M365 Microsoft Purview Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
PUR-IP-E5 Information Protection Technique Scores T1087 Account Discovery
PUR-IP-E5 Information Protection Technique Scores T1087.004 Cloud Account
PUR-IP-E5 Information Protection Technique Scores T1119 Automated Collection
PUR-IP-E5 Information Protection Technique Scores T1020 Automated Exfiltration
PUR-IP-E5 Information Protection Technique Scores T1530 Data from Cloud Storage
PUR-IP-E5 Information Protection Technique Scores T1048 Exfiltration Over Alternative Protocol
PUR-IP-E5 Information Protection Technique Scores T1567 Exfiltration Over Web Service
PUR-IP-E5 Information Protection Technique Scores T1567.004 Exfiltration Over Webhook
PUR-IP-E5 Information Protection Technique Scores T1546 Event Triggered Execution
PUR-IP-E5 Information Protection Technique Scores T1070 Indicator Removal
PUR-IP-E5 Information Protection Technique Scores T1552 Unsecured Credentials
PUR-IP-E5 Information Protection Technique Scores T1552.008 Chat Messages
PUR-AS-E5 Audit Solutions Technique Scores T1548 Abuse Elevation Control Mechanism
PUR-AS-E5 Audit Solutions Technique Scores T1548.005 Temporary Elevated Cloud Access
PUR-AS-E5 Audit Solutions Technique Scores T1087 Account Discovery
PUR-AS-E5 Audit Solutions Technique Scores T1087.004 Cloud Account
PUR-AS-E5 Audit Solutions Technique Scores T1059 Command and Scripting Interpreter
PUR-AS-E5 Audit Solutions Technique Scores T1059.009 Cloud API
PUR-AS-E5 Audit Solutions Technique Scores T1530 Data from Cloud Storage
PUR-AS-E5 Audit Solutions Technique Scores T1213 Data from Information Repositories
PUR-AS-E5 Audit Solutions Technique Scores T1213.002 Sharepoint
PUR-AS-E5 Audit Solutions Technique Scores T1114 Email Collection
PUR-AS-E5 Audit Solutions Technique Scores T1114.002 Remote Email Collection
PUR-AS-E5 Audit Solutions Technique Scores T1114.003 Email Forwarding Rule
PUR-AS-E5 Audit Solutions Technique Scores T1606 Forge Web Credentials
PUR-AS-E5 Audit Solutions Technique Scores T1564 Hide Artifacts
PUR-AS-E5 Audit Solutions Technique Scores T1564.008 Email Hiding Rules
PUR-AS-E5 Audit Solutions Technique Scores T1546 Event Triggered Execution
PUR-AS-E5 Audit Solutions Technique Scores T1562 Impair Defenses
PUR-AS-E5 Audit Solutions Technique Scores T1562.008 Disable or Modify Cloud Logs
PUR-AS-E5 Audit Solutions Technique Scores T1070 Indicator Removal
PUR-AS-E5 Audit Solutions Technique Scores T1070.008 Clear Mailbox Data
PUR-AS-E5 Audit Solutions Technique Scores T1556 Modify Authentication Process
PUR-AS-E5 Audit Solutions Technique Scores T1556.006 Multi-Factor Authentication
PUR-AS-E5 Audit Solutions Technique Scores T1566 Phishing
PUR-AS-E5 Audit Solutions Technique Scores T1566.002 Spearphishing Link
PUR-AS-E5 Audit Solutions Technique Scores T1528 Steal Application Access Token
PUR-AS-E5 Audit Solutions Technique Scores T1552 Unsecured Credentials
PUR-AS-E5 Audit Solutions Technique Scores T1552.008 Chat Messages
PUR-AS-E5 Audit Solutions Technique Scores T1078 Valid Accounts
PUR-AS-E5 Audit Solutions Technique Scores T1078.004 Cloud Accounts
PUR-PAM-E5 Privileged Access Management Technique Scores T1586.003 Cloud Accounts
PUR-PAM-E5 Privileged Access Management Technique Scores T1078.001 Default Accounts
PUR-PAM-E5 Privileged Access Management Technique Scores T1078 Valid Accounts
PUR-PAM-E5 Privileged Access Management Technique Scores T1133 External Remote Services
PUR-PAM-E5 Privileged Access Management Technique Scores T1213 Data from Information Repositories
PUR-PAM-E5 Privileged Access Management Technique Scores T1213.002 Sharepoint
PUR-PAM-E5 Privileged Access Management Technique Scores T1530 Data from Cloud Storage
PUR-PAM-E5 Privileged Access Management Technique Scores T1059 Command and Scripting Interpreter
PUR-PAM-E5 Privileged Access Management Technique Scores T1059.009 Cloud API
PUR-PAM-E5 Privileged Access Management Technique Scores T1651 Cloud Administration Command
PUR-PAM-E5 Privileged Access Management Technique Scores T1098.001 Additional Cloud Credentials
PUR-PAM-E5 Privileged Access Management Technique Scores T1098.003 Additional Cloud Roles
PUR-PAM-E5 Privileged Access Management Technique Scores T1098 Account Manipulation

Capabilities

Capability ID Capability Name Number of Mappings
PUR-IP-E5 Information Protection 12
PUR-AS-E5 Audit Solutions 29
PUR-PAM-E5 Privileged Access Management 13