| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1087 |
Account Discovery |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1087.004 |
Cloud Account |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1119 |
Automated Collection |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1020 |
Automated Exfiltration |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1530 |
Data from Cloud Storage |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1048 |
Exfiltration Over Alternative Protocol |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1567 |
Exfiltration Over Web Service |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1567.004 |
Exfiltration Over Webhook |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1546 |
Event Triggered Execution |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1070 |
Indicator Removal |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1552 |
Unsecured Credentials |
| PUR-IP-E5 |
Information Protection |
Technique Scores |
T1552.008 |
Chat Messages |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1548 |
Abuse Elevation Control Mechanism |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1548.005 |
Temporary Elevated Cloud Access |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1087 |
Account Discovery |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1087.004 |
Cloud Account |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1059 |
Command and Scripting Interpreter |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1059.009 |
Cloud API |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1530 |
Data from Cloud Storage |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1213 |
Data from Information Repositories |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1213.002 |
Sharepoint |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1114 |
Email Collection |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1114.002 |
Remote Email Collection |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1114.003 |
Email Forwarding Rule |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1606 |
Forge Web Credentials |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1564 |
Hide Artifacts |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1564.008 |
Email Hiding Rules |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1546 |
Event Triggered Execution |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1562 |
Impair Defenses |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1562.008 |
Disable or Modify Cloud Logs |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1070 |
Indicator Removal |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1070.008 |
Clear Mailbox Data |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1556 |
Modify Authentication Process |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1556.006 |
Multi-Factor Authentication |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1566 |
Phishing |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1566.002 |
Spearphishing Link |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1528 |
Steal Application Access Token |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1552 |
Unsecured Credentials |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1552.008 |
Chat Messages |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1078 |
Valid Accounts |
| PUR-AS-E5 |
Audit Solutions |
Technique Scores |
T1078.004 |
Cloud Accounts |
| EOP-MFR-E3 |
Mail Flow Rules |
Technique Scores |
T1114 |
Email Collection |
| EOP-MFR-E3 |
Mail Flow Rules |
Technique Scores |
T1114.002 |
Remote Email Collection |
| EOP-MFR-E3 |
Mail Flow Rules |
Technique Scores |
T1114.003 |
Email Forwarding Rule |
| EOP-MFR-E3 |
Mail Flow Rules |
Technique Scores |
T1564 |
Hide Artifacts |
| EOP-MFR-E3 |
Mail Flow Rules |
Technique Scores |
T1564.008 |
Email Hiding Rules |
| EOP-AntiSpam-E3 |
AntiSpam |
Technique Scores |
T1566 |
Phishing |
| EOP-AntiSpam-E3 |
AntiSpam |
Technique Scores |
T1656 |
Impersonation |
| EOP-AntiSpam-E3 |
AntiSpam |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| EOP-AntiSpam-E3 |
AntiSpam |
Technique Scores |
T1566.002 |
Spearphishing Link |
| EOP-AntiSpam-E3 |
AntiSpam |
Technique Scores |
T1534 |
Internal Spearphishing |
| EOP-AP-E3 |
Anti-Phishing |
Technique Scores |
T1656 |
Impersonation |
| EOP-AP-E3 |
Anti-Phishing |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| EOP-AP-E3 |
Anti-Phishing |
Technique Scores |
T1566.002 |
Spearphishing Link |
| EOP-AP-E3 |
Anti-Phishing |
Technique Scores |
T1566 |
Phishing |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1204.002 |
Malicious File |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1204 |
User Execution |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1566 |
Phishing |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1080 |
Taint Shared Content |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1027 |
Obfuscated Files or Information |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1036 |
Masquerading |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1059.006 |
Python |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1059.001 |
PowerShell |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1059 |
Command and Scripting Interpreter |
| EOP-Antimalware-E3 |
Antimalware |
Technique Scores |
T1059.009 |
Cloud API |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1078.001 |
Default Accounts |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1213.002 |
Sharepoint |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1213 |
Data from Information Repositories |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1199 |
Trusted Relationship |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1562.008 |
Disable or Modify Cloud Logs |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1562 |
Impair Defenses |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1530 |
Data from Cloud Storage |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1484.002 |
Domain Trust Modification |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1484 |
Domain Policy Modification |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1556.007 |
Hybrid Identity |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1556.006 |
Multi-Factor Authentication |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1556 |
Modify Authentication Process |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1648 |
Serverless Execution |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1059.009 |
Cloud API |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1059 |
Command and Scripting Interpreter |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1651 |
Cloud Administration Command |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1528 |
Steal Application Access Token |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1538 |
Cloud Service Dashboard |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1098.003 |
Additional Cloud Roles |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1098.001 |
Additional Cloud Credentials |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1098 |
Account Manipulation |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1136.003 |
Cloud Account |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1136 |
Create Account |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1078.004 |
Cloud Accounts |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1078 |
Valid Accounts |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1087.004 |
Cloud Account |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1087 |
Account Discovery |
| ME-RBAC-E3 |
Role Based Access Control |
Technique Scores |
T1548.005 |
Temporary Elevated Cloud Access |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1539 |
Steal Web Session Cookie |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1021.007 |
Cloud Services |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1110.004 |
Credential Stuffing |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1110.003 |
Password Spraying |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1110.002 |
Password Cracking |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1110.001 |
Password Guessing |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1110 |
Brute Force |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1136.003 |
Cloud Account |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1098.001 |
Additional Cloud Credentials |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1098.003 |
Additional Cloud Roles |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1531 |
Account Access Removal |
| ME-PWA-E3 |
Passwordless Authentication |
Technique Scores |
T1078.004 |
Cloud Accounts |
| ME-PWP-E3 |
Password Policy |
Technique Scores |
T1586.003 |
Cloud Accounts |
| ME-PWP-E3 |
Password Policy |
Technique Scores |
T1110.004 |
Credential Stuffing |
| ME-PWP-E3 |
Password Policy |
Technique Scores |
T1110.003 |
Password Spraying |
| ME-PWP-E3 |
Password Policy |
Technique Scores |
T1110.002 |
Password Cracking |
| ME-PWP-E3 |
Password Policy |
Technique Scores |
T1110.001 |
Password Guessing |
| ME-PWP-E3 |
Password Policy |
Technique Scores |
T1078 |
Valid Accounts |
| ME-PWP-E3 |
Password Policy |
Technique Scores |
T1110 |
Brute Force |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1098.003 |
Additional Cloud Roles |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1098 |
Account Manipulation |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1651 |
Cloud Administration Command |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1098.003 |
Additional Cloud Roles |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1098.001 |
Additional Cloud Credentials |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1098 |
Account Manipulation |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1136.003 |
Cloud Account |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1136 |
Create Account |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1078.004 |
Cloud Accounts |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1078 |
Valid Accounts |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1556.007 |
Hybrid Identity |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1556.006 |
Multi-Factor Authentication |
| ME-PIM-E5 |
Privileged Identity Management |
Technique Scores |
T1556 |
Modify Authentication Process |
| ME-PP-E3 |
Password Protection |
Technique Scores |
T1586.003 |
Cloud Accounts |
| ME-PP-E3 |
Password Protection |
Technique Scores |
T1078 |
Valid Accounts |
| ME-PP-E3 |
Password Protection |
Technique Scores |
T1110.004 |
Credential Stuffing |
| ME-PP-E3 |
Password Protection |
Technique Scores |
T1110.003 |
Password Spraying |
| ME-PP-E3 |
Password Protection |
Technique Scores |
T1110 |
Brute Force |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1078.004 |
Cloud Accounts |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1136.003 |
Cloud Account |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1098.002 |
Additional Email Delegate Permissions |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1098.003 |
Additional Cloud Roles |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1098.001 |
Additional Cloud Credentials |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1098 |
Account Manipulation |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1110.004 |
Credential Stuffing |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1110.003 |
Password Spraying |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1110.002 |
Password Cracking |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1136.003 |
Cloud Account |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1110.001 |
Password Guessing |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1110 |
Brute Force |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1566.002 |
Spearphishing Link |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1566 |
Phishing |
| ME-MFA-E3 |
Multi-factor Authentication |
Technique Scores |
T1530 |
Data from Cloud Storage |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1098.003 |
Additional Cloud Roles |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1098.001 |
Additional Cloud Credentials |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1098 |
Account Manipulation |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1110.004 |
Credential Stuffing |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1110.003 |
Password Spraying |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1110.002 |
Password Cracking |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1110.001 |
Password Guessing |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1110 |
Brute Force |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1621 |
Multi-Factor Authentication Request Generation |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1556.006 |
Multi-Factor Authentication |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1556 |
Modify Authentication Process |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1586.003 |
Cloud Accounts |
| ME-IP-E5 |
Identity Protection |
Technique Scores |
T1078 |
Valid Accounts |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1556.006 |
Multi-Factor Authentication |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1134.001 |
Token Impersonation/Theft |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1098.006 |
Additional Container Cluster Roles |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1098.003 |
Additional Cloud Roles |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1548.005 |
Temporary Elevated Cloud Access |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1110 |
Brute Force |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1585.003 |
Cloud Accounts |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1585.002 |
Email Accounts |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1585 |
Establish Accounts |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1651 |
Cloud Administration Command |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1114 |
Email Collection |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1114.002 |
Remote Email Collection |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1586.003 |
Cloud Accounts |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1586.002 |
Email Accounts |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1586 |
Compromise Accounts |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1531 |
Account Access Removal |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1586.003 |
Cloud Accounts |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1078 |
Valid Accounts |
| ME-CAE-E3 |
Conditional Access Evaluation |
Technique Scores |
T1539 |
Steal Web Session Cookie |
| ME-CA-E5 |
Conditional Access |
Technique Scores |
T1059.009 |
Cloud API |
| ME-CA-E5 |
Conditional Access |
Technique Scores |
T1078 |
Valid Accounts |
| ME-CA-E5 |
Conditional Access |
Technique Scores |
T1586.003 |
Cloud Accounts |
| ME-CA-E5 |
Conditional Access |
Technique Scores |
T1621 |
Multi-Factor Authentication Request Generation |
| ME-CA-E5 |
Conditional Access |
Technique Scores |
T1110.004 |
Credential Stuffing |
| ME-CA-E5 |
Conditional Access |
Technique Scores |
T1110.003 |
Password Spraying |
| ME-CA-E5 |
Conditional Access |
Technique Scores |
T1110.002 |
Password Cracking |
| ME-CA-E5 |
Conditional Access |
Technique Scores |
T1110.001 |
Password Guessing |
| ME-CA-E5 |
Conditional Access |
Technique Scores |
T1110 |
Brute Force |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1204.001 |
Malicious Link |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1204.002 |
Malicious File |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1204 |
User Execution |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1080 |
Taint Shared Content |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1027 |
Obfuscated Files or Information |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1036 |
Masquerading |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1059.006 |
Python |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1059.009 |
Cloud API |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1059.001 |
PowerShell |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1059 |
Command and Scripting Interpreter |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1656 |
Impersonation |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1534 |
Internal Spearphishing |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1566.002 |
Spearphishing Link |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| M365-DEF-ZAP-E3 |
Zero Hour Auto Purge |
Technique Scores |
T1566 |
Phishing |
| DO365-TT-E5 |
Threat Tracker |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DO365-TT-E5 |
Threat Tracker |
Technique Scores |
T1566 |
Phishing |
| DO365-TPSR-E3 |
Threat Protection Status Report |
Technique Scores |
T1566 |
Phishing |
| DO365-TPSR-E3 |
Threat Protection Status Report |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DO365-TPSR-E3 |
Threat Protection Status Report |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DO365-TPSR-E3 |
Threat Protection Status Report |
Technique Scores |
T1534 |
Internal Spearphishing |
| DO365-TPSR-E3 |
Threat Protection Status Report |
Technique Scores |
T1656 |
Impersonation |
| DO365-TPSR-E3 |
Threat Protection Status Report |
Technique Scores |
T1189 |
Drive-by Compromise |
| DO365-TE-E5 |
Threat Explorer |
Technique Scores |
T1656 |
Impersonation |
| DO365-TE-E5 |
Threat Explorer |
Technique Scores |
T1189 |
Drive-by Compromise |
| DO365-TE-E5 |
Threat Explorer |
Technique Scores |
T1566 |
Phishing |
| DO365-TE-E5 |
Threat Explorer |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DO365-TE-E5 |
Threat Explorer |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1137 |
Office Application Startup |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1072 |
Software Deployment Tools |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1550 |
Use Alternate Authentication Material |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1530 |
Data from Cloud Storage |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1213 |
Data from Information Repositories |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1213.002 |
Sharepoint |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1078.001 |
Default Accounts |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1656 |
Impersonation |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1021 |
Remote Services |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1566 |
Phishing |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1080 |
Taint Shared Content |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1546 |
Event Triggered Execution |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1204.001 |
Malicious Link |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1204.002 |
Malicious File |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1204 |
User Execution |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1189 |
Drive-by Compromise |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1114.002 |
Remote Email Collection |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1114.003 |
Email Forwarding Rule |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1114 |
Email Collection |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1059.009 |
Cloud API |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1021.007 |
Cloud Services |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1136 |
Create Account |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1136.003 |
Cloud Account |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1548 |
Abuse Elevation Control Mechanism |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1651 |
Cloud Administration Command |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1606 |
Forge Web Credentials |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1564 |
Hide Artifacts |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1657 |
Financial Theft |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1567.004 |
Exfiltration Over Webhook |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1564.008 |
Email Hiding Rules |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1110.004 |
Credential Stuffing |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1110.003 |
Password Spraying |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1110.002 |
Password Cracking |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1110.001 |
Password Guessing |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1110 |
Brute Force |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1211 |
Exploitation for Defense Evasion |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1562.008 |
Disable or Modify Cloud Logs |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1562 |
Impair Defenses |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1534 |
Internal Spearphishing |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1078 |
Valid Accounts |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1078.004 |
Cloud Accounts |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1550 |
Use Alternate Authentication Material |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1550.001 |
Application Access Token |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1114.002 |
Remote Email Collection |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1114.003 |
Email Forwarding Rule |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1567.002 |
Exfiltration to Cloud Storage |
| DEF-SecScore-E3 |
Secure Score |
Technique Scores |
T1567 |
Exfiltration Over Web Service |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1011 |
Exfiltration Over Other Network Medium |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1550.002 |
Pass the Hash |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1557.001 |
LLMNR/NBT-NS Poisoning and SMB Relay |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1550 |
Use Alternate Authentication Material |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1557 |
Adversary-in-the-Middle |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1606 |
Forge Web Credentials |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1187 |
Forced Authentication |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1552.004 |
Private Keys |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1003.006 |
DCSync |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1003 |
OS Credential Dumping |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1134.001 |
Token Impersonation/Theft |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1134 |
Access Token Manipulation |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1558.004 |
AS-REP Roasting |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1558.003 |
Kerberoasting |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1555 |
Credentials from Password Stores |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1558.001 |
Golden Ticket |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1110.003 |
Password Spraying |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1110.001 |
Password Guessing |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1110 |
Brute Force |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1484.001 |
Group Policy Modification |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1078 |
Valid Accounts |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1484 |
Domain Policy Modification |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1134.005 |
SID-History Injection |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1134 |
Access Token Manipulation |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1484 |
Domain Policy Modification |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1098 |
Account Manipulation |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1556.001 |
Domain Controller Authentication |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1556 |
Modify Authentication Process |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1210 |
Exploitation of Remote Services |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1068 |
Exploitation for Privilege Escalation |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1558.001 |
Golden Ticket |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1558 |
Steal or Forge Kerberos Tickets |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1134.001 |
Token Impersonation/Theft |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1202 |
Indirect Command Execution |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1069.002 |
Domain Groups |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1069 |
Permission Groups Discovery |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1049 |
System Network Connections Discovery |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1018 |
Remote System Discovery |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1046 |
Network Service Discovery |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1087 |
Account Discovery |
| DEF-SECA-E3 |
Security Alerts |
Technique Scores |
T1087.002 |
Domain Account |
| DO365-SL-E3 |
Safe Links |
Technique Scores |
T1204 |
User Execution |
| DO365-SL-E3 |
Safe Links |
Technique Scores |
T1204.001 |
Malicious Link |
| DO365-SL-E3 |
Safe Links |
Technique Scores |
T1566 |
Phishing |
| DO365-SL-E3 |
Safe Links |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DO365-SL-E3 |
Safe Links |
Technique Scores |
T1534 |
Internal Spearphishing |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1566 |
Phishing |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1598 |
Phishing for Information |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1204 |
User Execution |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1204.002 |
Malicious File |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1598.002 |
Spearphishing Attachment |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1566 |
Phishing |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1598.002 |
Spearphishing Attachment |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1598 |
Phishing for Information |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1204.002 |
Malicious File |
| DEF-SA-E3 |
Safe Attachments |
Technique Scores |
T1204 |
User Execution |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1213 |
Data from Information Repositories |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1213.002 |
Sharepoint |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1530 |
Data from Cloud Storage |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1204.001 |
Malicious Link |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1204.002 |
Malicious File |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1204 |
User Execution |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1080 |
Taint Shared Content |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1027 |
Obfuscated Files or Information |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1036 |
Masquerading |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1656 |
Impersonation |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1534 |
Internal Spearphishing |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1566 |
Phishing |
| DEF-Quarantine-E3 |
Quarantine Policies |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DO365-PSP-E3 |
Preset Security Policies |
Technique Scores |
T1534 |
Internal Spearphishing |
| DO365-PSP-E3 |
Preset Security Policies |
Technique Scores |
T1656 |
Impersonation |
| DO365-PSP-E3 |
Preset Security Policies |
Technique Scores |
T1189 |
Drive-by Compromise |
| DO365-PSP-E3 |
Preset Security Policies |
Technique Scores |
T1566 |
Phishing |
| DO365-PSP-E3 |
Preset Security Policies |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DO365-PSP-E3 |
Preset Security Policies |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DO365-PSP-E3 |
Preset Security Policies |
Technique Scores |
T1204 |
User Execution |
| DO365-PSP-E3 |
Preset Security Policies |
Technique Scores |
T1204.001 |
Malicious Link |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1078.004 |
Cloud Accounts |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1098.003 |
Additional Cloud Roles |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1098 |
Account Manipulation |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1213.002 |
Sharepoint |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1530 |
Data from Cloud Storage |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1110.004 |
Credential Stuffing |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1110.002 |
Password Cracking |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1110.003 |
Password Spraying |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1110.001 |
Password Guessing |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1110 |
Brute Force |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1550.002 |
Pass the Hash |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1550.003 |
Pass the Ticket |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1550 |
Use Alternate Authentication Material |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1068 |
Exploitation for Privilege Escalation |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1210 |
Exploitation of Remote Services |
| DEF-LM-E5 |
Lateral Movements |
Technique Scores |
T1078 |
Valid Accounts |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1098 |
Account Manipulation |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1098.001 |
Additional Cloud Credentials |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1098.002 |
Additional Email Delegate Permissions |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1098.003 |
Additional Cloud Roles |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1531 |
Account Access Removal |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1110 |
Brute Force |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1110.001 |
Password Guessing |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1110.002 |
Password Cracking |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1110.003 |
Password Spraying |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1110.004 |
Credential Stuffing |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1136 |
Create Account |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1136.003 |
Cloud Account |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1538 |
Cloud Service Dashboard |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1059 |
Command and Scripting Interpreter |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1059.009 |
Cloud API |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1530 |
Data from Cloud Storage |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1213 |
Data from Information Repositories |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1213.002 |
Sharepoint |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1606 |
Forge Web Credentials |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1606.002 |
SAML Tokens |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1564 |
Hide Artifacts |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1564.008 |
Email Hiding Rules |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1562 |
Impair Defenses |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1562.008 |
Disable or Modify Cloud Logs |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1556 |
Modify Authentication Process |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1556.006 |
Multi-Factor Authentication |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1621 |
Multi-Factor Authentication Request Generation |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1566 |
Phishing |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1598.003 |
Spearphishing Link |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1598.004 |
Spearphishing Voice |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1552 |
Unsecured Credentials |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1552.008 |
Chat Messages |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1550 |
Use Alternate Authentication Material |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1550.001 |
Application Access Token |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1550.004 |
Web Session Cookie |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1078 |
Valid Accounts |
| DEF-IR-E5 |
Incident Response |
Technique Scores |
T1087.004 |
Cloud Account |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1550 |
Use Alternate Authentication Material |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1550 |
Use Alternate Authentication Material |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1539 |
Steal Web Session Cookie |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1539 |
Steal Web Session Cookie |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1528 |
Steal Application Access Token |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1528 |
Steal Application Access Token |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1204.001 |
Malicious Link |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1189 |
Drive-by Compromise |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1598 |
Phishing for Information |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1566 |
Phishing |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1204.002 |
Malicious File |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1204 |
User Execution |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1204 |
User Execution |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1204.002 |
Malicious File |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1566 |
Phishing |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1598.002 |
Spearphishing Attachment |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1598 |
Phishing for Information |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1204.001 |
Malicious Link |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1189 |
Drive-by Compromise |
| DEF-SIM-E5 |
ATT&CK Simulation Training |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1548 |
Abuse Elevation Control Mechanism |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1087 |
Account Discovery |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1087.004 |
Cloud Account |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1110 |
Brute Force |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1110.001 |
Password Guessing |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1110.002 |
Password Cracking |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1110.003 |
Password Spraying |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1110.004 |
Credential Stuffing |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1538 |
Cloud Service Dashboard |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1606 |
Forge Web Credentials |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1606.002 |
SAML Tokens |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1562 |
Impair Defenses |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1562.008 |
Disable or Modify Cloud Logs |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1556 |
Modify Authentication Process |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1556.006 |
Multi-Factor Authentication |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1621 |
Multi-Factor Authentication Request Generation |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1566 |
Phishing |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1528 |
Steal Application Access Token |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1199 |
Trusted Relationship |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1078 |
Valid Accounts |
| DO365-AG-E5 |
App Governance |
Technique Scores |
T1078.004 |
Cloud Accounts |
| DO365-AS-E3 |
Anti-Spoofing |
Technique Scores |
T1566 |
Phishing |
| DO365-AS-E3 |
Anti-Spoofing |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DO365-AS-E3 |
Anti-Spoofing |
Technique Scores |
T1656 |
Impersonation |
| DO365-AS-E3 |
Anti-Spoofing |
Technique Scores |
T1534 |
Internal Spearphishing |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1137 |
Office Application Startup |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1048 |
Exfiltration Over Alternative Protocol |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1567 |
Exfiltration Over Web Service |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1564.008 |
Email Hiding Rules |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1114 |
Email Collection |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1114.003 |
Email Forwarding Rule |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1550 |
Use Alternate Authentication Material |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1204.002 |
Malicious File |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1204.001 |
Malicious Link |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1078.004 |
Cloud Accounts |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1078 |
Valid Accounts |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1534 |
Internal Spearphishing |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1656 |
Impersonation |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1566 |
Phishing |
| DEF-AIR-E5 |
Automated Investigation and Response |
Technique Scores |
T1189 |
Drive-by Compromise |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1087 |
Account Discovery |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1087.004 |
Cloud Account |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1110 |
Brute Force |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1110.001 |
Password Guessing |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1110.002 |
Password Cracking |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1110.003 |
Password Spraying |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1110.004 |
Credential Stuffing |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1538 |
Cloud Service Dashboard |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1189 |
Drive-by Compromise |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1114 |
Email Collection |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1114.002 |
Remote Email Collection |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1546 |
Event Triggered Execution |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1567 |
Exfiltration Over Web Service |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1567.004 |
Exfiltration Over Webhook |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1048 |
Exfiltration Over Alternative Protocol |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1606 |
Forge Web Credentials |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1562 |
Impair Defenses |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1562.008 |
Disable or Modify Cloud Logs |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1534 |
Internal Spearphishing |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1556 |
Modify Authentication Process |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1556.006 |
Multi-Factor Authentication |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1621 |
Multi-Factor Authentication Request Generation |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1566 |
Phishing |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1199 |
Trusted Relationship |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1552 |
Unsecured Credentials |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1078 |
Valid Accounts |
| DO365-ATH-E5 |
Advanced Threat Hunting |
Technique Scores |
T1078.004 |
Cloud Accounts |
| DO365-AAP-E5 |
Advanced Anti-phishing |
Technique Scores |
T1656 |
Impersonation |
| DO365-AAP-E5 |
Advanced Anti-phishing |
Technique Scores |
T1656 |
Impersonation |
| DO365-AAP-E5 |
Advanced Anti-phishing |
Technique Scores |
T1656 |
Impersonation |
| DO365-AAP-E5 |
Advanced Anti-phishing |
Technique Scores |
T1534 |
Internal Spearphishing |
| DO365-AAP-E5 |
Advanced Anti-phishing |
Technique Scores |
T1534 |
Internal Spearphishing |
| DO365-AAP-E5 |
Advanced Anti-phishing |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DO365-AAP-E5 |
Advanced Anti-phishing |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DO365-AAP-E5 |
Advanced Anti-phishing |
Technique Scores |
T1566.002 |
Spearphishing Link |
| DO365-AAP-E5 |
Advanced Anti-phishing |
Technique Scores |
T1566.001 |
Spearphishing Attachment |
