M365 MAPPINGS

Microsoft 365 (M365) is a widely used Software as a Service (SaaS) product family of productivity software, collaboration, and cloud-based services. This project maps the security controls native to M365 product areas to MITRE ATT&CK® providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

Capability Groups

ID Capability Group Name Number of Mappings Number of Capabilities
m365-defender Microsoft 365 Defender 317 18
entra-id Microsoft Entra ID 122 9
eop Exchange Online Protection 25 4
purview Microsoft Purview 54 3

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
PUR-IP-E5 Information Protection Technique Scores T1087 Account Discovery
PUR-IP-E5 Information Protection Technique Scores T1087.004 Cloud Account
PUR-IP-E5 Information Protection Technique Scores T1119 Automated Collection
PUR-IP-E5 Information Protection Technique Scores T1020 Automated Exfiltration
PUR-IP-E5 Information Protection Technique Scores T1530 Data from Cloud Storage
PUR-IP-E5 Information Protection Technique Scores T1048 Exfiltration Over Alternative Protocol
PUR-IP-E5 Information Protection Technique Scores T1567 Exfiltration Over Web Service
PUR-IP-E5 Information Protection Technique Scores T1567.004 Exfiltration Over Webhook
PUR-IP-E5 Information Protection Technique Scores T1546 Event Triggered Execution
PUR-IP-E5 Information Protection Technique Scores T1070 Indicator Removal
PUR-IP-E5 Information Protection Technique Scores T1552 Unsecured Credentials
PUR-IP-E5 Information Protection Technique Scores T1552.008 Chat Messages
PUR-AS-E5 Audit Solutions Technique Scores T1548 Abuse Elevation Control Mechanism
PUR-AS-E5 Audit Solutions Technique Scores T1548.005 Temporary Elevated Cloud Access
PUR-AS-E5 Audit Solutions Technique Scores T1087 Account Discovery
PUR-AS-E5 Audit Solutions Technique Scores T1087.004 Cloud Account
PUR-AS-E5 Audit Solutions Technique Scores T1059 Command and Scripting Interpreter
PUR-AS-E5 Audit Solutions Technique Scores T1059.009 Cloud API
PUR-AS-E5 Audit Solutions Technique Scores T1530 Data from Cloud Storage
PUR-AS-E5 Audit Solutions Technique Scores T1213 Data from Information Repositories
PUR-AS-E5 Audit Solutions Technique Scores T1213.002 Sharepoint
PUR-AS-E5 Audit Solutions Technique Scores T1114 Email Collection
PUR-AS-E5 Audit Solutions Technique Scores T1114.002 Remote Email Collection
PUR-AS-E5 Audit Solutions Technique Scores T1114.003 Email Forwarding Rule
PUR-AS-E5 Audit Solutions Technique Scores T1606 Forge Web Credentials
PUR-AS-E5 Audit Solutions Technique Scores T1564 Hide Artifacts
PUR-AS-E5 Audit Solutions Technique Scores T1564.008 Email Hiding Rules
PUR-AS-E5 Audit Solutions Technique Scores T1546 Event Triggered Execution
PUR-AS-E5 Audit Solutions Technique Scores T1562 Impair Defenses
PUR-AS-E5 Audit Solutions Technique Scores T1562.008 Disable or Modify Cloud Logs
PUR-AS-E5 Audit Solutions Technique Scores T1070 Indicator Removal
PUR-AS-E5 Audit Solutions Technique Scores T1070.008 Clear Mailbox Data
PUR-AS-E5 Audit Solutions Technique Scores T1556 Modify Authentication Process
PUR-AS-E5 Audit Solutions Technique Scores T1556.006 Multi-Factor Authentication
PUR-AS-E5 Audit Solutions Technique Scores T1566 Phishing
PUR-AS-E5 Audit Solutions Technique Scores T1566.002 Spearphishing Link
PUR-AS-E5 Audit Solutions Technique Scores T1528 Steal Application Access Token
PUR-AS-E5 Audit Solutions Technique Scores T1552 Unsecured Credentials
PUR-AS-E5 Audit Solutions Technique Scores T1552.008 Chat Messages
PUR-AS-E5 Audit Solutions Technique Scores T1078 Valid Accounts
PUR-AS-E5 Audit Solutions Technique Scores T1078.004 Cloud Accounts
EOP-MFR-E3 Mail Flow Rules Technique Scores T1114 Email Collection
EOP-MFR-E3 Mail Flow Rules Technique Scores T1114.002 Remote Email Collection
EOP-MFR-E3 Mail Flow Rules Technique Scores T1114.003 Email Forwarding Rule
EOP-MFR-E3 Mail Flow Rules Technique Scores T1564 Hide Artifacts
EOP-MFR-E3 Mail Flow Rules Technique Scores T1564.008 Email Hiding Rules
EOP-AntiSpam-E3 AntiSpam Technique Scores T1566 Phishing
EOP-AntiSpam-E3 AntiSpam Technique Scores T1656 Impersonation
EOP-AntiSpam-E3 AntiSpam Technique Scores T1566.001 Spearphishing Attachment
EOP-AntiSpam-E3 AntiSpam Technique Scores T1566.002 Spearphishing Link
EOP-AntiSpam-E3 AntiSpam Technique Scores T1534 Internal Spearphishing
EOP-AP-E3 Anti-Phishing Technique Scores T1656 Impersonation
EOP-AP-E3 Anti-Phishing Technique Scores T1566.001 Spearphishing Attachment
EOP-AP-E3 Anti-Phishing Technique Scores T1566.002 Spearphishing Link
EOP-AP-E3 Anti-Phishing Technique Scores T1566 Phishing
EOP-Antimalware-E3 Antimalware Technique Scores T1204.002 Malicious File
EOP-Antimalware-E3 Antimalware Technique Scores T1204 User Execution
EOP-Antimalware-E3 Antimalware Technique Scores T1566.001 Spearphishing Attachment
EOP-Antimalware-E3 Antimalware Technique Scores T1566 Phishing
EOP-Antimalware-E3 Antimalware Technique Scores T1080 Taint Shared Content
EOP-Antimalware-E3 Antimalware Technique Scores T1027 Obfuscated Files or Information
EOP-Antimalware-E3 Antimalware Technique Scores T1036 Masquerading
EOP-Antimalware-E3 Antimalware Technique Scores T1059.006 Python
EOP-Antimalware-E3 Antimalware Technique Scores T1059.001 PowerShell
EOP-Antimalware-E3 Antimalware Technique Scores T1059 Command and Scripting Interpreter
EOP-Antimalware-E3 Antimalware Technique Scores T1059.009 Cloud API
ME-RBAC-E3 Role Based Access Control Technique Scores T1078.001 Default Accounts
ME-RBAC-E3 Role Based Access Control Technique Scores T1213.002 Sharepoint
ME-RBAC-E3 Role Based Access Control Technique Scores T1213 Data from Information Repositories
ME-RBAC-E3 Role Based Access Control Technique Scores T1199 Trusted Relationship
ME-RBAC-E3 Role Based Access Control Technique Scores T1562.008 Disable or Modify Cloud Logs
ME-RBAC-E3 Role Based Access Control Technique Scores T1562 Impair Defenses
ME-RBAC-E3 Role Based Access Control Technique Scores T1530 Data from Cloud Storage
ME-RBAC-E3 Role Based Access Control Technique Scores T1484.002 Domain Trust Modification
ME-RBAC-E3 Role Based Access Control Technique Scores T1484 Domain Policy Modification
ME-RBAC-E3 Role Based Access Control Technique Scores T1556.007 Hybrid Identity
ME-RBAC-E3 Role Based Access Control Technique Scores T1556.006 Multi-Factor Authentication
ME-RBAC-E3 Role Based Access Control Technique Scores T1556 Modify Authentication Process
ME-RBAC-E3 Role Based Access Control Technique Scores T1648 Serverless Execution
ME-RBAC-E3 Role Based Access Control Technique Scores T1059.009 Cloud API
ME-RBAC-E3 Role Based Access Control Technique Scores T1059 Command and Scripting Interpreter
ME-RBAC-E3 Role Based Access Control Technique Scores T1651 Cloud Administration Command
ME-RBAC-E3 Role Based Access Control Technique Scores T1528 Steal Application Access Token
ME-RBAC-E3 Role Based Access Control Technique Scores T1538 Cloud Service Dashboard
ME-RBAC-E3 Role Based Access Control Technique Scores T1098.003 Additional Cloud Roles
ME-RBAC-E3 Role Based Access Control Technique Scores T1098.001 Additional Cloud Credentials
ME-RBAC-E3 Role Based Access Control Technique Scores T1098 Account Manipulation
ME-RBAC-E3 Role Based Access Control Technique Scores T1136.003 Cloud Account
ME-RBAC-E3 Role Based Access Control Technique Scores T1136 Create Account
ME-RBAC-E3 Role Based Access Control Technique Scores T1078.004 Cloud Accounts
ME-RBAC-E3 Role Based Access Control Technique Scores T1078 Valid Accounts
ME-RBAC-E3 Role Based Access Control Technique Scores T1087.004 Cloud Account
ME-RBAC-E3 Role Based Access Control Technique Scores T1087 Account Discovery
ME-RBAC-E3 Role Based Access Control Technique Scores T1548.005 Temporary Elevated Cloud Access
ME-PWA-E3 Passwordless Authentication Technique Scores T1539 Steal Web Session Cookie
ME-PWA-E3 Passwordless Authentication Technique Scores T1021.007 Cloud Services
ME-PWA-E3 Passwordless Authentication Technique Scores T1110.004 Credential Stuffing
ME-PWA-E3 Passwordless Authentication Technique Scores T1110.003 Password Spraying
ME-PWA-E3 Passwordless Authentication Technique Scores T1110.002 Password Cracking
ME-PWA-E3 Passwordless Authentication Technique Scores T1110.001 Password Guessing
ME-PWA-E3 Passwordless Authentication Technique Scores T1110 Brute Force
ME-PWA-E3 Passwordless Authentication Technique Scores T1136.003 Cloud Account
ME-PWA-E3 Passwordless Authentication Technique Scores T1098.001 Additional Cloud Credentials
ME-PWA-E3 Passwordless Authentication Technique Scores T1098.003 Additional Cloud Roles
ME-PWA-E3 Passwordless Authentication Technique Scores T1531 Account Access Removal
ME-PWA-E3 Passwordless Authentication Technique Scores T1078.004 Cloud Accounts
ME-PWP-E3 Password Policy Technique Scores T1586.003 Cloud Accounts
ME-PWP-E3 Password Policy Technique Scores T1110.004 Credential Stuffing
ME-PWP-E3 Password Policy Technique Scores T1110.003 Password Spraying
ME-PWP-E3 Password Policy Technique Scores T1110.002 Password Cracking
ME-PWP-E3 Password Policy Technique Scores T1110.001 Password Guessing
ME-PWP-E3 Password Policy Technique Scores T1078 Valid Accounts
ME-PWP-E3 Password Policy Technique Scores T1110 Brute Force
ME-PIM-E5 Privileged Identity Management Technique Scores T1098.003 Additional Cloud Roles
ME-PIM-E5 Privileged Identity Management Technique Scores T1098 Account Manipulation
ME-PIM-E5 Privileged Identity Management Technique Scores T1651 Cloud Administration Command
ME-PIM-E5 Privileged Identity Management Technique Scores T1098.003 Additional Cloud Roles
ME-PIM-E5 Privileged Identity Management Technique Scores T1098.001 Additional Cloud Credentials
ME-PIM-E5 Privileged Identity Management Technique Scores T1098 Account Manipulation
ME-PIM-E5 Privileged Identity Management Technique Scores T1136.003 Cloud Account
ME-PIM-E5 Privileged Identity Management Technique Scores T1136 Create Account
ME-PIM-E5 Privileged Identity Management Technique Scores T1078.004 Cloud Accounts
ME-PIM-E5 Privileged Identity Management Technique Scores T1078 Valid Accounts
ME-PIM-E5 Privileged Identity Management Technique Scores T1556.007 Hybrid Identity
ME-PIM-E5 Privileged Identity Management Technique Scores T1556.006 Multi-Factor Authentication
ME-PIM-E5 Privileged Identity Management Technique Scores T1556 Modify Authentication Process
ME-PP-E3 Password Protection Technique Scores T1586.003 Cloud Accounts
ME-PP-E3 Password Protection Technique Scores T1078 Valid Accounts
ME-PP-E3 Password Protection Technique Scores T1110.004 Credential Stuffing
ME-PP-E3 Password Protection Technique Scores T1110.003 Password Spraying
ME-PP-E3 Password Protection Technique Scores T1110 Brute Force
ME-MFA-E3 Multi-factor Authentication Technique Scores T1078.004 Cloud Accounts
ME-MFA-E3 Multi-factor Authentication Technique Scores T1136.003 Cloud Account
ME-MFA-E3 Multi-factor Authentication Technique Scores T1098.002 Additional Email Delegate Permissions
ME-MFA-E3 Multi-factor Authentication Technique Scores T1098.003 Additional Cloud Roles
ME-MFA-E3 Multi-factor Authentication Technique Scores T1098.001 Additional Cloud Credentials
ME-MFA-E3 Multi-factor Authentication Technique Scores T1098 Account Manipulation
ME-MFA-E3 Multi-factor Authentication Technique Scores T1110.004 Credential Stuffing
ME-MFA-E3 Multi-factor Authentication Technique Scores T1110.003 Password Spraying
ME-MFA-E3 Multi-factor Authentication Technique Scores T1110.002 Password Cracking
ME-MFA-E3 Multi-factor Authentication Technique Scores T1136.003 Cloud Account
ME-MFA-E3 Multi-factor Authentication Technique Scores T1110.001 Password Guessing
ME-MFA-E3 Multi-factor Authentication Technique Scores T1110 Brute Force
ME-MFA-E3 Multi-factor Authentication Technique Scores T1566.001 Spearphishing Attachment
ME-MFA-E3 Multi-factor Authentication Technique Scores T1566.002 Spearphishing Link
ME-MFA-E3 Multi-factor Authentication Technique Scores T1566 Phishing
ME-MFA-E3 Multi-factor Authentication Technique Scores T1530 Data from Cloud Storage
ME-IP-E5 Identity Protection Technique Scores T1098.003 Additional Cloud Roles
ME-IP-E5 Identity Protection Technique Scores T1098.001 Additional Cloud Credentials
ME-IP-E5 Identity Protection Technique Scores T1098 Account Manipulation
ME-IP-E5 Identity Protection Technique Scores T1110.004 Credential Stuffing
ME-IP-E5 Identity Protection Technique Scores T1110.003 Password Spraying
ME-IP-E5 Identity Protection Technique Scores T1110.002 Password Cracking
ME-IP-E5 Identity Protection Technique Scores T1110.001 Password Guessing
ME-IP-E5 Identity Protection Technique Scores T1110 Brute Force
ME-IP-E5 Identity Protection Technique Scores T1621 Multi-Factor Authentication Request Generation
ME-IP-E5 Identity Protection Technique Scores T1556.006 Multi-Factor Authentication
ME-IP-E5 Identity Protection Technique Scores T1556 Modify Authentication Process
ME-IP-E5 Identity Protection Technique Scores T1586.003 Cloud Accounts
ME-IP-E5 Identity Protection Technique Scores T1078 Valid Accounts
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1556.006 Multi-Factor Authentication
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1134.001 Token Impersonation/Theft
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1098.006 Additional Container Cluster Roles
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1098.003 Additional Cloud Roles
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1548.005 Temporary Elevated Cloud Access
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1110 Brute Force
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1585.003 Cloud Accounts
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1585.002 Email Accounts
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1585 Establish Accounts
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1651 Cloud Administration Command
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1114 Email Collection
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1114.002 Remote Email Collection
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1586.003 Cloud Accounts
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1586.002 Email Accounts
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1586 Compromise Accounts
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1531 Account Access Removal
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1586.003 Cloud Accounts
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1078 Valid Accounts
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1539 Steal Web Session Cookie
ME-CA-E5 Conditional Access Technique Scores T1059.009 Cloud API
ME-CA-E5 Conditional Access Technique Scores T1078 Valid Accounts
ME-CA-E5 Conditional Access Technique Scores T1586.003 Cloud Accounts
ME-CA-E5 Conditional Access Technique Scores T1621 Multi-Factor Authentication Request Generation
ME-CA-E5 Conditional Access Technique Scores T1110.004 Credential Stuffing
ME-CA-E5 Conditional Access Technique Scores T1110.003 Password Spraying
ME-CA-E5 Conditional Access Technique Scores T1110.002 Password Cracking
ME-CA-E5 Conditional Access Technique Scores T1110.001 Password Guessing
ME-CA-E5 Conditional Access Technique Scores T1110 Brute Force
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1204.001 Malicious Link
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1204.002 Malicious File
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1204 User Execution
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1080 Taint Shared Content
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1027 Obfuscated Files or Information
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1036 Masquerading
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1059.006 Python
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1059.009 Cloud API
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1059.001 PowerShell
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1059 Command and Scripting Interpreter
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1656 Impersonation
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1534 Internal Spearphishing
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1566.002 Spearphishing Link
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1566.001 Spearphishing Attachment
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1566 Phishing
DO365-TT-E5 Threat Tracker Technique Scores T1566.001 Spearphishing Attachment
DO365-TT-E5 Threat Tracker Technique Scores T1566 Phishing
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1566 Phishing
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1566.001 Spearphishing Attachment
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1566.002 Spearphishing Link
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1534 Internal Spearphishing
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1656 Impersonation
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1189 Drive-by Compromise
DO365-TE-E5 Threat Explorer Technique Scores T1656 Impersonation
DO365-TE-E5 Threat Explorer Technique Scores T1189 Drive-by Compromise
DO365-TE-E5 Threat Explorer Technique Scores T1566 Phishing
DO365-TE-E5 Threat Explorer Technique Scores T1566.002 Spearphishing Link
DO365-TE-E5 Threat Explorer Technique Scores T1566.001 Spearphishing Attachment
DEF-SecScore-E3 Secure Score Technique Scores T1137 Office Application Startup
DEF-SecScore-E3 Secure Score Technique Scores T1072 Software Deployment Tools
DEF-SecScore-E3 Secure Score Technique Scores T1550 Use Alternate Authentication Material
DEF-SecScore-E3 Secure Score Technique Scores T1530 Data from Cloud Storage
DEF-SecScore-E3 Secure Score Technique Scores T1213 Data from Information Repositories
DEF-SecScore-E3 Secure Score Technique Scores T1213.002 Sharepoint
DEF-SecScore-E3 Secure Score Technique Scores T1078.001 Default Accounts
DEF-SecScore-E3 Secure Score Technique Scores T1656 Impersonation
DEF-SecScore-E3 Secure Score Technique Scores T1021 Remote Services
DEF-SecScore-E3 Secure Score Technique Scores T1566.001 Spearphishing Attachment
DEF-SecScore-E3 Secure Score Technique Scores T1566.002 Spearphishing Link
DEF-SecScore-E3 Secure Score Technique Scores T1566 Phishing
DEF-SecScore-E3 Secure Score Technique Scores T1080 Taint Shared Content
DEF-SecScore-E3 Secure Score Technique Scores T1546 Event Triggered Execution
DEF-SecScore-E3 Secure Score Technique Scores T1204.001 Malicious Link
DEF-SecScore-E3 Secure Score Technique Scores T1204.002 Malicious File
DEF-SecScore-E3 Secure Score Technique Scores T1204 User Execution
DEF-SecScore-E3 Secure Score Technique Scores T1189 Drive-by Compromise
DEF-SecScore-E3 Secure Score Technique Scores T1114.002 Remote Email Collection
DEF-SecScore-E3 Secure Score Technique Scores T1114.003 Email Forwarding Rule
DEF-SecScore-E3 Secure Score Technique Scores T1114 Email Collection
DEF-SecScore-E3 Secure Score Technique Scores T1059.009 Cloud API
DEF-SecScore-E3 Secure Score Technique Scores T1021.007 Cloud Services
DEF-SecScore-E3 Secure Score Technique Scores T1136 Create Account
DEF-SecScore-E3 Secure Score Technique Scores T1136.003 Cloud Account
DEF-SecScore-E3 Secure Score Technique Scores T1548 Abuse Elevation Control Mechanism
DEF-SecScore-E3 Secure Score Technique Scores T1651 Cloud Administration Command
DEF-SecScore-E3 Secure Score Technique Scores T1606 Forge Web Credentials
DEF-SecScore-E3 Secure Score Technique Scores T1564 Hide Artifacts
DEF-SecScore-E3 Secure Score Technique Scores T1657 Financial Theft
DEF-SecScore-E3 Secure Score Technique Scores T1567.004 Exfiltration Over Webhook
DEF-SecScore-E3 Secure Score Technique Scores T1564.008 Email Hiding Rules
DEF-SecScore-E3 Secure Score Technique Scores T1110.004 Credential Stuffing
DEF-SecScore-E3 Secure Score Technique Scores T1110.003 Password Spraying
DEF-SecScore-E3 Secure Score Technique Scores T1110.002 Password Cracking
DEF-SecScore-E3 Secure Score Technique Scores T1110.001 Password Guessing
DEF-SecScore-E3 Secure Score Technique Scores T1110 Brute Force
DEF-SecScore-E3 Secure Score Technique Scores T1211 Exploitation for Defense Evasion
DEF-SecScore-E3 Secure Score Technique Scores T1562.008 Disable or Modify Cloud Logs
DEF-SecScore-E3 Secure Score Technique Scores T1562 Impair Defenses
DEF-SecScore-E3 Secure Score Technique Scores T1534 Internal Spearphishing
DEF-SecScore-E3 Secure Score Technique Scores T1078 Valid Accounts
DEF-SecScore-E3 Secure Score Technique Scores T1078.004 Cloud Accounts
DEF-SecScore-E3 Secure Score Technique Scores T1550 Use Alternate Authentication Material
DEF-SecScore-E3 Secure Score Technique Scores T1550.001 Application Access Token
DEF-SecScore-E3 Secure Score Technique Scores T1114.002 Remote Email Collection
DEF-SecScore-E3 Secure Score Technique Scores T1114.003 Email Forwarding Rule
DEF-SecScore-E3 Secure Score Technique Scores T1567.002 Exfiltration to Cloud Storage
DEF-SecScore-E3 Secure Score Technique Scores T1567 Exfiltration Over Web Service
DEF-SECA-E3 Security Alerts Technique Scores T1011 Exfiltration Over Other Network Medium
DEF-SECA-E3 Security Alerts Technique Scores T1550.002 Pass the Hash
DEF-SECA-E3 Security Alerts Technique Scores T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
DEF-SECA-E3 Security Alerts Technique Scores T1550 Use Alternate Authentication Material
DEF-SECA-E3 Security Alerts Technique Scores T1557 Adversary-in-the-Middle
DEF-SECA-E3 Security Alerts Technique Scores T1606 Forge Web Credentials
DEF-SECA-E3 Security Alerts Technique Scores T1187 Forced Authentication
DEF-SECA-E3 Security Alerts Technique Scores T1552.004 Private Keys
DEF-SECA-E3 Security Alerts Technique Scores T1003.006 DCSync
DEF-SECA-E3 Security Alerts Technique Scores T1003 OS Credential Dumping
DEF-SECA-E3 Security Alerts Technique Scores T1134.001 Token Impersonation/Theft
DEF-SECA-E3 Security Alerts Technique Scores T1134 Access Token Manipulation
DEF-SECA-E3 Security Alerts Technique Scores T1558.004 AS-REP Roasting
DEF-SECA-E3 Security Alerts Technique Scores T1558.003 Kerberoasting
DEF-SECA-E3 Security Alerts Technique Scores T1555 Credentials from Password Stores
DEF-SECA-E3 Security Alerts Technique Scores T1558.001 Golden Ticket
DEF-SECA-E3 Security Alerts Technique Scores T1110.003 Password Spraying
DEF-SECA-E3 Security Alerts Technique Scores T1110.001 Password Guessing
DEF-SECA-E3 Security Alerts Technique Scores T1110 Brute Force
DEF-SECA-E3 Security Alerts Technique Scores T1484.001 Group Policy Modification
DEF-SECA-E3 Security Alerts Technique Scores T1078 Valid Accounts
DEF-SECA-E3 Security Alerts Technique Scores T1484 Domain Policy Modification
DEF-SECA-E3 Security Alerts Technique Scores T1134.005 SID-History Injection
DEF-SECA-E3 Security Alerts Technique Scores T1134 Access Token Manipulation
DEF-SECA-E3 Security Alerts Technique Scores T1484 Domain Policy Modification
DEF-SECA-E3 Security Alerts Technique Scores T1098 Account Manipulation
DEF-SECA-E3 Security Alerts Technique Scores T1556.001 Domain Controller Authentication
DEF-SECA-E3 Security Alerts Technique Scores T1556 Modify Authentication Process
DEF-SECA-E3 Security Alerts Technique Scores T1210 Exploitation of Remote Services
DEF-SECA-E3 Security Alerts Technique Scores T1068 Exploitation for Privilege Escalation
DEF-SECA-E3 Security Alerts Technique Scores T1558.001 Golden Ticket
DEF-SECA-E3 Security Alerts Technique Scores T1558 Steal or Forge Kerberos Tickets
DEF-SECA-E3 Security Alerts Technique Scores T1134.001 Token Impersonation/Theft
DEF-SECA-E3 Security Alerts Technique Scores T1202 Indirect Command Execution
DEF-SECA-E3 Security Alerts Technique Scores T1069.002 Domain Groups
DEF-SECA-E3 Security Alerts Technique Scores T1069 Permission Groups Discovery
DEF-SECA-E3 Security Alerts Technique Scores T1049 System Network Connections Discovery
DEF-SECA-E3 Security Alerts Technique Scores T1018 Remote System Discovery
DEF-SECA-E3 Security Alerts Technique Scores T1046 Network Service Discovery
DEF-SECA-E3 Security Alerts Technique Scores T1087 Account Discovery
DEF-SECA-E3 Security Alerts Technique Scores T1087.002 Domain Account
DO365-SL-E3 Safe Links Technique Scores T1204 User Execution
DO365-SL-E3 Safe Links Technique Scores T1204.001 Malicious Link
DO365-SL-E3 Safe Links Technique Scores T1566 Phishing
DO365-SL-E3 Safe Links Technique Scores T1566.002 Spearphishing Link
DO365-SL-E3 Safe Links Technique Scores T1534 Internal Spearphishing
DEF-SA-E3 Safe Attachments Technique Scores T1566 Phishing
DEF-SA-E3 Safe Attachments Technique Scores T1598 Phishing for Information
DEF-SA-E3 Safe Attachments Technique Scores T1204 User Execution
DEF-SA-E3 Safe Attachments Technique Scores T1204.002 Malicious File
DEF-SA-E3 Safe Attachments Technique Scores T1598.002 Spearphishing Attachment
DEF-SA-E3 Safe Attachments Technique Scores T1566.001 Spearphishing Attachment
DEF-SA-E3 Safe Attachments Technique Scores T1566.001 Spearphishing Attachment
DEF-SA-E3 Safe Attachments Technique Scores T1566 Phishing
DEF-SA-E3 Safe Attachments Technique Scores T1598.002 Spearphishing Attachment
DEF-SA-E3 Safe Attachments Technique Scores T1598 Phishing for Information
DEF-SA-E3 Safe Attachments Technique Scores T1204.002 Malicious File
DEF-SA-E3 Safe Attachments Technique Scores T1204 User Execution
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1213 Data from Information Repositories
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1213.002 Sharepoint
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1530 Data from Cloud Storage
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1204.001 Malicious Link
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1204.002 Malicious File
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1204 User Execution
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1080 Taint Shared Content
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1027 Obfuscated Files or Information
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1036 Masquerading
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1656 Impersonation
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1534 Internal Spearphishing
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1566.002 Spearphishing Link
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1566 Phishing
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1566.001 Spearphishing Attachment
DO365-PSP-E3 Preset Security Policies Technique Scores T1534 Internal Spearphishing
DO365-PSP-E3 Preset Security Policies Technique Scores T1656 Impersonation
DO365-PSP-E3 Preset Security Policies Technique Scores T1189 Drive-by Compromise
DO365-PSP-E3 Preset Security Policies Technique Scores T1566 Phishing
DO365-PSP-E3 Preset Security Policies Technique Scores T1566.002 Spearphishing Link
DO365-PSP-E3 Preset Security Policies Technique Scores T1566.001 Spearphishing Attachment
DO365-PSP-E3 Preset Security Policies Technique Scores T1204 User Execution
DO365-PSP-E3 Preset Security Policies Technique Scores T1204.001 Malicious Link
DEF-LM-E5 Lateral Movements Technique Scores T1078.004 Cloud Accounts
DEF-LM-E5 Lateral Movements Technique Scores T1098.003 Additional Cloud Roles
DEF-LM-E5 Lateral Movements Technique Scores T1098 Account Manipulation
DEF-LM-E5 Lateral Movements Technique Scores T1213.002 Sharepoint
DEF-LM-E5 Lateral Movements Technique Scores T1530 Data from Cloud Storage
DEF-LM-E5 Lateral Movements Technique Scores T1110.004 Credential Stuffing
DEF-LM-E5 Lateral Movements Technique Scores T1110.002 Password Cracking
DEF-LM-E5 Lateral Movements Technique Scores T1110.003 Password Spraying
DEF-LM-E5 Lateral Movements Technique Scores T1110.001 Password Guessing
DEF-LM-E5 Lateral Movements Technique Scores T1110 Brute Force
DEF-LM-E5 Lateral Movements Technique Scores T1550.002 Pass the Hash
DEF-LM-E5 Lateral Movements Technique Scores T1550.003 Pass the Ticket
DEF-LM-E5 Lateral Movements Technique Scores T1550 Use Alternate Authentication Material
DEF-LM-E5 Lateral Movements Technique Scores T1068 Exploitation for Privilege Escalation
DEF-LM-E5 Lateral Movements Technique Scores T1210 Exploitation of Remote Services
DEF-LM-E5 Lateral Movements Technique Scores T1078 Valid Accounts
DEF-IR-E5 Incident Response Technique Scores T1098 Account Manipulation
DEF-IR-E5 Incident Response Technique Scores T1098.001 Additional Cloud Credentials
DEF-IR-E5 Incident Response Technique Scores T1098.002 Additional Email Delegate Permissions
DEF-IR-E5 Incident Response Technique Scores T1098.003 Additional Cloud Roles
DEF-IR-E5 Incident Response Technique Scores T1531 Account Access Removal
DEF-IR-E5 Incident Response Technique Scores T1110 Brute Force
DEF-IR-E5 Incident Response Technique Scores T1110.001 Password Guessing
DEF-IR-E5 Incident Response Technique Scores T1110.002 Password Cracking
DEF-IR-E5 Incident Response Technique Scores T1110.003 Password Spraying
DEF-IR-E5 Incident Response Technique Scores T1110.004 Credential Stuffing
DEF-IR-E5 Incident Response Technique Scores T1136 Create Account
DEF-IR-E5 Incident Response Technique Scores T1136.003 Cloud Account
DEF-IR-E5 Incident Response Technique Scores T1538 Cloud Service Dashboard
DEF-IR-E5 Incident Response Technique Scores T1059 Command and Scripting Interpreter
DEF-IR-E5 Incident Response Technique Scores T1059.009 Cloud API
DEF-IR-E5 Incident Response Technique Scores T1530 Data from Cloud Storage
DEF-IR-E5 Incident Response Technique Scores T1213 Data from Information Repositories
DEF-IR-E5 Incident Response Technique Scores T1213.002 Sharepoint
DEF-IR-E5 Incident Response Technique Scores T1606 Forge Web Credentials
DEF-IR-E5 Incident Response Technique Scores T1606.002 SAML Tokens
DEF-IR-E5 Incident Response Technique Scores T1564 Hide Artifacts
DEF-IR-E5 Incident Response Technique Scores T1564.008 Email Hiding Rules
DEF-IR-E5 Incident Response Technique Scores T1562 Impair Defenses
DEF-IR-E5 Incident Response Technique Scores T1562.008 Disable or Modify Cloud Logs
DEF-IR-E5 Incident Response Technique Scores T1556 Modify Authentication Process
DEF-IR-E5 Incident Response Technique Scores T1556.006 Multi-Factor Authentication
DEF-IR-E5 Incident Response Technique Scores T1621 Multi-Factor Authentication Request Generation
DEF-IR-E5 Incident Response Technique Scores T1566 Phishing
DEF-IR-E5 Incident Response Technique Scores T1598.003 Spearphishing Link
DEF-IR-E5 Incident Response Technique Scores T1598.004 Spearphishing Voice
DEF-IR-E5 Incident Response Technique Scores T1552 Unsecured Credentials
DEF-IR-E5 Incident Response Technique Scores T1552.008 Chat Messages
DEF-IR-E5 Incident Response Technique Scores T1550 Use Alternate Authentication Material
DEF-IR-E5 Incident Response Technique Scores T1550.001 Application Access Token
DEF-IR-E5 Incident Response Technique Scores T1550.004 Web Session Cookie
DEF-IR-E5 Incident Response Technique Scores T1078 Valid Accounts
DEF-IR-E5 Incident Response Technique Scores T1087.004 Cloud Account
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1550 Use Alternate Authentication Material
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1550 Use Alternate Authentication Material
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1539 Steal Web Session Cookie
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1539 Steal Web Session Cookie
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1528 Steal Application Access Token
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1528 Steal Application Access Token
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204.001 Malicious Link
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1189 Drive-by Compromise
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566.002 Spearphishing Link
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1598 Phishing for Information
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566.001 Spearphishing Attachment
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566 Phishing
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204.002 Malicious File
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204 User Execution
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204 User Execution
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204.002 Malicious File
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566 Phishing
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566.001 Spearphishing Attachment
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1598.002 Spearphishing Attachment
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1598 Phishing for Information
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204.001 Malicious Link
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1189 Drive-by Compromise
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566.002 Spearphishing Link
DO365-AG-E5 App Governance Technique Scores T1548 Abuse Elevation Control Mechanism
DO365-AG-E5 App Governance Technique Scores T1087 Account Discovery
DO365-AG-E5 App Governance Technique Scores T1087.004 Cloud Account
DO365-AG-E5 App Governance Technique Scores T1110 Brute Force
DO365-AG-E5 App Governance Technique Scores T1110.001 Password Guessing
DO365-AG-E5 App Governance Technique Scores T1110.002 Password Cracking
DO365-AG-E5 App Governance Technique Scores T1110.003 Password Spraying
DO365-AG-E5 App Governance Technique Scores T1110.004 Credential Stuffing
DO365-AG-E5 App Governance Technique Scores T1538 Cloud Service Dashboard
DO365-AG-E5 App Governance Technique Scores T1606 Forge Web Credentials
DO365-AG-E5 App Governance Technique Scores T1606.002 SAML Tokens
DO365-AG-E5 App Governance Technique Scores T1562 Impair Defenses
DO365-AG-E5 App Governance Technique Scores T1562.008 Disable or Modify Cloud Logs
DO365-AG-E5 App Governance Technique Scores T1556 Modify Authentication Process
DO365-AG-E5 App Governance Technique Scores T1556.006 Multi-Factor Authentication
DO365-AG-E5 App Governance Technique Scores T1621 Multi-Factor Authentication Request Generation
DO365-AG-E5 App Governance Technique Scores T1566 Phishing
DO365-AG-E5 App Governance Technique Scores T1528 Steal Application Access Token
DO365-AG-E5 App Governance Technique Scores T1199 Trusted Relationship
DO365-AG-E5 App Governance Technique Scores T1078 Valid Accounts
DO365-AG-E5 App Governance Technique Scores T1078.004 Cloud Accounts
DO365-AS-E3 Anti-Spoofing Technique Scores T1566 Phishing
DO365-AS-E3 Anti-Spoofing Technique Scores T1566.002 Spearphishing Link
DO365-AS-E3 Anti-Spoofing Technique Scores T1656 Impersonation
DO365-AS-E3 Anti-Spoofing Technique Scores T1534 Internal Spearphishing
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1137 Office Application Startup
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1048 Exfiltration Over Alternative Protocol
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1567 Exfiltration Over Web Service
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1564.008 Email Hiding Rules
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1114 Email Collection
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1114.003 Email Forwarding Rule
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1550 Use Alternate Authentication Material
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1204.002 Malicious File
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1204.001 Malicious Link
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1078.004 Cloud Accounts
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1078 Valid Accounts
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1534 Internal Spearphishing
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1656 Impersonation
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1566.001 Spearphishing Attachment
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1566.002 Spearphishing Link
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1566 Phishing
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1189 Drive-by Compromise
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1087 Account Discovery
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1087.004 Cloud Account
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1110 Brute Force
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1110.001 Password Guessing
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1110.002 Password Cracking
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1110.003 Password Spraying
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1110.004 Credential Stuffing
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1538 Cloud Service Dashboard
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1189 Drive-by Compromise
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1114 Email Collection
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1114.002 Remote Email Collection
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1546 Event Triggered Execution
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1567 Exfiltration Over Web Service
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1567.004 Exfiltration Over Webhook
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1048 Exfiltration Over Alternative Protocol
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1606 Forge Web Credentials
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1562 Impair Defenses
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1562.008 Disable or Modify Cloud Logs
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1534 Internal Spearphishing
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1556 Modify Authentication Process
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1556.006 Multi-Factor Authentication
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1621 Multi-Factor Authentication Request Generation
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1566 Phishing
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1566.002 Spearphishing Link
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1199 Trusted Relationship
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1552 Unsecured Credentials
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1078 Valid Accounts
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1078.004 Cloud Accounts
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1656 Impersonation
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1656 Impersonation
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1656 Impersonation
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1534 Internal Spearphishing
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1534 Internal Spearphishing
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.002 Spearphishing Link
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.002 Spearphishing Link
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.002 Spearphishing Link
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.001 Spearphishing Attachment
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.001 Spearphishing Attachment
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.001 Spearphishing Attachment
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566 Phishing
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566 Phishing
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566 Phishing
PUR-PAM-E5 Privileged Access Management Technique Scores T1586.003 Cloud Accounts
PUR-PAM-E5 Privileged Access Management Technique Scores T1078.001 Default Accounts
PUR-PAM-E5 Privileged Access Management Technique Scores T1078 Valid Accounts
PUR-PAM-E5 Privileged Access Management Technique Scores T1133 External Remote Services
PUR-PAM-E5 Privileged Access Management Technique Scores T1213 Data from Information Repositories
PUR-PAM-E5 Privileged Access Management Technique Scores T1213.002 Sharepoint
PUR-PAM-E5 Privileged Access Management Technique Scores T1530 Data from Cloud Storage
PUR-PAM-E5 Privileged Access Management Technique Scores T1059 Command and Scripting Interpreter
PUR-PAM-E5 Privileged Access Management Technique Scores T1059.009 Cloud API
PUR-PAM-E5 Privileged Access Management Technique Scores T1651 Cloud Administration Command
PUR-PAM-E5 Privileged Access Management Technique Scores T1098.001 Additional Cloud Credentials
PUR-PAM-E5 Privileged Access Management Technique Scores T1098.003 Additional Cloud Roles
PUR-PAM-E5 Privileged Access Management Technique Scores T1098 Account Manipulation