Forum Discussion
ajeeshneelamkavil
Jun 23, 2021Copper Contributor
MS Defender ATP and Antivirus Rules with MITRE mapping
Team,
We are working on building certain correlation threat use case for Endpoints and cloud instances running with Defender and would like to know the list of rules in Defender with the MITRE Tactics and Techniques mappings.
- pvanberloSteel ContributorI’ve not seen this before, so not sure if this is available in an easy to consume list somewhere. Perhaps someone else knows.
- TiennesBrass Contributor
Morning,
As akudrati already stated; Azure is supporting MITRE ATT&CK mapping. You can connect the Microsoft Defender for Endpoint (and also the other products like MDI, Def4O365, etc.) to Sentinel via the native built-in Data Connectors in Microsoft Sentinel.
Furthermore, Microsoft Defender is also doing a mapping to the MITRE ATT&CK table. When you click on an alert, on the right side of the screen a blade comes in, and in the alert details section you see MITRE ATT&CK Techniques and below that the mapped technique.