1. Home
  2. Mapping Frameworks
  3. M365 Home
  4. Automated Investigation and Response

M365 DEF-AIR-E5 Mappings

Automated investigation and response (AIR) capabilities include automated investigation processes in response to well-known threats that exist today. Appropriate remediation actions await approval, enabling your security operations team to respond effectively to detected threats.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1137 Office Application Startup
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1048 Exfiltration Over Alternative Protocol
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1567 Exfiltration Over Web Service
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1564.008 Email Hiding Rules
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1114 Email Collection
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1114.003 Email Forwarding Rule
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1550 Use Alternate Authentication Material
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1204.002 Malicious File
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1204.001 Malicious Link
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1078.004 Cloud Accounts
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1078 Valid Accounts
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1534 Internal Spearphishing
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1656 Impersonation
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1566.001 Spearphishing Attachment
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1566.002 Spearphishing Link
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1566 Phishing
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1189 Drive-by Compromise