.006
Indicator Blocking
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1070
Indicator Removal on Host
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1070.002
Clear Linux or Mac System Logs
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1070.003
Clear Command History
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1027
Obfuscated Files or Information
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1027.004
Compile After Delivery
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1110
Brute Force
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1110.001
Password Guessing
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1110.003
Password Spraying
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1110.004
Credential Stuffing
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1003
OS Credential Dumping
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1003.008
/etc/passwd and /etc/shadow
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
minimal
T1021
Remote Services
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1021.004
SSH
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1525
Implant Container Image
linux_auditd_alerts_and_log_analytics_agent_integration
Linux auditd alerts and Log Analytics agent integration
detect
partial
T1113
Screen Capture