M365 Microsoft 365 Defender Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1204.001 Malicious Link
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1204.002 Malicious File
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1204 User Execution
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1080 Taint Shared Content
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1027 Obfuscated Files or Information
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1036 Masquerading
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1059.006 Python
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1059.009 Cloud API
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1059.001 PowerShell
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1059 Command and Scripting Interpreter
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1656 Impersonation
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1534 Internal Spearphishing
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1566.002 Spearphishing Link
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1566.001 Spearphishing Attachment
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1566 Phishing
DO365-TT-E5 Threat Tracker Technique Scores T1566.001 Spearphishing Attachment
DO365-TT-E5 Threat Tracker Technique Scores T1566 Phishing
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1566 Phishing
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1566.001 Spearphishing Attachment
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1566.002 Spearphishing Link
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1534 Internal Spearphishing
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1656 Impersonation
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1189 Drive-by Compromise
DO365-TE-E5 Threat Explorer Technique Scores T1656 Impersonation
DO365-TE-E5 Threat Explorer Technique Scores T1189 Drive-by Compromise
DO365-TE-E5 Threat Explorer Technique Scores T1566 Phishing
DO365-TE-E5 Threat Explorer Technique Scores T1566.002 Spearphishing Link
DO365-TE-E5 Threat Explorer Technique Scores T1566.001 Spearphishing Attachment
DEF-SecScore-E3 Secure Score Technique Scores T1137 Office Application Startup
DEF-SecScore-E3 Secure Score Technique Scores T1072 Software Deployment Tools
DEF-SecScore-E3 Secure Score Technique Scores T1550 Use Alternate Authentication Material
DEF-SecScore-E3 Secure Score Technique Scores T1530 Data from Cloud Storage
DEF-SecScore-E3 Secure Score Technique Scores T1213 Data from Information Repositories
DEF-SecScore-E3 Secure Score Technique Scores T1213.002 Sharepoint
DEF-SecScore-E3 Secure Score Technique Scores T1078.001 Default Accounts
DEF-SecScore-E3 Secure Score Technique Scores T1656 Impersonation
DEF-SecScore-E3 Secure Score Technique Scores T1021 Remote Services
DEF-SecScore-E3 Secure Score Technique Scores T1566.001 Spearphishing Attachment
DEF-SecScore-E3 Secure Score Technique Scores T1566.002 Spearphishing Link
DEF-SecScore-E3 Secure Score Technique Scores T1566 Phishing
DEF-SecScore-E3 Secure Score Technique Scores T1080 Taint Shared Content
DEF-SecScore-E3 Secure Score Technique Scores T1546 Event Triggered Execution
DEF-SecScore-E3 Secure Score Technique Scores T1204.001 Malicious Link
DEF-SecScore-E3 Secure Score Technique Scores T1204.002 Malicious File
DEF-SecScore-E3 Secure Score Technique Scores T1204 User Execution
DEF-SecScore-E3 Secure Score Technique Scores T1189 Drive-by Compromise
DEF-SecScore-E3 Secure Score Technique Scores T1114.002 Remote Email Collection
DEF-SecScore-E3 Secure Score Technique Scores T1114.003 Email Forwarding Rule
DEF-SecScore-E3 Secure Score Technique Scores T1114 Email Collection
DEF-SecScore-E3 Secure Score Technique Scores T1059.009 Cloud API
DEF-SecScore-E3 Secure Score Technique Scores T1021.007 Cloud Services
DEF-SecScore-E3 Secure Score Technique Scores T1136 Create Account
DEF-SecScore-E3 Secure Score Technique Scores T1136.003 Cloud Account
DEF-SecScore-E3 Secure Score Technique Scores T1548 Abuse Elevation Control Mechanism
DEF-SecScore-E3 Secure Score Technique Scores T1651 Cloud Administration Command
DEF-SecScore-E3 Secure Score Technique Scores T1606 Forge Web Credentials
DEF-SecScore-E3 Secure Score Technique Scores T1564 Hide Artifacts
DEF-SecScore-E3 Secure Score Technique Scores T1657 Financial Theft
DEF-SecScore-E3 Secure Score Technique Scores T1567.004 Exfiltration Over Webhook
DEF-SecScore-E3 Secure Score Technique Scores T1564.008 Email Hiding Rules
DEF-SecScore-E3 Secure Score Technique Scores T1110.004 Credential Stuffing
DEF-SecScore-E3 Secure Score Technique Scores T1110.003 Password Spraying
DEF-SecScore-E3 Secure Score Technique Scores T1110.002 Password Cracking
DEF-SecScore-E3 Secure Score Technique Scores T1110.001 Password Guessing
DEF-SecScore-E3 Secure Score Technique Scores T1110 Brute Force
DEF-SecScore-E3 Secure Score Technique Scores T1211 Exploitation for Defense Evasion
DEF-SecScore-E3 Secure Score Technique Scores T1562.008 Disable or Modify Cloud Logs
DEF-SecScore-E3 Secure Score Technique Scores T1562 Impair Defenses
DEF-SecScore-E3 Secure Score Technique Scores T1534 Internal Spearphishing
DEF-SecScore-E3 Secure Score Technique Scores T1078 Valid Accounts
DEF-SecScore-E3 Secure Score Technique Scores T1078.004 Cloud Accounts
DEF-SecScore-E3 Secure Score Technique Scores T1550 Use Alternate Authentication Material
DEF-SecScore-E3 Secure Score Technique Scores T1550.001 Application Access Token
DEF-SecScore-E3 Secure Score Technique Scores T1114.002 Remote Email Collection
DEF-SecScore-E3 Secure Score Technique Scores T1114.003 Email Forwarding Rule
DEF-SecScore-E3 Secure Score Technique Scores T1567.002 Exfiltration to Cloud Storage
DEF-SecScore-E3 Secure Score Technique Scores T1567 Exfiltration Over Web Service
DEF-SECA-E3 Security Alerts Technique Scores T1011 Exfiltration Over Other Network Medium
DEF-SECA-E3 Security Alerts Technique Scores T1550.002 Pass the Hash
DEF-SECA-E3 Security Alerts Technique Scores T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
DEF-SECA-E3 Security Alerts Technique Scores T1550 Use Alternate Authentication Material
DEF-SECA-E3 Security Alerts Technique Scores T1557 Adversary-in-the-Middle
DEF-SECA-E3 Security Alerts Technique Scores T1606 Forge Web Credentials
DEF-SECA-E3 Security Alerts Technique Scores T1187 Forced Authentication
DEF-SECA-E3 Security Alerts Technique Scores T1552.004 Private Keys
DEF-SECA-E3 Security Alerts Technique Scores T1003.006 DCSync
DEF-SECA-E3 Security Alerts Technique Scores T1003 OS Credential Dumping
DEF-SECA-E3 Security Alerts Technique Scores T1134.001 Token Impersonation/Theft
DEF-SECA-E3 Security Alerts Technique Scores T1134 Access Token Manipulation
DEF-SECA-E3 Security Alerts Technique Scores T1558.004 AS-REP Roasting
DEF-SECA-E3 Security Alerts Technique Scores T1558.003 Kerberoasting
DEF-SECA-E3 Security Alerts Technique Scores T1555 Credentials from Password Stores
DEF-SECA-E3 Security Alerts Technique Scores T1558.001 Golden Ticket
DEF-SECA-E3 Security Alerts Technique Scores T1110.003 Password Spraying
DEF-SECA-E3 Security Alerts Technique Scores T1110.001 Password Guessing
DEF-SECA-E3 Security Alerts Technique Scores T1110 Brute Force
DEF-SECA-E3 Security Alerts Technique Scores T1484.001 Group Policy Modification
DEF-SECA-E3 Security Alerts Technique Scores T1078 Valid Accounts
DEF-SECA-E3 Security Alerts Technique Scores T1484 Domain Policy Modification
DEF-SECA-E3 Security Alerts Technique Scores T1134.005 SID-History Injection
DEF-SECA-E3 Security Alerts Technique Scores T1134 Access Token Manipulation
DEF-SECA-E3 Security Alerts Technique Scores T1484 Domain Policy Modification
DEF-SECA-E3 Security Alerts Technique Scores T1098 Account Manipulation
DEF-SECA-E3 Security Alerts Technique Scores T1556.001 Domain Controller Authentication
DEF-SECA-E3 Security Alerts Technique Scores T1556 Modify Authentication Process
DEF-SECA-E3 Security Alerts Technique Scores T1210 Exploitation of Remote Services
DEF-SECA-E3 Security Alerts Technique Scores T1068 Exploitation for Privilege Escalation
DEF-SECA-E3 Security Alerts Technique Scores T1558.001 Golden Ticket
DEF-SECA-E3 Security Alerts Technique Scores T1558 Steal or Forge Kerberos Tickets
DEF-SECA-E3 Security Alerts Technique Scores T1134.001 Token Impersonation/Theft
DEF-SECA-E3 Security Alerts Technique Scores T1202 Indirect Command Execution
DEF-SECA-E3 Security Alerts Technique Scores T1069.002 Domain Groups
DEF-SECA-E3 Security Alerts Technique Scores T1069 Permission Groups Discovery
DEF-SECA-E3 Security Alerts Technique Scores T1049 System Network Connections Discovery
DEF-SECA-E3 Security Alerts Technique Scores T1018 Remote System Discovery
DEF-SECA-E3 Security Alerts Technique Scores T1046 Network Service Discovery
DEF-SECA-E3 Security Alerts Technique Scores T1087 Account Discovery
DEF-SECA-E3 Security Alerts Technique Scores T1087.002 Domain Account
DO365-SL-E3 Safe Links Technique Scores T1204 User Execution
DO365-SL-E3 Safe Links Technique Scores T1204.001 Malicious Link
DO365-SL-E3 Safe Links Technique Scores T1566 Phishing
DO365-SL-E3 Safe Links Technique Scores T1566.002 Spearphishing Link
DO365-SL-E3 Safe Links Technique Scores T1534 Internal Spearphishing
DEF-SA-E3 Safe Attachments Technique Scores T1566 Phishing
DEF-SA-E3 Safe Attachments Technique Scores T1598 Phishing for Information
DEF-SA-E3 Safe Attachments Technique Scores T1204 User Execution
DEF-SA-E3 Safe Attachments Technique Scores T1204.002 Malicious File
DEF-SA-E3 Safe Attachments Technique Scores T1598.002 Spearphishing Attachment
DEF-SA-E3 Safe Attachments Technique Scores T1566.001 Spearphishing Attachment
DEF-SA-E3 Safe Attachments Technique Scores T1566.001 Spearphishing Attachment
DEF-SA-E3 Safe Attachments Technique Scores T1566 Phishing
DEF-SA-E3 Safe Attachments Technique Scores T1598.002 Spearphishing Attachment
DEF-SA-E3 Safe Attachments Technique Scores T1598 Phishing for Information
DEF-SA-E3 Safe Attachments Technique Scores T1204.002 Malicious File
DEF-SA-E3 Safe Attachments Technique Scores T1204 User Execution
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1213 Data from Information Repositories
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1213.002 Sharepoint
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1530 Data from Cloud Storage
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1204.001 Malicious Link
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1204.002 Malicious File
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1204 User Execution
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1080 Taint Shared Content
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1027 Obfuscated Files or Information
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1036 Masquerading
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1656 Impersonation
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1534 Internal Spearphishing
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1566.002 Spearphishing Link
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1566 Phishing
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1566.001 Spearphishing Attachment
DO365-PSP-E3 Preset Security Policies Technique Scores T1534 Internal Spearphishing
DO365-PSP-E3 Preset Security Policies Technique Scores T1656 Impersonation
DO365-PSP-E3 Preset Security Policies Technique Scores T1189 Drive-by Compromise
DO365-PSP-E3 Preset Security Policies Technique Scores T1566 Phishing
DO365-PSP-E3 Preset Security Policies Technique Scores T1566.002 Spearphishing Link
DO365-PSP-E3 Preset Security Policies Technique Scores T1566.001 Spearphishing Attachment
DO365-PSP-E3 Preset Security Policies Technique Scores T1204 User Execution
DO365-PSP-E3 Preset Security Policies Technique Scores T1204.001 Malicious Link
DEF-LM-E5 Lateral Movements Technique Scores T1078.004 Cloud Accounts
DEF-LM-E5 Lateral Movements Technique Scores T1098.003 Additional Cloud Roles
DEF-LM-E5 Lateral Movements Technique Scores T1098 Account Manipulation
DEF-LM-E5 Lateral Movements Technique Scores T1213.002 Sharepoint
DEF-LM-E5 Lateral Movements Technique Scores T1530 Data from Cloud Storage
DEF-LM-E5 Lateral Movements Technique Scores T1110.004 Credential Stuffing
DEF-LM-E5 Lateral Movements Technique Scores T1110.002 Password Cracking
DEF-LM-E5 Lateral Movements Technique Scores T1110.003 Password Spraying
DEF-LM-E5 Lateral Movements Technique Scores T1110.001 Password Guessing
DEF-LM-E5 Lateral Movements Technique Scores T1110 Brute Force
DEF-LM-E5 Lateral Movements Technique Scores T1550.002 Pass the Hash
DEF-LM-E5 Lateral Movements Technique Scores T1550.003 Pass the Ticket
DEF-LM-E5 Lateral Movements Technique Scores T1550 Use Alternate Authentication Material
DEF-LM-E5 Lateral Movements Technique Scores T1068 Exploitation for Privilege Escalation
DEF-LM-E5 Lateral Movements Technique Scores T1210 Exploitation of Remote Services
DEF-LM-E5 Lateral Movements Technique Scores T1078 Valid Accounts
DEF-IR-E5 Incident Response Technique Scores T1098 Account Manipulation
DEF-IR-E5 Incident Response Technique Scores T1098.001 Additional Cloud Credentials
DEF-IR-E5 Incident Response Technique Scores T1098.002 Additional Email Delegate Permissions
DEF-IR-E5 Incident Response Technique Scores T1098.003 Additional Cloud Roles
DEF-IR-E5 Incident Response Technique Scores T1531 Account Access Removal
DEF-IR-E5 Incident Response Technique Scores T1110 Brute Force
DEF-IR-E5 Incident Response Technique Scores T1110.001 Password Guessing
DEF-IR-E5 Incident Response Technique Scores T1110.002 Password Cracking
DEF-IR-E5 Incident Response Technique Scores T1110.003 Password Spraying
DEF-IR-E5 Incident Response Technique Scores T1110.004 Credential Stuffing
DEF-IR-E5 Incident Response Technique Scores T1136 Create Account
DEF-IR-E5 Incident Response Technique Scores T1136.003 Cloud Account
DEF-IR-E5 Incident Response Technique Scores T1538 Cloud Service Dashboard
DEF-IR-E5 Incident Response Technique Scores T1059 Command and Scripting Interpreter
DEF-IR-E5 Incident Response Technique Scores T1059.009 Cloud API
DEF-IR-E5 Incident Response Technique Scores T1530 Data from Cloud Storage
DEF-IR-E5 Incident Response Technique Scores T1213 Data from Information Repositories
DEF-IR-E5 Incident Response Technique Scores T1213.002 Sharepoint
DEF-IR-E5 Incident Response Technique Scores T1606 Forge Web Credentials
DEF-IR-E5 Incident Response Technique Scores T1606.002 SAML Tokens
DEF-IR-E5 Incident Response Technique Scores T1564 Hide Artifacts
DEF-IR-E5 Incident Response Technique Scores T1564.008 Email Hiding Rules
DEF-IR-E5 Incident Response Technique Scores T1562 Impair Defenses
DEF-IR-E5 Incident Response Technique Scores T1562.008 Disable or Modify Cloud Logs
DEF-IR-E5 Incident Response Technique Scores T1556 Modify Authentication Process
DEF-IR-E5 Incident Response Technique Scores T1556.006 Multi-Factor Authentication
DEF-IR-E5 Incident Response Technique Scores T1621 Multi-Factor Authentication Request Generation
DEF-IR-E5 Incident Response Technique Scores T1566 Phishing
DEF-IR-E5 Incident Response Technique Scores T1598.003 Spearphishing Link
DEF-IR-E5 Incident Response Technique Scores T1598.004 Spearphishing Voice
DEF-IR-E5 Incident Response Technique Scores T1552 Unsecured Credentials
DEF-IR-E5 Incident Response Technique Scores T1552.008 Chat Messages
DEF-IR-E5 Incident Response Technique Scores T1550 Use Alternate Authentication Material
DEF-IR-E5 Incident Response Technique Scores T1550.001 Application Access Token
DEF-IR-E5 Incident Response Technique Scores T1550.004 Web Session Cookie
DEF-IR-E5 Incident Response Technique Scores T1078 Valid Accounts
DEF-IR-E5 Incident Response Technique Scores T1087.004 Cloud Account
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1550 Use Alternate Authentication Material
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1550 Use Alternate Authentication Material
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1539 Steal Web Session Cookie
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1539 Steal Web Session Cookie
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1528 Steal Application Access Token
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1528 Steal Application Access Token
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204.001 Malicious Link
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1189 Drive-by Compromise
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566.002 Spearphishing Link
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1598 Phishing for Information
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566.001 Spearphishing Attachment
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566 Phishing
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204.002 Malicious File
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204 User Execution
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204 User Execution
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204.002 Malicious File
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566 Phishing
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566.001 Spearphishing Attachment
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1598.002 Spearphishing Attachment
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1598 Phishing for Information
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204.001 Malicious Link
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1189 Drive-by Compromise
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566.002 Spearphishing Link
DO365-AG-E5 App Governance Technique Scores T1548 Abuse Elevation Control Mechanism
DO365-AG-E5 App Governance Technique Scores T1087 Account Discovery
DO365-AG-E5 App Governance Technique Scores T1087.004 Cloud Account
DO365-AG-E5 App Governance Technique Scores T1110 Brute Force
DO365-AG-E5 App Governance Technique Scores T1110.001 Password Guessing
DO365-AG-E5 App Governance Technique Scores T1110.002 Password Cracking
DO365-AG-E5 App Governance Technique Scores T1110.003 Password Spraying
DO365-AG-E5 App Governance Technique Scores T1110.004 Credential Stuffing
DO365-AG-E5 App Governance Technique Scores T1538 Cloud Service Dashboard
DO365-AG-E5 App Governance Technique Scores T1606 Forge Web Credentials
DO365-AG-E5 App Governance Technique Scores T1606.002 SAML Tokens
DO365-AG-E5 App Governance Technique Scores T1562 Impair Defenses
DO365-AG-E5 App Governance Technique Scores T1562.008 Disable or Modify Cloud Logs
DO365-AG-E5 App Governance Technique Scores T1556 Modify Authentication Process
DO365-AG-E5 App Governance Technique Scores T1556.006 Multi-Factor Authentication
DO365-AG-E5 App Governance Technique Scores T1621 Multi-Factor Authentication Request Generation
DO365-AG-E5 App Governance Technique Scores T1566 Phishing
DO365-AG-E5 App Governance Technique Scores T1528 Steal Application Access Token
DO365-AG-E5 App Governance Technique Scores T1199 Trusted Relationship
DO365-AG-E5 App Governance Technique Scores T1078 Valid Accounts
DO365-AG-E5 App Governance Technique Scores T1078.004 Cloud Accounts
DO365-AS-E3 Anti-Spoofing Technique Scores T1566 Phishing
DO365-AS-E3 Anti-Spoofing Technique Scores T1566.002 Spearphishing Link
DO365-AS-E3 Anti-Spoofing Technique Scores T1656 Impersonation
DO365-AS-E3 Anti-Spoofing Technique Scores T1534 Internal Spearphishing
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1137 Office Application Startup
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1048 Exfiltration Over Alternative Protocol
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1567 Exfiltration Over Web Service
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1564.008 Email Hiding Rules
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1114 Email Collection
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1114.003 Email Forwarding Rule
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1550 Use Alternate Authentication Material
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1204.002 Malicious File
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1204.001 Malicious Link
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1078.004 Cloud Accounts
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1078 Valid Accounts
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1534 Internal Spearphishing
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1656 Impersonation
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1566.001 Spearphishing Attachment
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1566.002 Spearphishing Link
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1566 Phishing
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1189 Drive-by Compromise
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1087 Account Discovery
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1087.004 Cloud Account
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1110 Brute Force
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1110.001 Password Guessing
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1110.002 Password Cracking
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1110.003 Password Spraying
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1110.004 Credential Stuffing
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1538 Cloud Service Dashboard
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1189 Drive-by Compromise
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1114 Email Collection
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1114.002 Remote Email Collection
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1546 Event Triggered Execution
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1567 Exfiltration Over Web Service
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1567.004 Exfiltration Over Webhook
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1048 Exfiltration Over Alternative Protocol
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1606 Forge Web Credentials
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1562 Impair Defenses
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1562.008 Disable or Modify Cloud Logs
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1534 Internal Spearphishing
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1556 Modify Authentication Process
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1556.006 Multi-Factor Authentication
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1621 Multi-Factor Authentication Request Generation
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1566 Phishing
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1566.002 Spearphishing Link
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1199 Trusted Relationship
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1552 Unsecured Credentials
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1078 Valid Accounts
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1078.004 Cloud Accounts
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1656 Impersonation
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1656 Impersonation
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1656 Impersonation
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1534 Internal Spearphishing
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1534 Internal Spearphishing
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.002 Spearphishing Link
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.002 Spearphishing Link
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.002 Spearphishing Link
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.001 Spearphishing Attachment
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.001 Spearphishing Attachment
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.001 Spearphishing Attachment
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566 Phishing
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566 Phishing
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566 Phishing

Capabilities

Capability ID Capability Name Number of Mappings
DEF-Quarantine-E3 Quarantine Policies 14
DEF-SIM-E5 ATT&CK Simulation Training 23
M365-DEF-ZAP-E3 Zero Hour Auto Purge 15
DEF-LM-E5 Lateral Movements 16
DEF-SecScore-E3 Secure Score 49
DO365-SL-E3 Safe Links 5
DO365-TPSR-E3 Threat Protection Status Report 6
DO365-AS-E3 Anti-Spoofing 4
DO365-AAP-E5 Advanced Anti-phishing 14
DO365-TT-E5 Threat Tracker 2
DEF-IR-E5 Incident Response 37
DEF-SA-E3 Safe Attachments 12
DO365-PSP-E3 Preset Security Policies 8
DEF-SECA-E3 Security Alerts 41
DEF-AIR-E5 Automated Investigation and Response 17
DO365-AG-E5 App Governance 21
DO365-ATH-E5 Advanced Threat Hunting 28
DO365-TE-E5 Threat Explorer 5